[Wolves] Replacing globals on with off php

Wayne Morris waynelists at machx.co.uk
Tue Apr 5 18:22:28 UTC 2011 

Hi,

Cool, thanks for that, I'll have a play.

Cheers

Wayne


On 05/04/2011 19:12, David Goodwin wrote:
> Depending on where the data came from...
>
> $email = $_POST['email'];
> or
> $email = $_GET['email'];
> or even :
> $email = $_COOKIE['email'];
>
> Get rid of 'session_is_registered' and replace with if(isset($_SESSION['key'])) { ... }
>
> So, e.g. if you're able to make widespread changes, try the following.
> The main problem is I don't know where your getting variables from - it could be from a POST (form submission), the URL (GET) or the session or a cookie....
>
>
> session_start(); // put in some common include file; don't hide in a function.
> $ADMIN_USER = 'xxxx';
> $ADMIN_PASS = 'xxxx';
>
> $is_user = verifyUser($_POST['user'], $_POST['passwd']);
> $is_admin = verifyAdmin($_POST['user'], $_POST['passwd']);
>
> function verifyUser($user, $passwd) {
>      global $ADMIN_EMAIL;
>      $user = db_escape($user);
>      $passwd = db_escape($passwd)
>      $result = mysql_query('SELECT email,passwd FROM user WHERE email = '$email' and BINARY passwd='$passwd') or die("Ick...");
>         if(mysql_num_rows($result) == 1) {
>             $_SESSION['user'] = $user;
>             $_SESSION['passwd'] = $passwd;
>             return true;
>         }
>      }
> }
> function db_escape($string) {
>      if(get_magic_quotes_gpc()) {
>          $string = stripslashes($string);
>      }
>      return mysql_real_escape_string($string);
> }
>
>>     function verifyAdmin($user, $passwd)
>>     {
>>         global $ADMIN_NAME, $ADMIN_PASS;
>            return $user === $ADMIN_NAME&&  $passwd == $ADMIN_PASS;
>>     }
>
>
> thanks
> David.
>
> On 5 Apr 2011, at 18:56, Wayne Morris wrote:
>
>> Got an old bit of php (a classified ads site ) which I like but used 'register globals on' and I understand this is not a good idea.
>> So can someone give me a starter for ten to get rid of the globals bit (don't really understand how they worked anyway)  eg in this snippit which is for logon:
>>
>> function verifyUser()
>>     {
>>         global $ADMIN_EMAIL;
>>         session_start();
>>         global $email, $passwd;
>>         if( session_is_registered( "email" )&&  session_is_registered( "passwd" ) )
>>         {
>>             $result = mysql_query( "SELECT email, passwd FROM user WHERE email='$email' AND BINARY passwd='$passwd'" ) or error( "Login failed, please contact<a href=\"$ADMIN_EMAIL\">adminstrator</a>" );
>>             if( mysql_num_rows( $result ) == 1 ) return true;
>>         }
>>         return false;
>>     }
>>     function verifyAdmin()
>>     {
>>         session_start();
>>         global $ADMIN_NAME, $ADMIN_PASS, $adminPasswd, $adminName;
>>         if( session_is_registered( "adminName" )&&  session_is_registered( "adminPasswd" ) )
>>         {
>>             if( $adminName == $ADMIN_NAME&&  $adminPasswd == $ADMIN_PASS )
>>                 return true;
>>         }
>>         return false;
>>     }
>>
>> cheers
>>
>>
>>
>> _______________________________________________
>> Wolves LUG mailing list
>> Homepage: http://www.wolveslug.org.uk/
>> Mailing list: Wolves at mailman.lug.org.uk
>> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves
>
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves

More information about the Wolves mailing list