Jump to content

Session Variable


Manny
 Share

Recommended Posts

I have a login form which if the user successfully logs in, their username is stored in a session variable.Now, while this form works, it fills up my error log with this message each time a user logs in:

PHP Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0
I've searched the web and some people tell me to go into the php.ini file and change the settings to this:
session.bug_compat_42 = 1session.bug_compat_warn = 0

I've also tried setting both values to 0, but still the error keeps posting in the log.Here is the code, what changes should I make to stop the error from appearing:

<? include '//database connect'; // username and password sent from form$username = $_SESSION['username']=$_POST['username'];$password = $_POST['password'];// To protect MySQL injection (more detail about MySQL injection)$username = stripslashes($username);$password = stripslashes($password);$username = mysql_real_escape_string($username);$password = mysql_real_escape_string($password);$encrypt_password=md5($password);$dbname="//database";$dbselectok = mysql_select_db($dbname,$connection) or die("Unfortunately, a database connection could not be made.");$sql="SELECT * FROM //table WHERE Username='$username' AND Password='$encrypt_password'";$result=mysql_query($sql);// Mysql_num_row is counting table row$count=mysql_num_rows($result);// If result matched $myusername and $mypassword, table row must be 1 rowif($count==1){// Register $myusername, $mypassword and redirect to file "login_success.php"session_register("username");header("location://successful login");}else {header("location://failed login");}?>

Link to comment
Share on other sites

As far as I can tell, that gets triggered when you have a session variable, form (post or get) variable, and PHP variable all with the same name. So this line:$username = $_SESSION['username']=$_POST['username'];is using the three variables called "username". See if mixing the names up makes that notice go away. e.g.:$uname = $_SESSION['username']=$_POST['username'];$uname = stripslashes($uname);...

Link to comment
Share on other sites

Here's some more info.Yes the variables were all different. I also tried changing the original variable to the following, taking out the other two occurances:

$username = mysql_real_escape_string(stripslashes($_SESSION['username']=$_POST['username']));

Here is the page it redirects to if this means anything:

<? include '//Database connect';session_start();$usersname=$_SESSION['username'];?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Prediction League | <? include '//Title'; ?></title><? include '//metatext'; print"\n" ?><meta name="description" content="Play against other members, predict the score and win prizes." /><? include '//keywords'; ?> Prediction League" /><link rel="stylesheet" type="text/css" media="screen,projection,print" href="/styles/main.css" /><? include '//bodyheader'; ?>	</div><? include '//navigation'; ?><div class="title_strip">PREDICTION LEAGUE</div><div id="contentbody"><span class="c2"><? if(!session_is_registered(username)){	include '//logged out nav';}else{include '//logged in nav';}?></span><div class="title_strip_small">WELCOME</div><div id="top10" align="right"><table width="95%" style="font-size: 10px;" align="left"><tr><th align="right" width="10%">Pos</th><th align="left" width="70%">User</th><th align="right" width="20%">Pts</th></tr><?$dbname="//database";$dbselectok = mysql_select_db($dbname,$connection) or die("Unfortunately, a database connection could not be made.");$sqlstatement = "SELECT UserID, Username, Points FROM `//table` LIMIT 10";$sql_result = mysql_query($sqlstatement,$connection) or die("Unfortunately, your request could not be completed.");while ($row = mysql_fetch_array($sql_result)){$id = $row["UserID"];$username = $row["Username"];$pts = $row["Points"];$pos++;print "<tr><td align=\"right\">$pos</td><td align=\"left\"><a href=\"./members/history.php?id=$id\">$username</a></td><td align=\"right\">$pts</td></tr>";}?><tr><td colspan="3" align="right"><a href="./standings/"><b>View Full Standings</b></a></td></tr></table></div><span class="c2"><? if(!session_is_registered(username)){	print "Welcome to the home page of our exclusive 2009/10 Prediction League.<br /><br />Over the course of the season, our members will be predicting the results of every Bolton Wanderers game and the winner will be whoever accumulates the most points at the end of the campaign.<br /><br />Entry is <b>FREE</b> and the deadline for new member registrations is <b>Friday 14th August 2009</b>. So, what are you waiting for? <a href=\"./register/\">Sign-up</a> and get involved now!";}else{print "Welcome to your account home page. To make your prediction on the next match, click the \"My Predictions\" link at the top of the screen.<br /><br />More news will appear here as the season progresses.";}?></span>  </div>	  <div id="rightad">	  <? include '//adverts'; ?>	  </div>	  <div class="footer">	  <? include '//footer'; ?>	  </div></div></body></html><? include '//database disconnect'; ?>

Link to comment
Share on other sites

It might be because you're using session_register. That's no longer the preferred way to use the session, you can just assign values directly to it:$_SESSION['username'] = 'test';and instead of using session_is_registered, use isset:if (isset($_SESSION['username']))

Link to comment
Share on other sites

Could you please explain with some code? I have changed from session_is_registered to isset on the page my users are directed to. Still, everything works, but the error still pops up in the log.Here is the link:http://www.burndenaces.co.uk/games/predictionleague/Where you see the links "Login, Register" etc, once logged in, this should change to "Welcome "$username" links...".Can I change session_register to anything else and have the script still work?

Link to comment
Share on other sites

I've changed:

session_register("username");

To this:

session_start();  if(isset($_SESSION['username']))	$_SESSION['username'] = $_SESSION['username'];else	$_SESSION['username'] = "$username";

And on the redirected page, I have replaced:

if(session_is_registered(username))

With this:

if (isset($_SESSION['username']))

Is this what you meant? If so, then thanks a lot, the error log is empty. If this isn't what you meant, could you please post what you did mean so I can take a look.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...