1

Possible Duplicate:
PHP session side-effect warning with global variables as a source of data

I have a problem with a login script that im using. problem is with some of the hosting providers after login the session is not registering. and in php error logs i can see this error

PHP Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0

but in most of the hosting's like bluehost, hostmonster it works fine without any error. can someone point me out what is the wrong thing im doing here? thank you in advanced.

Code:

<?
session_start();
ob_start();
?>

        <?php
        $err=isset($_GET['error'])?$_GET['error']:""; 
        if($err=='error'){?>
        <div class="errormsgbox">Wrong Username or Password. Please try again.</div>    
        <?php }

        if(!isset($_SESSION['adminuser'])){
        if($_SERVER["REQUEST_METHOD"] == "POST")
        {
        // username and password sent from Form
        $adminuser=mysql_real_escape_string($_POST['adminuser']); 
        $adminpassword=mysql_real_escape_string($_POST['adminpassword']); 
        $gpassword=md5($adminpassword); // Encrypted Password
        $sql="SELECT id FROM admin WHERE adminuser='$adminuser' and adminpassword='$gpassword'";
        $result=mysql_query($sql);
        $count=mysql_num_rows($result);

        // If result matched $username and $password, table row must be 1 row
        if($count==1)
        {

        session_register("adminuser");

        header("location:index.php");
        }
        else
        {
        header("location:login.php?error=error");

        }
        }
        ob_end_flush();

        ?>
    <form action="login.php" method="post">
    <div class="login_input">
    <label class="loginlbl"  for="adminuser">UserName :</label>
    <input type="text" name="adminuser"/>
    </div>
    <div class="login_input">
    <label class="loginlbl"  for="adminpassword">Password :</label>
    <input type="password" name="adminpassword"/>
    </div>
    <div class="login_submit">
    <input type="submit" id="submit" value=" Login to Admin Contol Panel"/>
    </div>
    </form>
    <?php }else{
    header("location:index.php");
    }
    ?>
Improve this question
3

5 Answers 5

Reset to default
3

The use of session_register is deprecated as says in PHP:SESSION_REGISTER

You should use:

//session_register("adminuser"); //deprecated
$_SESSION["adminuser"] = $adminuser;
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

The manual on session_register:

This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.

Just use $_SESSION['adminuser'] as you would use any other variable instead.

Improve this answer

Comments

3

Try replacing <? with <?php - it may be your hoster disabled so called short-tags, therefore that part is never executed. It's basically good habit to never use short tags

EDIT

You can disable this warning by adding this:

ini_set('session.bug_compat_warn', 0);
ini_set('session.bug_compat_42', 0);

or fix your code to not use the same name script variable and session key, i.e. this would trigger this warning:

$_SESSION['foo'] = false;
$foo = 0;

a heritage from PHP4 ages...

Improve this answer

2 Comments

Also remove the useless ?> <?php from lines 4-6 as you're just introducing whitespace that will cause errors if any of your code needs to modify headers.
Correct. Using ?> should be limited to the case where you know you need to close PHP block by hand. Otherwise left it open as will be automatically closed by the end of file
1

The problem is that you have a variable that has the same name like a normal variable.

$_SESSION['yourvar'] = null;
$yourvar = 'something';

PHP session side-effect warning with global variables as a source of data

And:

session_register is deprecated use $_SESSION['yourvar'] instead. The function session register causes the error.

Improve this answer

Comments

0

Not the answer, but a warning that won't fit in a comment:

You're doing the password processing backwards. You're escaping, THEN md5-ing. This is incorrect. Consider a simple password:

o'brien

which gets escaped to

o\'brien

and then md5'd. That backslash will become PART of the hash value:

o'brien -> 255740509ca6c0e7d86c88fc4d8ddf9d
o\'brien -> afd5c6601a6df7e48d0ce5584b10bf12

note that the hash values are utterly different. This could turn around and bite you if you're comparing hashed values elsewhere and forget the escaping stage.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.