|
Posted by "Richard Lynch" on 10/08/05 00:08
On Wed, October 5, 2005 10:17 am, blackwater dev wrote:
> I have an old site which uses this code on login:
>
> //it does a query then
> if ($affected_rows>0){
> session_start(mysite);
> session_register('admin');
> $wardadmin = yes;
> header("location: admin.php");
> }
>
> and in the top of admin.php:
>
> session_start(mysite);
> if (@$admin != "yes")
> {
> header("location: login.php");
> exit;
> }
>
> The host recently upgraded to php 4.4 and now the login doesn't work.
> I do notice when I login that the page goes to admin the right back to
> login. Why doesn't admin see the session var?
Not sure specifically what broke in 4.4 for you, but here some things
that are "wrong" in your code...
1. Technically, it's Location with a capital L, I think.
2. Technically, you should provide a FULL URL to Location:
3. @$admin is suppressing an error message. What's the error message?
4. If you're not checking that 'admin' comes from $_SESSION, anybody
from can surf to: admin.php?admin=yes
5. You are relying on "register_globals" being "on" and you shouldn't.
http://php.net/register_globals might tell you more
6. You session_register('admin') but you change $wardadmin They
should all match.
Methinks maybe it's time for you to re-write this code :-)
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|