You are here: Re: [PHP] sessions « PHP « IT news, forums, messages
Re: [PHP] sessions

Posted by "Richard Lynch" on 10/08/05 00:08

On Wed, October 5, 2005 10:17 am, blackwater dev wrote:
> I have an old site which uses this code on login:
>
> //it does a query then
> if ($affected_rows>0){
> session_start(mysite);
> session_register('admin');
> $wardadmin = yes;
> header("location: admin.php");
> }
>
> and in the top of admin.php:
>
> session_start(mysite);
> if (@$admin != "yes")
> {
> header("location: login.php");
> exit;
> }
>
> The host recently upgraded to php 4.4 and now the login doesn't work.
> I do notice when I login that the page goes to admin the right back to
> login. Why doesn't admin see the session var?

Not sure specifically what broke in 4.4 for you, but here some things
that are "wrong" in your code...

1. Technically, it's Location with a capital L, I think.

2. Technically, you should provide a FULL URL to Location:

3. @$admin is suppressing an error message. What's the error message?

4. If you're not checking that 'admin' comes from $_SESSION, anybody
from can surf to: admin.php?admin=yes

5. You are relying on "register_globals" being "on" and you shouldn't.
http://php.net/register_globals might tell you more

6. You session_register('admin') but you change $wardadmin They
should all match.

Methinks maybe it's time for you to re-write this code :-)

--
Like Music?
http://l-i-e.com/artists.htm

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация