How to remove register_globals dependency from my code?

Hi Breana.

What you need to do is find all variables in your scripts that belong to one of the super-globals and exchange them for their respective element in the super-global arrays.

If that doesn't make sense (which is likely given my lack of sleep lately) perhaps this will make more sence:

Lets say that you are accepting a user-name and a password from a HTML form. If your code assumes that the register_globals constant is enabled, it may look like this:
To free this code from it's dependency on register_globals, you could to this:
I've skipped all validation, as this is just an example, but in a live code you should validate the user input before printing it!

I am kind of lost, do i need to remove the session and "$_REQUEST['login']" too. I dont under stand this at all. I am trying to learn here but this is bizzar to me..

This is what i came up with hope i understood u :)
[PHP]<?
if(isset($_POST['formSubmit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "select * from users where login = '$login' and password = '" . sha1($password) . "'";
$result = mysql_query($sql ,$db);
if ($myrow = mysql_fetch_array($result)) {

do {

$uid = $myrow["userid"];
$uname = $myrow["login"];

} while ($myrow = mysql_fetch_array($result));

$loggedin = true;
$upwd = $password;
echo 'session_register("loggedin")';

session_register("upwd");
session_register("uid");
session_register("uname");
//Print the user
echo "<p align='center'><font size='2' face='Arial'><br />
<b>Welcome back</b>, You will be redirected in <font color='#FF0000'>3</font> seconds!<br />
<br />
<img src='images/ajax_loading.gif' alt='Loading' width='32' height='32' /><br />
<br />
Or <a href='index.php'>Click here</a> if you don't want to wait!</font></p>"
echo "Username: $username<br />Password: $password";
} else {
$loggedin = false;
$upwd = "";
$uid = "";
$uname = "";
echo "<img src='images/invalid.gif' width='402' height='107' /><br /><b><font color='#FF0000'>Sorry,</font></b> that ID or Password is not valid.<br /><br /><br />If you have forgotten your password <a href='forgot.php'>Reset Password</a>. <br />If you are a new user you will need to <a href='newuser.php'>Create A New Account!</a>";

}
?>[/PHP]

That code looks fine. Shouldn't have any problems with register_globals disabled.

The register_globals constant, when enabled, basically does exactly what this code does:
This basically takes all elements from those arrays and imports them into the global scope, making them available as regular variables rather than array elements.

For example:
Which is a very bad thing, as PHP is creating extra variables in the global scope that have not been verified and may never even be used.
Not to mention that if an element in one of the super-global arrays has the same name as an element in one of the other super-globals, only one of them can be extracted as a variable, which can easily cause problems.

So, by disabling the register_global directive, PHP will no longer creating these extra variables in the global scope, which makes your code more secure as well as boosting performance.

I've re-phrased the title of this thread to make it a little clearer.
Please do not use phrases like 'need help' in thread titles.
Check out the Posting guidelines for tips on how to create good thread titles.

Moderator

Nope... it dont work.
Wont validate the user... keeps saying badlogin on a good id + pass

I am just going to search for a pre made cheatcode cms and use it.
If anyone here knows of a good free one im me please. :(

Nope... it dont work.
Wont validate the user... keeps saying badlogin on a good id + pass

I am just going to search for a pre made cheatcode cms and use it.
If anyone here knows of a good free one im me please. :(

Sorry to hear that.
Before you give up on your script, did you echo the contents of the $_POST array? Was there any data?
This could be something simple as magic_quotes_gpc being enabled an adding extra quote marks to your variables.