Jump to content

register_globals = On

doogie63

By doogie63
in PHP Coding Help

 Share

Recommended Posts

doogie63 Newbie

doogie63

Posted
Posted

I have script that I need register_globals = On

 

right now I have to put php.ini into root of my webpage on webhost.

but that means it turn on register_globals = On for whole site.

 

I have tried just putting php.ini into subdomain but does not work, well script does not work.

 

I have tried to put AddHandler application/x-httpd-php5s .php

into the .htaccess in subdomain but that does not work either, script stop working.

 

I can not get script to work if php.ini is in root of webpage webhost.

 

What I'm I doing wrong, thanks

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

A) You need to specifically troubleshoot why the script is not working (what is the current code and what are the symptoms)

 

B) If the problem is due to register_globals, you will need to redo the script so that is does not rely on register_globals.

 

Register_globals were turned off by default in php4.2 in the year 2002 (10 years ago), produces a depreciated error when turned on in php5.3, and have been completely removed in php5.4 (soon to be released.)

 

Your time would be better spent updating the script, rather than trying to turn on register_globals (we cannot actually help you with the settings since we don't know what requirements your web host has that would allow a local php.ini to only affect the folder where your sub-domain files are located.)

Link to comment
Share on other sites
doogie63 Newbie

doogie63

Posted
  • Author
Posted

I did not write the script someone wrote it for me long time ago.

 

This is what script does

 

http://ass.ammotroops.com/view.php?action=view&form=0

http://ass.ammotroops.com/view.php?action=view&form=1

http://ass.ammotroops.com/view.php?action=view&form=3

http://ass.ammotroops.com/view.php?action=view&form=4

 

and

http://ass.ammotroops.com/guestbook1.php?a=B

 

What should I look for in script to change, Im a noob but willing to learn and try to figure it out.  Script also has admin where I click to post submit name, on the guestbook it send me email and I click link in email to update guestbook.

Thaks for anyhelp

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Register_globals magically populated php program variables (i.e. $some_variable_name) from the same name $_POST, $_GET, $_COOKIE, $_FILES, $_SESSION, and some $_SERVER variables. In the case of $_SESSION variables, setting a php variable with the same name as a session variable also back-populates the $_SESSION variable, which unfortunately means that a hacker (when register_globals are on) can set any of your session variables with any value he wants by supplying any of same name post,get,cookie,... variables when he requests your page (a lot of web sites have been taken over because this allows session based security to be bypassed, mainly when included files are directly requested.)

 

To convert your code, you generally need to do two things -

 

1) Any php program variable that is actually coming from one of the $_XXXXX sources that I listed needs to be changed to that actual $_XXXXX source. The most straightforward method would be to add an assignment statement from the correct $_XXXXX source to the php program variable, for example: $some_variable_name = $_POST['some_variable_name'];

 

2) Any use of session_register(), session_is_registered(), and session_unregister() must be changed to set/unset or reference the correct $_SESSION variable instead, along with adding a session_start statement before anything is output on any page that sets or references a $_SESSION variable.

 

Identifying the correct $_XXXXX source is the hard part of doing this, because you must have and be familiar with all the source code so that you can track down where and how a page gets requested so that you can determine where each variable name is actually getting set from (this is also why writing code using register_globals actually took more time and effort because in large applications you needed to make sure you weren't reusing variable names and then the time needed to troubleshoot unexplained variable problems when you did reuse a name.)

 

If you set php's error_reporting to E_ALL (or even better a -1) and display_errors to ON in your master php.ini on a development system, php will at least help you find variables that are no longer being magically set by register_globals (they will produce undefined variable error messages when they are referenced.)

Link to comment
Share on other sites
doogie63 Newbie

doogie63

Posted
  • Author
Posted

I did not change my php.ini file yet with error info

I did delete my php.ini file to try to break script again so I could read error.log

 

I went to my cpanel and click error log but nothing came up about error for my php.view

 

When I know goto url I just get blank page since global is turn off.

Link to comment
Share on other sites
doogie63 Newbie

doogie63

Posted
  • Author
Posted

here is the view.php of my script could you give me hint or clue what to look for? Do you need the config.php? It really only has info to dbase.

 

<?php
require('./config.php');

               $conn = mysql_connect( $dbhost, $dbuser, $dbpass );
                mysql_select_db($dbname,$conn);	

if($action=="post"){

	if ($assname=="" || $asslocation=="" || $asscontent=="" || $name=="" || $email=="" || !isValidEmail($email)){
		$msg1 = <<<ENDH
		<div align="center">
		  <center>
		  <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="373" height="30">
		    <tr>
		      <td width="373" height="11" bgcolor="#0000FF">
		      <p align="center"><b><font color="#FFFFFF">Invalid Info</font></b></td>
		    </tr>
		    <tr>
		      <td width="373" height="15" bgcolor="#FFFFFF">
		      <p align="center"><Font color=red>You have entered invalid information</font></td>
		    </tr>
		  </table>
       			   <br><p align="center">Press the back button to correct your information</p>
		  </center>
		</div>
ENDH;
		printContent($msg1);
	}
	else {
		$table_db = $ASS[$form];
                $d = getdate (time());
                $myDate= $d["year"]."-".$d["mon"]."-".$d["mday"];
 	        $sql_query = "INSERT INTO $table_db (name, email, assname, asslocation, asscontent, publish, id, date) VALUES ('$name', '$email', '$assname', '$asslocation', '$asscontent', 'N', '', '$myDate')";
                $gholi= mysql_query( $sql_query , $conn );
		$msg1 = <<<ENDH
		<div align="center">
		  <center>
		  <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="373" height="30">
		    <tr>
		      <td width="373" height="11" bgcolor="#0000FF">
		      <p align="center"><b><font color="#FFFFFF">Submission Information</font></b></td>
		    </tr>
		    <tr>
		      <td width="373" height="15" bgcolor="#FFFFFF">
		      <p align="center"><Font color=green>Thankyou For your submission</font></td>
		    </tr>
		  </table>
       			   <br><p align="center">Click here <a href="http://www.ammotroops.com/">Ammotroops</a> to go to main page</p>

		  </center>
		</div>
ENDH;
		printContent($msg1);
	}
}
else if($action=="view"){
	if($start=="" || $start < 0){
		$start=0;
	}
	$max=$default_max;

	if(($start % $max) != 0){
		header("Location:$home/$view?action=view&start=0&form=$form");
	}
	if($pg==""){
		$pg=1;
	}
	$num_cat = count($ASS);
	if($form >= $num_cat || $form < 0 || $form=="" ){
	        header ("Location: $home");
        		exit;
	}
	$table_db = $ASS[$form];
	$num_rows =  mysql_num_rows(mysql_query("SELECT * FROM $table_db where publish=\"Y\""));
	$remainder = ($num_rows % $max);
	if(($start+$max) > ($num_rows + ($max - $remainder))){
		$start=0;
		$max = $default_max;
	}
	head($form,$Title,$formpg);		
                $sql_select_query = "SELECT * FROM $table_db WHERE publish=\"Y\" ORDER BY date DESC LIMIT $start,$max";
                //echo $sql_select_query;
                $select_info = mysql_query( $sql_select_query , $conn );
                while( $theRow = mysql_fetch_row( $select_info )){
		echo "<tr><td align=center width=\"200\" height=\"1\">$theRow[7]</td><td width=\"371\" height=\"24\" rowspan=\"4\">$theRow[4]</td></tr>";
                        echo "<tr><td align=center width=\"200\" height=\"1\">$theRow[2]</td></tr>";
                        echo "<tr><td align=center width=\"200\" height=\"1\">$theRow[3]</td></tr><tr><td height=100%> </td></tr>";
                        echo "</tr><tr><td width=\"555\" height=\"1\" colspan=\"2\" bgcolor=\"#E2E1D1\"> </td></tr>";
                }
	echo "</table></div>"; 
                $num_rows =  mysql_num_rows(mysql_query("SELECT * FROM $table_db where publish=\"Y\""));
	echo "Page: ";
		$remainder = ($num_rows % $max);
		$num_pg = (int)($num_rows / $max);
		if($remainder > 0) $num_pg = $num_pg+1;
		for ($i=0; $i< $num_pg; $i++) {
			$startVal = $i * $max;
			$page = $i+1;
			echo "\n<a href=$view?action=view&start=$startVal&max=$max&form=$form>$page</a> ";
		}
	mysql_close ($conn);
	foot();
}



function isValidEmail($email){
if( strstr($email,'@') ) {
	return true;
}
else{
	return false;
}
}
function foot(){
$foot = <<<ENDH
</center>
</body>
</html>
ENDH;
echo $foot;
}

function head($form,$Title,$formpg){
$head = <<<ENDH
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Author" content="doogie">
<meta name="keywords" content="ammo, newgroups, binnews, ammo bowl, iyaayas, doogie, air force, ammo ass award,
ammo dumb ass, ammo ace, ammo base">
<title>Ammo Ass www.AmmoTroops.com</title>
</head>

<body background="http://ass.ammotroops.com/froncoin4.jpg">
<center><a href="http://www.ammotroops.com">www.AmmoTroops.com</a>
<div width="600">
<table align=center><tr><td align=center><b><font color="#FF0000"><font size="+3">$Title[$form] AWARD</font></font></b></td></tr>
<tr><td align=center><a href=$formpg?form=$form>$Title[$form] Form</a></td></tr><tr><td> <br><br></td></tr></table>
<table BORDER="1" COLS="2" WIDTH="577">
        <tr>
                <td width="131" height="19" bgcolor="#E2E1D1"><center>
                <p><b>Date</b></p>
	         </center></td>
                <td width="424" height="31" bgcolor="#E2E1D1" rowspan="3" valign="middle">
        	<p align="center"><b>Why</b></td>
        	</tr>
        	<tr>
        	        <td width="134" height="12" bgcolor="#E2E1D1">
        	<p align="center"><b>Name</b></td>
        	</tr>
        	<tr>
        	        <td width="134" height="1" bgcolor="#E2E1D1">
        	<p align="center"><b>Location</b></td>
        	        </tr>
ENDH;
echo $head;
}


function printContent($content){
$html = <<<ENDH
<html>
<head>
<title>Ammo TRoops</title>
</head>
<body background="http://ass.ammotroops.com/froncoin4.jpg">
	$content
</body></html>
ENDH;
echo $html;
}

?>

Link to comment
Share on other sites
jcbones Newbie

jcbones

Posted
Posted

Try this, and lets see where we stand.

<?php
error_reporting(-1);
ini_set('display_errors',1);
require('./config.php');

               $conn = mysql_connect( $dbhost, $dbuser, $dbpass );
                mysql_select_db($dbname,$conn);	
$action = $_GET['action']; //get action from the URI query string.
$assname = $_POST['assname'];
$asslocation = $_POST['asslocation'];
$asscontent = $_POST['asscontent'];
$name = $_POST['name'];
$email = $_POST['email'];
$form = (int)$_GET['form']; //get form from the URI query string.
if($action=="post"){		
	if ($assname=="" || $asslocation=="" || $asscontent=="" || $name=="" || $email=="" || !isValidEmail($email)){
		$msg1 = <<<ENDH
		<div align="center">
		  <center>
		  <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="373" height="30">
		    <tr>
		      <td width="373" height="11" bgcolor="#0000FF">
		      <p align="center"><b><font color="#FFFFFF">Invalid Info</font></b></td>
		    </tr>
		    <tr>
		      <td width="373" height="15" bgcolor="#FFFFFF">
		      <p align="center"><Font color=red>You have entered invalid information</font></td>
		    </tr>
		  </table>
       			   <br><p align="center">Press the back button to correct your information</p>
		  </center>
		</div>
ENDH;
		printContent($msg1);
	}
	else {
		$table_db = $ASS[$form];
                $d = getdate (time());
                $myDate= $d["year"]."-".$d["mon"]."-".$d["mday"];
 	        $sql_query = "INSERT INTO $table_db (name, email, assname, asslocation, asscontent, publish, id, date) VALUES ('$name', '$email', '$assname', '$asslocation', '$asscontent', 'N', '', '$myDate')";
                $gholi= mysql_query( $sql_query , $conn );
		$msg1 = <<<ENDH
		<div align="center">
		  <center>
		  <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="373" height="30">
		    <tr>
		      <td width="373" height="11" bgcolor="#0000FF">
		      <p align="center"><b><font color="#FFFFFF">Submission Information</font></b></td>
		    </tr>
		    <tr>
		      <td width="373" height="15" bgcolor="#FFFFFF">
		      <p align="center"><Font color=green>Thankyou For your submission</font></td>
		    </tr>
		  </table>
       			   <br><p align="center">Click here <a href="http://www.ammotroops.com/">Ammotroops</a> to go to main page</p>

		  </center>
		</div>
ENDH;
		printContent($msg1);
	}
}
else if($action=="view"){
	if($start=="" || $start < 0){
		$start=0;
	} else {
		$start = (int)$_GET['start']; //get the start from the URI query string.
	}
	$max=$default_max;

	if(($start % $max) != 0){
		header("Location:$home/$view?action=view&start=0&form=$form");
	}
	if($pg==""){
		$pg=1;
	}
	$num_cat = count($ASS);
	if($form >= $num_cat || $form < 0 || $form=="" ){
	        header ("Location: $home");
        		exit;
	}
	$table_db = $ASS[$form];
	$num_rows =  mysql_num_rows(mysql_query("SELECT * FROM $table_db where publish=\"Y\""));
	$remainder = ($num_rows % $max);
	if(($start+$max) > ($num_rows + ($max - $remainder))){
		$start=0;
		$max = $default_max;
	}
	head($form,$Title,$formpg);		
                $sql_select_query = "SELECT * FROM $table_db WHERE publish=\"Y\" ORDER BY date DESC LIMIT $start,$max";
                //echo $sql_select_query;
                $select_info = mysql_query( $sql_select_query , $conn );
                while( $theRow = mysql_fetch_row( $select_info )){
		echo "<tr><td align=center width=\"200\" height=\"1\">$theRow[7]</td><td width=\"371\" height=\"24\" rowspan=\"4\">$theRow[4]</td></tr>";
                        echo "<tr><td align=center width=\"200\" height=\"1\">$theRow[2]</td></tr>";
                        echo "<tr><td align=center width=\"200\" height=\"1\">$theRow[3]</td></tr><tr><td height=100%> </td></tr>";
                        echo "</tr><tr><td width=\"555\" height=\"1\" colspan=\"2\" bgcolor=\"#E2E1D1\"> </td></tr>";
                }
	echo "</table></div>"; 
                $num_rows =  mysql_num_rows(mysql_query("SELECT * FROM $table_db where publish=\"Y\""));
	echo "Page: ";
		$remainder = ($num_rows % $max);
		$num_pg = (int)($num_rows / $max);
		if($remainder > 0) $num_pg = $num_pg+1;
		for ($i=0; $i< $num_pg; $i++) {
			$startVal = $i * $max;
			$page = $i+1;
			echo "\n<a href=$view?action=view&start=$startVal&max=$max&form=$form>$page</a> ";
		}
	mysql_close ($conn);
	foot();
}



function isValidEmail($email){
if( strstr($email,'@') ) {
	return true;
}
else{
	return false;
}
}
function foot(){
$foot = <<<ENDH
</center>
</body>
</html>
ENDH;
echo $foot;
}

function head($form,$Title,$formpg){
$head = <<<ENDH
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Author" content="doogie">
<meta name="keywords" content="ammo, newgroups, binnews, ammo bowl, iyaayas, doogie, air force, ammo ass award,
ammo dumb ass, ammo ace, ammo base">
<title>Ammo Ass www.AmmoTroops.com</title>
</head>

<body background="http://ass.ammotroops.com/froncoin4.jpg">
<center><a href="http://www.ammotroops.com">www.AmmoTroops.com</a>
<div width="600">
<table align=center><tr><td align=center><b><font color="#FF0000"><font size="+3">$Title[$form] AWARD</font></font></b></td></tr>
<tr><td align=center><a href=$formpg?form=$form>$Title[$form] Form</a></td></tr><tr><td> <br><br></td></tr></table>
<table BORDER="1" COLS="2" WIDTH="577">
        <tr>
                <td width="131" height="19" bgcolor="#E2E1D1"><center>
                <p><b>Date</b></p>
	         </center></td>
                <td width="424" height="31" bgcolor="#E2E1D1" rowspan="3" valign="middle">
        	<p align="center"><b>Why</b></td>
        	</tr>
        	<tr>
        	        <td width="134" height="12" bgcolor="#E2E1D1">
        	<p align="center"><b>Name</b></td>
        	</tr>
        	<tr>
        	        <td width="134" height="1" bgcolor="#E2E1D1">
        	<p align="center"><b>Location</b></td>
        	        </tr>
ENDH;
echo $head;
}


function printContent($content){
$html = <<<ENDH
<html>
<head>
<title>Ammo TRoops</title>
</head>
<body background="http://ass.ammotroops.com/froncoin4.jpg">
	$content
</body></html>
ENDH;
echo $html;
}

?>

Link to comment
Share on other sites
doogie63 Newbie

doogie63

Posted
  • Author
Posted

ran your script and this is what I get for webpage

Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home2/ammotro1/public_html/ass/test.php on line 34

 

 

 

this is line 34

$myDate= $d["year"]."-".$d["mon"]."-".$d["mday"];

Link to comment
Share on other sites
jcbones Newbie

jcbones

Posted
Posted

Instead of using

$d = getdate (time());
$myDate= $d["year"]."-".$d["mon"]."-".$d["mday"];

 

I would use:

$myDate = date('Y-m-d');

 

Or, if the MySQL column is of type "date", I would skip all of that and do it there.

$sql_query = "INSERT INTO $table_db (name, email, assname, asslocation, asscontent, publish, id, date) VALUES ('$name', '$email', '$assname', '$asslocation', '$asscontent', 'N', '', CURDATE())";

 

That is on the other side of the question though.  I see no obvious errors in the code as it is written, and I get no parse errors on the script.  Is this script included in another?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.