Using session control with global variables of

mybikeisace

I am using php4s built in session functions to protect some pages. This script works fine with global variables turned on, but when they are trned off it alowes you to look at protected pages without being loged in as it uses a global varible.

Each protected page has the script:

session_start();
check_valid_user();

Whcih checks it against this script

function check_valid_user()
// see if somebody is logged in and notify them if not
{
  global $valid_user;
  if (session_is_registered("valid_user"))
  {
      echo "<font size='2'>Status: <font size='2' color='red'>Logged             in</font>";
      echo "<br>";

  }
  else
  {
  //they are not loged in

  }

Is there any way I can get around this, or do I need to using some different code?

(After trying it again it seems it lets you view a protected page without loggin in, regardless of the global variables settings)

bbaassiri

did u try sending valid_user to the function

Weedpacket

And consider using $_SESSION['valid_user'] and seeing if it isset()

PS: register_globals has nothing to do with global variables - what it does is it creates variables that reference the global $GET, $POST, $_SESSION etc. arrays.