[Resolved] Session Side-effect revisited

adavis

Okay, I've searched here and on php.net and read several of the post on this issue and am still not clear as to what I need to do. I just had my sysadmin upgrade me to the latest and "greatest" versions of PHP and mySQL. Now, I'm getting the infamous warning:

Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

Here's my offending script:

<?php
session_start();
header("Cache-control: private"); 
include("connectdb.php");
$locksql = "LOCK TABLES users READ";
$lockreq = mysql_query($locksql) or die("Couldn't execute lock: $locksql\n");
$userADS = addslashes($_POST['user']); 
if (isset($_POST['user']) AND isset($_POST['pass'])) {
  $passwd = md5($_POST['pass']);
  $sql = "SELECT * FROM users WHERE username='".$userADS."' AND password='".$passwd."' LIMIT 1";
} else {
  include("index.php");
}
$result = mysql_query($sql,$dblink) or die("Couldn't execute query<br>$sql\n");
$numrows = 0;
while ($row = mysql_fetch_array($result)) { 
  $numrows++;
  $_SESSION['id']    = $row['id'];
  $_SESSION['user']  = $row['username'];
  $_SESSION['pass']  = $row['password'];
  $_SESSION['name']  = $row['firstname']." ".$row['lastname'];
  $_SESSION['email'] = $row['email'];
  $_SESSION['sch']   = $row['school'];
  $_SESSION['admin'] = $row['admin'];
  $_SESSION['memo']  = $row['memo'];
  $_SESSION['sport'] = $row['sports'];
  $_SESSION['lunch'] = $row['lunch'];
  $_SESSION['page']  = $row['page'];
  $_SESSION['Llog']  = $row['last_login'];
  $_SESSION['login'] = "YES";
  $_SESSION['error'] = "";
  $_SESSION['addr']  = md5($_SERVER['REMOTE_ADDR']);
  include("GETbrowser.inc");
  $_SESSION['browse'] = $Browser.":".$OS;
}
$locksql = "UNLOCK TABLES";
$lockreq = mysql_query($locksql) or die("Couldn't execute unlock: $locksql\n");
mysql_close ($dblink);
if ($numrows > 0) {
  include("welcome.php");
} else {
  $error = "<p class=\"error\">Invalid User Name or Password.<br />Please try again.</p>\n";
  include("index.php");
}
?>

I've looked at it until I've gotten a migraine. Can anyone give me any ideas how to "fix" this? This message will really confuse my teachers so I need to get it off if I can.

adavis

As far as this goes:

You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

I have to jump through major hoops to get anything changed on the server, so if there's anyway of doing this without asking the sysadmin to do something, I'd rather. It got kind of ugly when they upgraded. They said they'd done it weeks before, but when I checked, they hadn't and I cc:ed the president of the school when I informed them that it still hadn't been changed and they got kind of ticked at me, so I'd better lay low for a while.😃

adavis

Why can I not figure this out. When I go to php.net, I find tons of references to REGISTER_GLOBALS set to on, but nothing explaining what to do when they are set to off. I've spent hours yesterday and all morning trying to figure out what to do. I've read post after post on several different php forums. I've emailed support at php.net and still no answers as to how to fix this.

Surely someone knows what to do to keep REGISTER_GLOBALS set to off AND not have that WARNING message on your page.

adavis

okay, I got it fixed. All I did was add this just after the session start:

global $_SESSION;
global $_POST;

TikTokk

Congratulation adavis. Fixed your own problem and mine in one fell swoop.

Thanks.