Some guidance..

kcgame

Hi,
Currently learning how to utilize sessions to do my programming, but before that can i pls clarify the following doubts;

Do i need to turn the option, register_globals to ON if i'm using $HTTP_VARS_POST to get data from a form?
Sessions can only work for cookies-enabled terminals, correct? I thought i've read somewhere that some modifications can be done to make it workable even in cookies-not-enabled terminals(via SID or whatever??).
I'm currently designing an online text-based game with PHP and MySQL. In order to track the users from page to page, my only choice are sessions, isn't it?
Do i need to grant the players any privileges (other than log-in with their UserID and Password) in order for them to change/update the database on those PHP programmed web pages?

These questions have been in my mind for quite some time. Please feel free to comment/advice. Thanks.

Merve

1) $HTTP_POST_VARS isn't used anymore. Use $_POST instead, and you don't need to turn on register_globals.

2) I don't know.

3) I believe you can also use regular cookies.

4) No (if I understand your question correctly).

kcgame

Originally posted by Merve
1) $HTTP_POST_VARS isn't used anymore. Use $_POST instead, and you don't need to turn on register_globals.

Does it means that if i upload a script with $HTTP_POST_VARS, it will not work? Or both can work but $_POST is a better version of it?

planetsim

Depends on your PHP Version $HTTP_POST_VARS was removed and $_POST replaced it im not sure from which version $HTTP_POST_VARS doesnt work (its mainly for backward capability for 4.1 >) However im more than sure PHP 5 doesnt support it.

rehfeld

actually php5 does support it, but its a setting in php.ini

i think it defaults to off.
still, like said above, use _POST

$HTT*VARS are deprecated. plus they are not superglobals like POST GET etc...which means more effort to use them inside of functions.

in regards to question #2

with default settings, yes sessions require cookies. there is a setting in php.ini that you can enabled though. it will make php add the session id to your html links, form action= etc... all automatically for you. it will only do this if the user has cookies enabled. in otherwords, it stil tries to use cookies, but if it cant, then it will use the url.

session.use_trans_sid = On

btw- if you ever need to change a setting and dont have access to php.ini, you can usually use ini_set()

some settings cant be changed that way though, including trans_sid

you can set it using a .htaccess file though

php_flag session.use_trans_sid On

http://www.php.net/manual/en/configuration.changes.php

be aware passing the session id through the urls can be dangerous. if one of your visitors decides to cut and paste a url to a message board like here or whatever, anyone who clicks the link will hijack thier session. so use that feature carefully.

kcgame

Thanks for the valuable info🙂

One question, i'm currently using $session['name'] and $session['pswd'] to track my user's info after he logs in. Lets say if a new user, lets name him User2, logs in and is assigned to different session variables.

Here is my doubt; what happen to User 2's session variable if the first user click his log out button? I've programmed the log out button to destroy the sessions(via session_destroy()). Will the sessions of User 2 remain intact? Or destroy along with the first??😕

planetsim

as long as your using $_SESSION along with session_start(); destroy user 1, user 2 will be intact.