register_globals

slimjim

Why is this works on one server and not on another ?
Is it because register globals are on in the one that works and off on the other ?
Because I keep getting the _fatal error on the server that has register globals off.
Or is that my problem at all...

  if(isset($sc)) parse_str(base64_decode($sc));
  else setcookie("sc","");
  $pms=base64_encode("login=".$login."&"."pswd=".$pswd);

  if($login==$ADMIN_LOGIN && $pswd==$ADMIN_PSWD){
    $root=1;
    setcookie ("sc",$pms);
  }
  else{
     _fatal("Access denied!","You don't have access to view this page!");
  }

thorpe

depends. where do you define $sc?

slimjim

What that code does if not loged in with cookie, then set sc to nothing, else if the logn and pswd is same as in conf file and post from form then set cookie sc to pms

bradgrafelman

Yes, you're depending on register_globals being set to ON, automatically registering your POST'd elements as variables. This is a security risk, and bad coding, so you should never code using register_globals and, in fact, should take steps to ensure it is disabled.

Whichever variables are POST'd elements (i.e. elements in the HTML form), reference them using the $POST superglobal, i.e. $pass becomes $POST['pass'] and so on.

EDIT: For more information about these superglobals I'm speaking of visit this man page: [man]reserved.variables[/man] (specific link for the $_POST superglobal: [man]reserved.variables#reserved.variables.post[/man]).