Just for a simple example:
if you have a SESSION variable, for example after a login:
$user_level=1;
$userID=1;
register globals=ON has a security hole, if i pass a variable with an url (GET method)
admin.php?user_level=3&userID=2
Then the GET variables will available as a normal global variable too,
then
$user_level will be 3
$userID will be 2
If you make a restricted area for admins, using a GET variable i can edit my session variable to get right or have another primary ID..
if you start php with a version of 5 ,
you need to realize which program using php4 technique.
Lets read this document about the register_globals security:
http://hu2.php.net/manual/en/security.globals.php
-if you see that session_register() applied in a program, there is a chance that this program is outdate
-after a form submit, the form variables appears in your code as a normal variable:
if($submit)
{
form($PHP_SELF); // $PHP_SELF no longer available , you can read it from SERVER superglobals
do_check();
}
But in php5 and higher versions you should use the isset() function to know which variable has set. And these variables usually an undefined variables, error reporting is for your help to cache them:
Run this code on your top of your code while you're troubleshooting, never leave errors or warnings for your visitors:
error_reporting(E_ALL);
ini_set("display_errors", 1);
If register globals set as OFF, then Environment, GET, POST, Cookie, and Server variables can be found in the global associative arrays $ENV, $GET, $POST, $COOKIE, and $_SERVER.
If i forget something, then others on this forum willl help to understand this part.
hello, jjozsi.
