register_globals

delusion · #1 Jun 25th, 2007, 09:27

First off: I'm a designer, not much of a coder, so please, explain to me if you'd explain it to kids watching sesame street..

I'm creating a website for a client using an old CMS because all the CMS' built today are waaay to bulky. My client just needs his content to be editable. Like I said, I'm not a coder, so I can't create a CMS myself yet..

Here's the deal: I'm using a login-screen for the admin-section, which worked fine on my server, but doesn't on my clients. Now I found out that my test server has the register_globals set "on". The live server has it set to off..
Now, how do I get the following piece of code to work with the globals off?

Code: Select all

<?
require ("config.php");

if ($e ==  "1") {
echo "<p>Please Login</p>";
}
?>
<h3>Simple CMS Login</h3>
<p><img src='img/security.gif' title='please login'></p>
<form action="login.php" method="post" name="frm">
<table cellspacing="4" cellpadding="4" style="border-bottom-width: thin; border-left-width: thin; border-right-width: thin; border-top-width: thin; border-style: dotted; border-color: red;">
    <tr>
        <td>username</td>
        <td><input type="text" name="formlogin" class="cssborder"></td>
    </tr>
    <tr>
        <td>password</td>
        <td><input type="password" name="formpass" class="cssborder"></td>
    </tr>
</table>
<br> <input type="submit" value="login" class="cssborder">     
</form>

<?
//echo "formlogin=$formlogin";
//echo "<br>formpass=$formpass";
//echo "<br>login=$login";
//echo "<br>pass=$pass";

if ($formpass == $pass && $formlogin == $login) {
    session_register("loggedin");
    $loggedin = "1";
//logged in so run a javascript redirect to admin page.
?>
<script language="javascript">
<!-- 
location.replace("admin");
-->
</script>

    <h4><a href='admin'>you are now logged in, continue to the admin section</a></h4>
<?
}
?>

Please tell me it's something simple

Voodoochilli · #2 Jun 25th, 2007, 09:44

you need to convert all of your variables using the POST method.

eg

if ($_POST['formpass'] == $pass && $_POST['formlogin'] == $login) {
Have a look on using POST vaiables on php.net

Voodoochilli · #3 Jun 25th, 2007, 09:46

Also....
I wouldnt use a javascript redirect, instead use a php header at the top of the page (before the html)

if ($_POST['formpass'] == $pass && $_POST['formlogin'] == $login) {
header("Location: http://www.yourwebsite");

}

Voodoochilli · #4 Jun 25th, 2007, 09:52

Maybe I should make it more clear, this is what I would do:

Code: Select all

<?
require ("config.php");

if ($_POST['formpass'] == $pass && $_POST['formlogin'] == $login) {

     header("Location: admin/");
 

}//end if

if ($e ==  "1") {
echo "<p>Please Login</p>";
}
?>
<h3>Simple CMS Login</h3>
<p><img src='img/security.gif' title='please login'></p>
<form action="login.php" method="post" name="frm">
<table cellspacing="4" cellpadding="4" style="border-bottom-width: thin; border-left-width: thin; border-right-width: thin; border-top-width: thin; border-style: dotted; border-color: red;">
    <tr>
        <td>username</td>
        <td><input type="text" name="formlogin" class="cssborder"></td>
    </tr>
    <tr>
        <td>password</td>
        <td><input type="password" name="formpass" class="cssborder"></td>
    </tr>
</table>
<br> <input type="submit" value="login" class="cssborder">     
</form>

delusion · #5 Jun 25th, 2007, 09:52

Quote:

Originally Posted by Voodoochilli

you need to convert all of your variables using the POST method.

eg

if ($_POST['formpass'] == $pass && $_POST['formlogin'] == $login) {
Have a look on using POST vaiables on php.net

all, as in everywhere, or just in the login.php?

Voodoochilli · #6 Jun 25th, 2007, 09:54

Also you need a way of securing your admin folder. Ideally you want to work with Sessions and header redirects. Javascript is easy to get around security wise

Voodoochilli · #7 Jun 25th, 2007, 09:55

Quote:

Originally Posted by delusion

all, as in everywhere, or just in the login.php?

Whenever a variable is meant to be sent from a form (posted), you make it use the POST method. There are other types too like $_REQUEST and $_GET

delusion · #8 Jun 25th, 2007, 09:57

I get this:

Warning: Cannot modify header information - headers already sent by (output started at /home/delusion/bs4y.allura.nl/login.php:13) in /home/delusion/bs4y.allura.nl/login.php on line 18

When I use your code.. ?

delusion · #9 Jun 25th, 2007, 09:58

This is all the code I have:

Code: Select all

<?
session_start();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
    <title>Login</title>
    <link href="/style.css" rel="stylesheet" type="text/css">
</head>

<body style="font-family: tahoma;">
<?
require ("config.php");

if ($_POST['formpass'] == $pass && $_POST['formlogin'] == $login) {

     header("Location: admin/");
 

}//end if

if ($e ==  "1") {
echo "<p>Please Login</p>";
}
?>
<h3>Simple CMS Login</h3>
<p><img src='img/security.gif' title='please login'></p>
<form action="login.php" method="post" name="frm">
<table cellspacing="4" cellpadding="4" style="border-bottom-width: thin; border-left-width: thin; border-right-width: thin; border-top-width: thin; border-style: dotted; border-color: red;">
    <tr>
        <td>username</td>
        <td><input type="text" name="formlogin" class="cssborder"></td>
    </tr>
    <tr>
        <td>password</td>
        <td><input type="password" name="formpass" class="cssborder"></td>
    </tr>
</table>
<br> <input type="submit" value="login" class="cssborder">     
</form>

<p><a href="login.php"><small>reload</small></a></p>
</body>
</html>

Voodoochilli · #10 Jun 25th, 2007, 09:59

ok, thats becuase that code needs to be before any html at all for example

<?php
require ("config.php");
if ($_POST['formpass'] == $pass && $_POST['formlogin'] == $login) {
header("Location: admin/");

}//end if

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<? if ($e == "1") {
echo "<p>Please Login</p>";
}
?>
</body>
</html>

*Also the page will load better this way as the php is worked out before the browser trys to load the page

Voodoochilli · #11 Jun 25th, 2007, 10:01

replace my html with all your html

delusion · #12 Jun 25th, 2007, 10:05

I did.. now this:

Warning: Cannot modify header information - headers already sent by (output started at /home/delusion/bs4y.allura.nl/login.php:2) in /home/delusion/bs4y.allura.nl/login.php on line 5

Code: Select all

<?php
require ("config.php");
if ($_POST['formpass'] == $pass && $_POST['formlogin'] == $login) {
header("Location: admin/");

}//end if
if ($e == "1") {
echo "<p>Please Login</p>";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
    <title>Login</title>
    <link href="/style.css" rel="stylesheet" type="text/css">
</head>

<body style="font-family: tahoma;">
<h3>Simple CMS Login</h3>
<p><img src='img/security.gif' title='please login'></p>
<form action="login.php" method="post" name="frm">
<table cellspacing="4" cellpadding="4" style="border-bottom-width: thin; border-left-width: thin; border-right-width: thin; border-top-width: thin; border-style: dotted; border-color: red;">
    <tr>
        <td>username</td>
        <td><input type="text" name="formlogin" class="cssborder"></td>
    </tr>
    <tr>
        <td>password</td>
        <td><input type="password" name="formpass" class="cssborder"></td>
    </tr>
</table>
<br> <input type="submit" value="login" class="cssborder">     
</form>


<p><a href="login.php"><small>reload</small></a></p>
</body>
</html>

Voodoochilli · #13 Jun 25th, 2007, 10:06

ok, give me a sec, I will format you code for you

delusion · #14 Jun 25th, 2007, 10:08

Quote:

Originally Posted by Voodoochilli

ok, give me a sec, I will format you code for you

I'll go have some lunch.. brb

Voodoochilli · #15 Jun 25th, 2007, 10:08

<?
session_start();
require ("config.php");
if ($_POST['formpass'] == $pass && $_POST['formlogin'] == $login) {
header("Location: admin/");
}//end if

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Login</title>
<link href="/style.css" rel="stylesheet" type="text/css">
</head>

<body style="font-family: tahoma;">

<h3>Simple CMS Login</h3>
<p><img src='img/security.gif' title='please login'></p>
<form action="login.php" method="post" name="frm">
<table cellspacing="4" cellpadding="4" style="border-bottom-width: thin; border-left-width: thin; border-right-width: thin; border-top-width: thin; border-style: dotted; border-color: red;">
<tr>
<td colspan="2">Please Login </td>
</tr>
<tr>
<td>username</td>
<td><input type="text" name="formlogin" class="cssborder"></td>
</tr>
<tr>
<td>password</td>
<td><input type="password" name="formpass" class="cssborder"></td>
</tr>
</table>
<br> <input type="submit" value="login" class="cssborder">
</form>

<p><a href="login.php"><small>reload</small></a></p>
</body>
</html>

Voodoochilli · #16 Jun 25th, 2007, 10:09

Also something else you should look into is using external style sheets, it would make projects like this a lot easier to update visually.

Voodoochilli · #17 Jun 25th, 2007, 10:15

Just thought, it should be ok, but only if config.php doesnt echo anything

delusion · #18 Jun 25th, 2007, 10:33

Quote:

Originally Posted by Voodoochilli

Also something else you should look into is using external style sheets, it would make projects like this a lot easier to update visually.

I know, but it has to work first. I'll look at the css-part later.

Now. I tried your code, but it doesn't do anything. It takes me back to the login-screen..

		Webforumz.com > Main Forums > Program Your Website > PHP Forum
register_globals