undefined variable although register_session done

Expand Post »

I am creating a login sessin in php. In first part index.html takes in text for AUTH_NAME and password in AUTH_PASSWD.

In the login.php I set these variables as global with session_register("AUTH_NAME") and session_register("AUTH_PASSWD").

code: index.html
[PHP]
<html>
<center><h2>Login</h2>
<form action=login.php method="post">
<table align=center>
<tr><td>User</td> <td><input type=text name=AUTH_NAME size="20"></td></tr>
<tr><td>Password</td><td><input type=password name=AUTH_PASSWD size="20"></td></tr>
<tr><td><input type="submit" value="Login!"></td></tr>
</form>
[/PHP]

code: login.php
[PHP]
<?php

include("conf/conf.php");

if($pw=file($PWD_FILE)) $authenticated = 0;

session_register("AUTH_NAME");
session_register("AUTH_PASSWD");

for($i=0; $i<=count($pw); $i++)
{
$line = split(":", $pw[$i], -1);
$pass = chop($line[1]);
$salt = substr($pass, 0, 2);
$ToCompare=$AUTH_NAME.":".crypt($AUTH_PASSWD, $salt);
if(strcmp(trim($pw[$i]),$ToCompare)==0)
{
$authenticated=1;
echo $authenticated;
}
}
?>
[/PHP]

in the conf.php I set up the password file like:
$PWD_FILE = '.../www/users';

I try to use AUTH_NAME and AUTH_PASSWD in the next lines but error_log tells that these variables are undefined

.

Help

Last edited by slacke; Feb 11th, 2007 at 7:10 am.

Similar Threads

Undefined variable: PHP_SELF in PHP
undefined variable error in PHP
Variable scope/declaration/assignment query in PHP

slacke

Reputation Points: 14

Solved Threads: 7

Junior Poster

Offline

105 posts
since Jun 2006

Permalink

Feb 11th, 2007

Re: undefined variable although register_session done

I found out that I have trouble with register_globals which is off in default because I use php 5.**.

So I can't make those variables global.
It is a security issue and I want to find some other way to make those files accessible in login.php.

Any ideas...

slacke

Reputation Points: 14

Solved Threads: 7

Junior Poster

Offline

105 posts
since Jun 2006

Permalink

Feb 16th, 2007

Re: undefined variable although register_session done

I haven't used session_register yet but I have done a login/logout feature and I only used "session_start();" and stored the variables in the $_SESSION variable.

In your case it would be:

(Toggle Plain Text)

<?php
 
include("conf/conf.php");
session_start();
 
 
if($pw=file($PWD_FILE)) $authenticated = 0; 
 
$_SESSION["AUTH_NAME"] = /*value of name*/ ;

  for($i=0; $i<=count($pw); $i++)
 
   {
 
$line = split(":", $pw[$i], -1);
 
$pass = chop($line[1]);
 
$salt = substr($pass, 0, 2);
 
$ToCompare=$AUTH_NAME.":".crypt($AUTH_PASSWD, $salt);
 
       if(strcmp(trim($pw[$i]),$ToCompare)==0)
 
           {
 
$_SESSION['authenticated']=1;
 
           echo $_SESSION['authenticated'];
 
           }
 
   }

At the start of the succeeding pages, just put in session_start(); and check $_SESSION['authenticated']. I suggest you don't keep the password as a session variable as it may pose as a security risk for the user and you only need the password for authentication anyway.

Last edited by jblacdao; Feb 16th, 2007 at 12:21 am.

jblacdao

Reputation Points: 12

Solved Threads: 3

Light Poster

Offline

37 posts
since Jan 2007

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in PHP Forum Timeline: IF Conditions

Next Thread in PHP Forum Timeline: $verbose... No idea yet, :-(

DaniWeb Message

Cancel Changes

User Name
Password