0

Hi, what is the best replacement for session_is_registered?

Here is my code

Main Page

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?

session_start();
if(!session_is_registered(myusername)){
header("location:index.php");
}
?>

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>C&amp;C-Relived Control Panel</title>
</head>

<body>
<span>Login Successful</span>
<form name="form1" method="post" action="logout.php">
<input type="submit" name="Submit" value="Log Out">
</form>
<?php
echo "Welcome " . $_SESSION['myusername'];
?>
</body>
</html>

Processing Script

<?php
$host="******"; // Host name
$username="******"; // Mysql username
$password="******"; // Mysql password
$db_name="******"; // Database name
$tbl_name="******"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:panel.php");
}
else {
echo "<strong>Wrong Username or Password</strong>";
}
?>
2
Contributors
1
Reply
2
Views
5 Years
Discussion Span
Last Post by edwinhermann
0

Use the $_SESSION array instead. So, for example:

$_SESSION["name"]="foobar";

So now you should not use session_register(), session_unregister() or session_is_registered().

Can you can test using:

if (isset($_SESSION["name"])) { ... }

Edited by edwinhermann: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.