This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
PHP session side-effect warning with global variables as a source of data
I have a problem with a login script that im using. problem is with some of the hosting providers after login the session is not registering. and in php error logs i can see this error
PHP Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0
but in most of the hosting's like bluehost, hostmonster it works fine without any error. can someone point me out what is the wrong thing im doing here? thank you in advanced.
Code:
<?
session_start();
ob_start();
?>
<?php
$err=isset($_GET['error'])?$_GET['error']:"";
if($err=='error'){?>
<div class="errormsgbox">Wrong Username or Password. Please try again.</div>
<?php }
if(!isset($_SESSION['adminuser'])){
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$adminuser=mysql_real_escape_string($_POST['adminuser']);
$adminpassword=mysql_real_escape_string($_POST['adminpassword']);
$gpassword=md5($adminpassword); // Encrypted Password
$sql="SELECT id FROM admin WHERE adminuser='$adminuser' and adminpassword='$gpassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1)
{
session_register("adminuser");
header("location:index.php");
}
else
{
header("location:login.php?error=error");
}
}
ob_end_flush();
?>
<form action="login.php" method="post">
<div class="login_input">
<label class="loginlbl" for="adminuser">UserName :</label>
<input type="text" name="adminuser"/>
</div>
<div class="login_input">
<label class="loginlbl" for="adminpassword">Password :</label>
<input type="password" name="adminpassword"/>
</div>
<div class="login_submit">
<input type="submit" id="submit" value=" Login to Admin Contol Panel"/>
</div>
</form>
<?php }else{
header("location:index.php");
}
?>
The use of session_register is deprecated as says in PHP:SESSION_REGISTER
You should use:
//session_register("adminuser"); //deprecated
$_SESSION["adminuser"] = $adminuser;
The manual on session_register:
This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of
PHP 5.4.0.
Just use $_SESSION['adminuser'] as you would use any other variable instead.
Try replacing <? with <?php - it may be your hoster disabled so called short-tags, therefore that part is never executed. It's basically good habit to never use short tags
EDIT
You can disable this warning by adding this:
ini_set('session.bug_compat_warn', 0);
ini_set('session.bug_compat_42', 0);
or fix your code to not use the same name script variable and session key, i.e. this would trigger this warning:
$_SESSION['foo'] = false;
$foo = 0;
a heritage from PHP4 ages...
The problem is that you have a variable that has the same name like a normal variable.
$_SESSION['yourvar'] = null;
$yourvar = 'something';
PHP session side-effect warning with global variables as a source of data
And:
session_register is deprecated use $_SESSION['yourvar'] instead. The function session register causes the error.
Not the answer, but a warning that won't fit in a comment:
You're doing the password processing backwards. You're escaping, THEN md5-ing. This is incorrect. Consider a simple password:
o'brien
which gets escaped to
o\'brien
and then md5'd. That backslash will become PART of the hash value:
o'brien -> 255740509ca6c0e7d86c88fc4d8ddf9d
o\'brien -> afd5c6601a6df7e48d0ce5584b10bf12
note that the hash values are utterly different. This could turn around and bite you if you're comparing hashed values elsewhere and forget the escaping stage.
Related
I'm using soft deletes and trying to make a function to restore the deleted row. Really everything to do with submitting the form doesn't work, even deleting...
My tags are within a forelse loop, maybe that's the cause??
Route is (this is above my resource route):
Route::post('/post/restore/{id}', [PostController::class, 'restore'])
->name('post.restore');
Controller is:
public function restore($id)
{
dd($id);
}
Form/view is:
<form action="{{route('post.restore', $post->id)}}" method="POST">
#csrf
<button type="submit" class="dropdown-item popup" data-confirm="Would you like to restore?">Restore</button>
</form>
After submitting, it just takes me to:
domainURL/post/null
and gives a 404 error
Any advice?? I also tried it without the {id} at the end of the route, same results
I think you are using the wrong syntax for route function, instead of this:
route('post.restore', $post->id)
you should use it like this:
route('post.restore', ['id' => $post->id])
you can read more here as well.
I figured it out... my "would you like to restore?" javascript function was breaking the form. I was using javascript to popup a confirmation message before submitting and during that process it lost the ID
I got rid of that and it works fine
Thank you!
if the validation fails it's not clear to me how i could pass the old input to fill again the form.
I mean, I know how to pass the data when using the Validator class and redirecting after fail with the method withInput(), but I'm trying to learn how to use Form Requests provided in laravel 5. Thanks
$username = Request::old('username');
or in view:
{{ old('username') }}
Read more: http://laravel.com/docs/5.0/requests#old-input
You can redirect with old data like below with validation error
return redirect()->back()->withErrors($validator)->withInput();
<input type="text" name="username" value="{{ old('username') }}">
you must also define withInput() for the http route when redirecting to a page for example
return back()->withInput();
In account form fields or user registration page form fields for First name and Last name, when i place the following JS code :
<script>alert("Here")</script>
It is saved and is run on page load. This is very strange, because i checked the template files and values are escaped as below:
<?php echo $this->escapeHtml($this->getObject()->getFirstname()) ?>
I have also confirmed if i am in correct template file by changing the label of field.
I have read the following questions and tried to used them but did not worked for me.
https://magento.stackexchange.com/questions/569/how-to-escape-output-data
https://magento.stackexchange.com/questions/8179/is-there-a-generic-way-i-can-apply-input-filtering-to-magento-form-processing
Regarding to the observer method, it works, but when i try to login to magento admin, i cant, but when iremove the observer, i can login again.
Check the two attached screenshots.
Kindly help me with this issue.
Thank you
I have created an observer. For login forms at admin and front end (and may be some other forms), the form fields for user name and password are in array format like below:
<input type="text" id="username" name="login[username]" value="" class="required-entry input-text">
<input type="password" id="login" name="login[password]" class="required-entry input-text" value="">
TO fix this issue, i have modified the code in observer as below:
public function sanitizeParams($observer)
{
if(!Mage::app()->getStore()->isAdmin())
{
$post = Mage::app()->getRequest()->getParams();
foreach($post as $pkey => $pvalue)
{
if(is_array($post[$pkey]))
{
foreach($post[$pkey] as $key => $value)
{
$post[$pkey][$key] = filter_var($value, FILTER_SANITIZE_SPECIAL_CHARS);
}
}
else
{
$post[$pkey] = filter_var($pvalue, FILTER_SANITIZE_SPECIAL_CHARS);
}
}
$_POST = $post;
}
}
And it fixed my problem, and is working fine now.
Thanks.
Im making a edit form for my app and i was wondering if someone could tell me how to get the data from the database into my text field.
I can locate the record i need to edit based on the users click, and i can display the information if i do the following:
value="{{ $letter->subject }}"
BUT, the problem im having is that when i run it through the validation and there is an error, it comes back with the database information instead of the OLD data.
So my questions is. Is there a way to serve up the database information first and then when it goes through the validatior, validate the information the user has edited?
Currently to validate the text field and bring the data back incase of error, im using
Input::old('subject')
Is there a parameter for that old bit that allows me to put in the DB data?
Cheers,
Hey you could validate and return ->withInput() and then in your actual form, check if there is Input::old() and display it, otherwise display from the db.
example:
<input type="text" name="subject"
value="{{ (Input::old('subject')) ? Input::old('subject') : $letter->subject }}">
Or you could go the other way and define the variable and do a regular if statement, instead of the ternary one! Up to you to decide what you want to use!
All you need is form model binding http://laravel.com/docs/html#form-model-binding:
{{ Form::model($letter, ['route' => ['letters.update', $letter->id], 'method' => 'put']) }}
// your fields like:
{{ Form::text('someName', null, ['class' => 'someHTMLclass' ...]) }}
// no default values like Input::old or $letter->something!
{{ Form::close() }}
This way you form will be populated by the $letter data (passed from the controller for example).
Now, if you have on your countroller:
// in case of invalid data
return Redirect::back()->withInput();
then on the redirect your form will be repopulated with input values first, not the original model data.
Make it more simple and clean
<input type="text" name="subject" value="{{ (Input::old('subject')) ?: $letter->subject }}">
I'm not sure for Laravel 4 but in Laravel 5, function old takes second param, default value if no old data in session.
Please check this answer Best practice to show old value
I'm trying to store information on a form by using sessions in case the validation returns false, then the user doesn't have to refill the form. This how I'm doing this:
PAGE A:
<?
session_start();
$Fname = $_SESSION['FirstName'];
?>
<html>
<input type="text" id="First" value="<? if($Fname){echo $Fname;}?>">
</html>
PAGE B:
<?
$Fname = $_POST['First'];
session_start();
$_SESSION['FirstName'] = $Fname;
//validation is not good then
header('Location: PageA.php');
?>
The issue is that when sent back to page A, nothing is showing up in the inputs, but randomly it will show up or, I'll refresh and it might show up. For most part its just not working and what I don't understand it kind of just started happening when I made a modification of removing one of the session vars and replacing it with a cookie because of other reasons, but decided not to go that route. Still I don't see what I could have done to start causing this issue. Any ideas? I'm thinking its something with the php.ini file because i have a separate form with the same setup and I never touched it, and now its not working when it was the last time i checked.
UPDATE
I just tried the form, I submitted it incorrectly on purpose to trigger the validation and it sent me back with blank inputs as I already mentioned. I clicked on another page and then came back to the form and the inputs appeared. It seems as if its storing but just not being read immediately? Don't know if this helps.
On Page B session_start() should be the first command on the page. I always keep this at the top just to be sure
You do not need SESSION at all ...
PAGE A:
<?
$Fname = isset($_POST['First']) ? $_POST['FirstName'] : '';
?>
<html>
<form method='post' action='PageB.php'>
<input type="text" id="First" value="<? if($Fname){echo $Fname;}?>"/>
</form>
</html>
PAGE B:
<?
//validation is not good then
include 'PageA.php';
exit;
?>
Not sure if it is a typo, but in your input tag you don't have the "name" attribute specified, which would mean an empty $_POST array when you go to page B.
It's difficult (for me at least) to help you without further details, but here are my thoughts:
From the PHP manual: "Session ID is not passed with Location header even if session.use_trans_sid is enabled. It must by passed manually using SID constant. "
One solution found in other forums: call session_write_close() before the header redirection: external link
Apparently, header() can sometimes make the redirection BEFORE the session cookie is written. That could explain why sometimes it works and other times it doesn't. But, as I said, not sure that this applies to your code.
I got it working by filling in the things you left out in your example; does it work for you?
PageA.php
note addition of <form action="PageB.php" method="POST"> and change of id="First" to name="First"
<?
session_start();
$Fname = $_SESSION['FirstName'];
?>
<html>
<form action="PageB.php" method="POST">
<input type="text" name="First" value="<? if($Fname){echo $Fname;}?>">
</form>
</html>
PageB.php
(unchanged)
<?
$Fname = $_POST['First'];
session_start();
$_SESSION['FirstName'] = $Fname;
//validation is not good then
header('Location: PageA.php');
?>