Register_Globals
Hi
It appears that Register_Globals has been recently changed to 'off' on teh server that is hosting my clients CMS - this seems to have broken their login session code - i.e. when they enter their username/password it endlessly rejects them telling them access is denied.
I have no idea about recoding for Register_Globals to be off, so could anybody point me in the right direction? Here's the code from the CMS:
<the login checks>
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];
if (login($username, $password)) {
$HTTP_SESSION_VARS['auth_user'] = $username;
header('Location: index.php?section=1');
}
else {
header('Location: admin.php?access=denied');
}
if (check_auth_user()) {
$w = get_writer_record($HTTP_SESSION_VARS['auth_user']);
MORE CODE...
}
</ the login check>
<the login functions>
function login($username, $password)
{
$conn = db_connect();
if (!$conn)
return 0;
$result = mysql_query("select * from writers
where username='$username'
and password = password('$password')");
if (!$result)
return 0;
$access = mysql_fetch_array($result);
if ($access['level'] == 'admin')
return 2;
else if (mysql_num_rows($result)>0)
return 1;
else
return 0;
}
function check_auth_user()
// see if somebody is logged in and notify them if not
{
global $HTTP_SESSION_VARS;
if (isset($HTTP_SESSION_VARS['auth_user']))
return true;
else
return false;
}
</ login functions>
|
in your htaccess file
Linear Mode
