PHP: $_POST/$_COOKIE to variables

Question

I've downloaded such script:

$QUERY_STRING="login";

if (file_exists("passwd.dat") && $QUERY_STRING != ""):
     require ("passwd.dat");
     if (!isset($alogin) || md5($pass) != $Password[$alogin] || !isset($Password[$alogin])):
          $logined = 0;
          //$error = "Неверный логин или пароль!<br>";
          setcookie("alogin","",0);
          setcookie("pass","",0);
     else:
          $logined = 1;
          setcookie("alogin",$alogin,time()+60*60*24*30*12);
          setcookie("pass",$pass,time()+60*60*24*30*12);
     endif;
endif;
?>

and it works just fine on remote server, but doesn't work on local one. As I figured out, on remote machine $_POST/$_COOKIE arrays are "unpacked" to just variables, e.g. if $_POST['abc'] is defined you can access it via $abc. What mechanism is it? Just don't know where to look...

score 5 · Accepted Answer · answered Mar 27 '12 at 12:39

5

This setting is called register_globals and you should never, ever use it. You should instead modify the script so that it accesses $_POST['abc'] directly, which is the correct way.

If the script is long and/or complicated, then simply accept the fact that it is crap and find a better one.

answered Mar 27 '12 at 12:39

Jon

428,835
81
738
806

...and additionally: this feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0. – acme Mar 27 '12 at 12:40
For more info, see http://stackoverflow.com/questions/1417373/why-is-register-globals-so-bad – El Yobo Mar 27 '12 at 12:40

score 3 · Answer 2 · answered Mar 27 '12 at 12:40

3

This is called register_globals and it is depecrated as of PHP 5.3.0.

answered Mar 27 '12 at 12:40

Pierre-Olivier

3,104
19
37

PHP: $_POST/$_COOKIE to variables

2 Answers2