what if register_global is enabled

StackOverflow https://stackoverflow.com/questions/10465921

  •  06-06-2021
  •  | 
  •  

Question

I've simple captcha that works perfect when register_global is disabled and this is the correct according to PHP Manual Using Register Globals

But sometimes i moves to many hosting and they by default enabled register global so my captcha stop working and always gives wrong captcha even if it was entered correct.

My question

why it does not works if register_global is enabled as well as if disabled ?

The code

captcha.php

<?PHP
session_start();
$digits_num=5;
$x_pos=25;
$y_pos=6;
$font_size=5;
function random_num($n){
$start_num = "1".str_repeat("0", $n-1);;
$end_num   = str_repeat("9", $n);
return rand($start_num, $end_num);
}
$text = random_num($digits_num);
$_SESSION["captcha_num"] = md5($text);
$captcha = imagecreatefrompng("./images/captcha.png");
$font_color['black']=imagecolorallocate($captcha, 0, 0, 0);
$font_color['white']=imagecolorallocate($captcha, 80, 73, 20);
imagestring($captcha, $font_size, $x_pos, $y_pos, $text, $font_color['white']);
header("Content-type: image/png");
imagepng($captcha);
?>

The form

<form name="frm" method="post" action="add.php">
<img src="captcha.php">
<input type="text" name="captcha_num" id="captcha_num" >
<input type="submit" name="submit" id="submit" value="submit">
</form>

add.php

<?PHP
session_start();
if(md5($_POST['captcha_num']) != $_SESSION['captcha_num']){
echo "Wrong captcha";
}else{
echo "Good Pass it";
}
?>
Was it helpful?

Solution

From the manual page you refered to:

This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0
(...)
Perhaps the most controversial change in PHP is when the default value for the PHP directive register_globals went from ON to OFF in PHP » 4.2.0.

In other words: Switch it off.

How can I switch it off?

Option 1: With ini_set

Place this code on top of you code (or in the bootstrap file if you have that)

ini_set('register_globals', 'Off')

Option 2: With htaccess

Make a .htaccess file in the root of your website and add this code to it:

php_flag register_globals Off

Don't ask yourself why the script is wrong if you use a bad technique, ask yourself how to switch off/avoid using the bad technique.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top