session_register vs $_SESSION - PHP

[freddye]

Hello,

I've been working on a Login for my site.

I got some code on it from some site which uses session register. Later I read that session_register is 'depreciated' (does that mean it's not in use?) and that I should use $_SESSION.

My question is what would the equivalent code be for registering the session. Also to be able to use $_SESSION I need to start the session but that needs to go on the very top of my code... but I don't want to start the session until I authenticate the user.

I may have all of this confused (just started learning PHP)

The code I have currently:

<?php
include('connectionfile.php');
$tbl_name="listserve";
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE email='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

if($count==1){
// Register $username, $password and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:loginsuccess.php");
}
else {
echo "Wrong Username or Password";
}
?>

Thanks,
FreddyE

[freecrm]

'depreciated' does mean that it has become obsolete.

$_SESSION is the current format, in much the same way the $HTTP_POST_VARS has become $_POST.

The Session start command is

PHP Code:

session_start(); 


and must always (as you say) come at the very start of the page.

Don't worry about starting the session before authentication (I have this system on my site).

All that the session does is store data in server memory and has nothing to do with logins directly - only what you tell it!

For instance, if you start the session and do this...

PHP Code:

$_SESSION['something'] = "boo"; 


The only thing stored to session memory is "boo".

You will note that in your code, you have an (if) statement, asking the database if there is a row that matches the posted data.

If this is true, then the data is stored to session memory.

The code should read

PHP Code:

$_SESSION['username'] = $username;
$_SESSION['password'] = $password; 


I must say though that this method is very old and subject to session attacks, using JS URL entries. Passwords should never be stored in memory, especially if they are not encrypted.

Hope this helps a bit

[freddye]

Wow thanks Rich for your help.

I was searching the web for a bit and couldn't get a direct answer when I decided to do my first post on the forum. Thanks again.
Edit:
I'm new to the forum and don't know much about credits. What is the common donation for an answered question??

[freecrm]

Glad I could help.

Donations very much depend on personal preference, but for my part, I'm not concerned with increasing credits.

You can also add to someone's reputation (if you like) by clicking the add to reputation button.

Good luck!