Deprecated: Function session_register() is deprecated

Question

I created a simple login system using sql

It has 4 main components index -asks for username and pass checklogin - checks for the credentials logsuccess homepage - landing page after successful login

The error generate are given at the end of the post

Index.php asks for username and pass

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <HTML>
     <HEAD>
      <TITLE>Nottingham Uni</TITLE>

      <script type="text/javascript" src="js/mootools-1.2.1-core-yc.js"></script>
      <script type="text/javascript" src="js/process.js"></script>

      <link rel="stylesheet" type="text/css" href="style.css" />
    </HEAD>

     <BODY>

    <center>
    <div id="intro">
      <p>&nbsp;</p>
      <p><img align="absmiddle" src="images/nott-uni-logo.jpg"></p>
    </div>

    <div id="status">

    <fieldset><legend align="center">Authentication</legend>

    <div id="login_response"><!-- spanner --></div>

    <form id="login" name="login" method="post" action="checklogin.php">
    <table align="center" width="300" border="0">
    <tr>
    <td width="80">Username</td><td><input id="name" type="text" name="myusername"></td>
    </tr>
    <tr>
    <td>Password</td>
    <td><input type="password" name="mypassword"></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td><input id="submit" type="submit" name="submit" value="Login">
    </tr>
    </table>
    </form>
    </fieldset>

    </div>
    </center>
     </BODY>
    </HTML>


checklogin.php checks for the credentials

    <?php

    $link = mysql_connect('www.xxxxx.com', 'xxxxxx', 'xxxxxx');
    if (!$link) {
        die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("brainoidultrafb", $link);

    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);
    $sql="SELECT * FROM logintbl WHERE stu_email='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);

    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count==1){

    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_register("myusername");
    session_register("mypassword"); 
    header("location:login_success.php");
    }
    else {
    echo "Wrong Username or Password";
    }
    ?>


If its success it goes to homepage.php

logsuccess.php is below

    <?php
    session_start();
    if(!session_is_registered(myusername)){
    header("location:homepage.php");
    }
    ?>
    <html>
    <body>
    Login Successful
    </body>
    </html>


these codes are give in the following errors

    Deprecated: Function session_register() is deprecated in /home/content/58/9508458/html/pabrowser/checklogin.php on line 29

    Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at /home/content/58/9508458/html/pabrowser/checklogin.php:29) in /home/content/58/9508458/html/pabrowser/checklogin.php on line 29

    Deprecated: Function session_register() is deprecated in /home/content/58/9508458/html/pabrowser/checklogin.php on line 30

    Warning: Cannot modify header information - headers already sent by (output started at /home/content/58/9508458/html/pabrowser/checklogin.php:29) in /home/content/58/9508458/html/pabrowser/checklogin.php on line 31

score 11 · Accepted Answer · edited May 23 '17 at 12:27

11

Instead of doing:

session_register("myusername");
session_register("mypassword");

You can simply do:

session_start();
$_SESSION['username'] = 'something';
$_SESSION['password'] = 'something';

And to check whether the username is set you can do:

session_start();
if(!isset($_SESSION['username'])){
    // not logged in
}

Note that I have the session_start() function right above my checks / initialization. In your code you may want to add it at the top of your script to prevent the "Headers already sent by PHP" message.

Also, please don't use mysql_* functions for new code. They are no longer maintained and the community has begun the deprecation process. See the red box? Instead you should learn about prepared statements and use either PDO or MySQLi. If you can't decide, this article will help to choose. If you care to learn, here is a good PDO tutorial.

One last thing regarding your code. It looks like you do not properly hash the passwords, which is considered bad practice. If an attacker gets hold of your database you have some explaining to do to the people who are in the database (e.g. you have to tell them the attacker got all their passwords).

edited May 23 '17 at 12:27

Community

1
1

answered Jun 24 '12 at 12:05

PeeHaa

71,436
58
190
262

Hii thanks for the quick reply .. new erroe is showing up Deprecated: Function session_is_registered() is deprecated in /home/content/58/9508458/html/pabrowser/login_success.php on line 3 Login Successful, how should i format it – Tina Jun 24 '12 at 12:10
That's also in my answer. It's the `if(!isset($_SESSION['username'])){` part. – PeeHaa Jun 24 '12 at 12:11
Thanks it works fine , will accept the answer in 5min ..Thanks again .. one more que,sorry to bother you,its a silly que but -- how can i access the user name in homepage.php.. should i send the value or just get the value by POST ? – Tina Jun 24 '12 at 12:14
Can we give that 'deprecated soon' lie a rest? The mysql extension is only marked as "discouraged" in the manual for now. Speculating otherwise just undermines the credibility of otherwise good advise. – mario Jun 24 '12 at 12:14
3

@mario It isn't a lie, it is education. And it will be deprecated at soem point. For **new** code it *is* better to start switching. What's wrong with making sure you code keeps working in future versions? – PeeHaa Jun 24 '12 at 12:18
@ PeeHaa one more que,sorry to bother you,its a silly que but -- how can i access the user name in homepage.php.. should i send the value or just get the value by POST ? is used but no value – Tina Jun 24 '12 at 12:21
@Tina Once logged in the username is saved in the session and can be accessed by `$_SESSION['username']`, e.g.: `echo $_SESSION['username'];` – PeeHaa Jun 24 '12 at 12:22
2

If you want to discuss this matter feel free to come to [chat](http://chat.stackoverflow.com/rooms/11/php) instead of polluting the comments and I will be more than happy to tell you more. @mario – PeeHaa Jun 24 '12 at 12:27
i added Welcome, on homepage.php – Tina Jun 24 '12 at 12:27
@PeeHaa: Not interested in chat. You don't need to pollute comments with 'invitations' anymore. Thanks! – mario Jun 24 '12 at 22:38
1

@mario Thanks for being cooperative. We really appreciate this. – NikiC Jun 24 '12 at 22:57

score 0 · Answer 2 · edited May 18 '14 at 21:16

0

you can avoid this problem by using @ before any deprecated function. like @session_register()

edited May 18 '14 at 21:16

BenMorel

34,448
50
182
322

answered Apr 05 '13 at 06:21

Lakhvinder Singh

1

Deprecated: Function session_register() is deprecated

2 Answers2