So basically I've been wanting to add a custom registration/login system on my Wordpress-based website. I added my tables to the database and wrote the registration/login code and everything.
My problem is this function wp_unregister_globlas which is defined in wp-includes/load.php and called on /wp-settings.php:
function wp_unregister_GLOBALS() {
if ( !ini_get( 'register_globals' ) )
return;
if ( isset( $_REQUEST['GLOBALS'] ) )
die( /*WP_I18N_GLOBALS_OVERWRITE*/'GLOBALS overwrite attempt detected'/*/WP_I18N_GLOBALS_OVERWRITE*/ );
// Variables that shouldn't be unset
$no_unset = array( 'GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix' );
$input = array_merge( $_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset( $_SESSION ) && is_array( $_SESSION ) ? $_SESSION : array() );
foreach ( $input as $k => $v )
if ( !in_array( $k, $no_unset ) && isset( $GLOBALS[$k] ) ) {
$GLOBALS[$k] = null;
unset( $GLOBALS[$k] );
}
}
After some googling, I added the session_start() to my functions.php file located in my theme root and hooked it to the init.
When the user logs in, I save his id in $_SESSION but I get nothing when I echo it (for testing purposes) after I redirect him to his profile. $_SESSION is empty ...
I tried adding _SESSION to the $no_unset array and that didn't work for me.
The ultimate question: is it safe for me to comment wp_unregister_globals in /wp-settings?