A community for technology geeks in Lebanon.

You are not logged in.

#1 June 22 2012


Wordpress and wp_unregister_globals

So basically I've been wanting to add a custom registration/login system on my Wordpress-based website. I added my tables to the database and wrote the registration/login code and everything.

My problem is this function wp_unregister_globlas which is defined in wp-includes/load.php and called on /wp-settings.php:

function wp_unregister_GLOBALS() {
if ( !ini_get( 'register_globals' ) )

	if ( isset( $_REQUEST['GLOBALS'] ) )
		die( /*WP_I18N_GLOBALS_OVERWRITE*/'GLOBALS overwrite attempt detected'/*/WP_I18N_GLOBALS_OVERWRITE*/ );

	// Variables that shouldn't be unset
	$no_unset = array( 'GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix' );

	$input = array_merge( $_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset( $_SESSION ) && is_array( $_SESSION ) ? $_SESSION : array() );
	foreach ( $input as $k => $v )
		if ( !in_array( $k, $no_unset ) && isset( $GLOBALS[$k] ) ) {
			$GLOBALS[$k] = null;
			unset( $GLOBALS[$k] );

After some googling, I added the session_start() to my functions.php file located in my theme root and hooked it to the init.

When the user logs in, I save his id in $_SESSION but I get nothing when I echo it (for testing purposes) after I redirect him to his profile. $_SESSION is empty ...

I tried adding _SESSION to the $no_unset array and that didn't work for me.

The ultimate question: is it safe for me to comment wp_unregister_globals in /wp-settings?


#2 June 22 2012


Re: Wordpress and wp_unregister_globals

Calling wp_unregister_globals in wp-settings clears all your global variables. You can comment out any calls to wp_unregister_GLOBALS() and your global session variables and other global variables values wont be cleared anymore.

But I am not sure if stopping all calls to that function would actually affect the work of WordPress(Not sure), most probably it would in one way or another. A possible solution for setting custom session variables would be to add session_start(); at the very top of your wp-config.php that should enable sessions.

Because here is how it works:

wp_unregister_GLOBALS() actually clears  the corresponding values in $GLOBALS hash and does not actually affect the actual value in $_SESSION. So if you set $_SESSION['somevalue'], wp_unregister_GLOBALS() would actually unset $GLOBALS['somevalue'] and the value becomes unaccessable but that does not affect $_SESSION['somevalue'] that is still holding them. Those stored values can be re-used after you initialize the session with session_start().

Try it out and let me know if it works.

Hope that was helpful, have a good day :)


#3 June 25 2012


Re: Wordpress and wp_unregister_globals

Hey Ayman, thanks for your reply.

I added session_start() to my wp-config file and I still get nothing when I echo my $_SESSION("my_variable") after the user logs in and is redirected to his profile page.


#4 July 2 2012


Re: Wordpress and wp_unregister_globals

I ended up settling for Wordpress's own way of handling global variables, I don't need session_start anymore and I don't have to deal with the awfulness of wp_unregister_globals.

Topic "solved".


Board footer