From: [EMAIL PROTECTED] Operating system: Win2K Server PHP version: 4.2.3 PHP Bug Type: Unknown/Other Function Bug description: Login only possible from page where login is required.
The login script I am using ( part of a tutorial by Ying Zhang, see http://zope1.devshed.com/zope.devshed.com/Server_Side/PHP/Commerce ) is only working when entered from a page requiring login. If login is voluntary by clicking on a "login" link, then login does not occur. The only difference is the execution of the following code from the MyMarket.php library: function is_logged_in() { /* this function will return true if the user has logged in. a user is logged * in if the $SESSION["user"] is set (by the login.php page) and also if the * remote IP address matches what we saved in the session ($SESSION["ip"]) * from login.php -- this is not a robust or secure check by any means, but it * will do for now */ global $SESSION, $REMOTE_ADDR; return isset($SESSION) && isset($SESSION["user"]) && isset($SESSION["ip"]) && $SESSION["ip"] == $REMOTE_ADDR; } function require_login() { /* this function checks to see if the user is logged in. if not, it will show * the login screen before allowing the user to continue */ global $CFG, $SESSION; if (! is_logged_in()) { $SESSION["wantsurl"] = qualified_me(); redirect("$CFG->wwwroot/login.php"); } } This code was developed in and is known to have worked in PHP4 beta. Note that the tutorial requires register_globals=On also, in case you decide to test it. qualified_me() returns the name of the current script without the querystring portion. As delivered it didn't work, I'm using a stripped $_SERVER['SCRIPT_NAME']. wantsurl is used later by the following code: /* if wantsurl is set, that means we came from a page that required * log in, so let's go back there. otherwise go back to the main page */ $goto = empty($SESSION["wantsurl"]) ? $CFG->wwwroot . "/index.php" : $SESSION["wantsurl"]; header("Location: $goto"); die; The error only occurs if $CFG->wwwroot/index.php is called. Hope this is enough information to nail the sucker. -- Edit bug report at http://bugs.php.net/?id=20776&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=20776&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=20776&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=20776&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=20776&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=20776&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=20776&r=support Expected behavior: http://bugs.php.net/fix.php?id=20776&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=20776&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=20776&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=20776&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20776&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=20776&r=dst IIS Stability: http://bugs.php.net/fix.php?id=20776&r=isapi
