ID: 22840
Comment by: notepad at codewalkers dot com
Reported By: chair123 at 163 dot net
Status: Bogus
Bug Type: Session related
Operating System: win2000pro
PHP Version: 4.3.1
New Comment:
i can't get sessions to destroy at all in PHP v4.3.1. - it seems to set
the variable $_SESSION['valid_user'] even when the login form is left
blank. so i made it harder to login, and now the login function won't
return true even if it's a valid attempt.. craziness
testdb.txt example:
myuserid|mypass
sessiontest.php example:
<?php
session_start();
if(isset($_POST['userid']) && isset($_POST['password']))
{
// if user has just tried to login
$userid = $_POST['userid'];
$password = $_POST['password'];
}
// retrieve info from database, register id if they're in the database
$data = file('testdb.txt');
function login($id, $pass, $db)
{
foreach($db as $key=>$value)
{
$divide = explode('|', $value);
if(($divide[0] == "$id") && ($divide[1] == "$pass"))
{
//echo 'yes: '.$id.':'.$pass.'<br>';
return true;
}
else
{
//echo 'no: '.$id.':'.$pass.'<br>';
return false;
}
}
}
if(@login($userid, $password, $data))
{
@$_SESSION['valid_user'] = $userid;
$olduser = $_SESSION['valid_user'];
$oldid = session_id();
//setcookie(session_name());
$_COOKIE = array();
$_SESSION = array();
$_REQUEST = array();
session_destroy();
echo '<html><body>';
echo 'you are logged in as '.$olduser.' : '.$oldid.'<br>';
echo '<br><a href="'.$_SERVER['PHP_SELF'].'">logout</a>';
}
else
{
if(isset($userid))
echo 'could not log you in';
else
echo 'you are not logged in';
?>
<html><body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table><tr><td>
userid:
</td><td>
<input type="text" name="userid">
</td></tr><tr><td>
password:
</td><td>
<input type="password" name="password">
</td></tr><tr><td colspan="2" align="center">
<input type="submit" value="login">
</td></tr></table></form>
<?php
}
?>
</body></html>
Previous Comments:
------------------------------------------------------------------------
[2003-03-24 04:57:19] [EMAIL PROTECTED]
Sorry, but your problem does not imply a bug in PHP itself. For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.
Thank you for your interest in PHP.
header("Location: somefile.php"); is invalid anyway..
------------------------------------------------------------------------
[2003-03-24 04:55:35] chair123 at 163 dot net
got the problem...
If I use
echo "<script> window.location.href='chksession.php' </script>";
instead of header(��location: chksession.php"),
that's all right.
It must be a bug in win2000pro
------------------------------------------------------------------------
[2003-03-24 02:27:42] chair123 at 163 dot net
session.php
<?php
$Access = "999999";
$UserID = "Chair";
session_start();
session_register("Access");
session_register("UserID");
header (Location: chksession.php);
?>
chksession.php
<?php
session_start();
session_register("Access");
session_register("UserID");
echo $Access;
echo $UserID;
session_unset;
session_destroy;
?>
when I type http://127.0.0.1/session.php in IE frist, It's nothing in
the screen. NO session file in directory c:\php\sessiondata.
I typed in second time, it 's "99999Chair" in the screen(the same IE).
and sess_7e2ebd21da6d67c7e9f3860ae7c60a6 file in there. and whatever
you chang your php file , the session file never been removed! and I
put the php file in redhat 8.0, all is right. please give me a hand.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=22840&edit=1
