From: notepad at codewalkers dot com
Operating system: winxp pro IIS
PHP version: 4.3.1
PHP Bug Type: Session related
Bug description: sessions don't destroy
i couldn't get sessions to destroy in PHP v4.3.1. - it seemed to set the
variable $_SESSION['valid_user'] even when the login form is left blank
(allowing you to login as anyone). so i made login a seperate function,
and now the login function won't return true even if it's a valid
attempt.. craziness
i was thinkin that maybe my approach is wrong, but, then nobody else seems
to be able to tell me why it doesn't work. my apologies if i'm just blind
testdb.txt example:
myuserid|mypass
sessiontest.php example:
<?php
session_start();
if(isset($_POST['userid']) && isset($_POST['password']))
{
// if user has just tried to login
$userid = trim($_POST['userid']);
$password = trim($_POST['password']);
}
// retrieve info from database, register id if they're in the database
$data = file('testdb.txt');
function login($db, $id, $pass)
{
foreach($db as $key=>$value)
{
$divide = explode('|', $value);
if(($divide[0] == "$id") && ($divide[1] == "$pass"))
return true;
else
return false;
}
}
if(@login($data, $userid, $password))
{
$_SESSION['valid_user'] = $userid;
$olduser = $_SESSION['valid_user'];
$oldid = session_id();
$_COOKIE = array();
$_SESSION = array();
$_REQUEST = array();
session_destroy();
echo '<html><body>';
echo 'you are logged in as '.$olduser.' : '.$oldid.'<br>';
echo '<br><a href="'.$_SERVER['PHP_SELF'].'">logout</a>';
}
elseif(isset($userid))
echo 'could not log you in';
else
echo 'you are not logged in';
?>
<html><body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table><tr><td>
userid:
</td><td>
<input type="text" name="userid">
</td></tr><tr><td>
password:
</td><td>
<input type="password" name="password">
</td></tr><tr><td colspan="2" align="center">
<input type="submit" value="login">
</td></tr></table></form>
</body></html>
--
Edit bug report at http://bugs.php.net/?id=22861&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=22861&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=22861&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=22861&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=22861&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=22861&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=22861&r=support
Expected behavior: http://bugs.php.net/fix.php?id=22861&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=22861&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=22861&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=22861&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22861&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=22861&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=22861&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=22861&r=gnused
