RE: [PHP] session_register vs. $_SESSION superglobal
> -Original Message-
> From: Kim L. Laage [mailto:[EMAIL PROTECTED]
> Sent: 24 March 2004 10:52
>
> Once again, thanks for the replies...
>
> But I'm afraid I'm not getting this right... I've tested with
> the various
> versions of $_SESSION syntax which I've been recommended by
> the people on
> this group. i.e.:
> $_SESSION['s_user'] = $_POST['s_user'];
> $_SESSION['s_pass'] = $_POST['s_pass'];
Those assignments look good.
> or
>
> $_SESSION['s_user'] = "s_user";
> $_SESSION['s_pass'] = "s_pass";
So do those (assuming you want the value of the s_user session variable to
be "s_user" and the s_pass session variable to be "s_pass"!).
> None of this seems to really make a difference I was
> wondering if this
> was due to the nature of the array being used...
> If I understand you right
> session_register("s_user");
> session_register("s_pass");
Don't do that. If you're using the $_SESSION[] array, you shouldn't use
session_register() (or any of its friends such as session_unregister(),
session_is_registered(), etc.). Just assign values to the $_SESSION[]
array, and test its elements directly with, e.g., isset().
> adds the values "s_user" and "s_pass" to an array, I suppose
> by index so the
> key/value pairs would look like this "0/s_user" and
> "1/s_pass" - correct?
No. If anything, these would give you $_SESSION['s_user']==NULL and
$_SESSION['s_pass']==NULL -- but, like I said, just don't bother.
Effectively, $_SESSION[] *is* your session -- assigning a value to an
element of $_SESSION implicitly registers that elements key as a session
variable.
[...]
> As I said I'm not getting any real headway here, so I've
> posted the relevant
> pages below in the hope that someone had the time and
> inclination to take a
> look at them.
> I've added a few comments of my own and removed the MySQL
> credentials 8-)
>
>
> --- START session.php START ---
> session_start();
>
> include("_include/loginFunc.php");
>
> /* ==
> * When we got this code, it looked like this:
> *
> * session_register("s_user");
> * session_register("s_pass");
> *
> * ===
> */
> $_SESSION['s_user'] = "s_user";
> $_SESSION['s_pass'] = "s_pass";
Using $_SESSION{}, you don't need an equivalent of session_register(), so
just forget these lines.
[...]
> # generic stuff
> /* =
> * Password and Username directly in the code?!?!?
> *
> * I commented on this earlier in the thread, but I would like to
> * your comments on this... personally I think it's a terrible way
> * of handling security!
> *
> * =
> */
I agree with that. I'd definitely set these up in an include file which is
*outside* the Web server hierarchy (or alternatively in my database, or a
config file which I fread).
> $LOGIN_INFO = "LOGIN";
> $HEADER = "ADMIN";
> $USER = "admin";
> $PASS = "admin";
> $WIDTH = 600;
> $logout_text = "You have now logged out from the Admin
> Application";
> $login_page = "adminHome.php";
>
> #-#
> # login functions #
> #-#
>
> function checklogin($s_user, $s_pass)
> {
> global $USER,$PASS;
> if($s_user == $USER && $s_pass == $PASS)
> return "OK";
> else
> return "0";
> }
Ugh! Any function which returns a straight yes/no value should return
Boolean TRUE or FALSE, since that's what those are designed for. The above
could then be written much more simply as:
return ($s_user == $USER && $s_pass == $PASS);
[...]
> function dologout()
> {
> global $logout_text,$login_page;
> session_destroy();
I'd add a session_write_close() here, I think.
> echo $logout_text;
> echo "Log in";
> }
>
> function dologin($user,$pass)
> {
> global $s_user, $s_pass;
> if($user && $pass)
> {
> $s_user = $user;
> $s_pass = $pass;
> }
I can't see anywhere in what you've posted that you assign *real* values to
$_SESSION['s_user'] and $_SESSION['s_pass'], so I assume that's what's
supposed to be happening here -- so these two lines should be:
$_SESSION['s_user'] = $user;
$_SESSION['s_pass'] = $pass;
Incidentally, you also don't seem to unpack $user and $pass from the
$_POST[] array, so either you're running with register_globals=On (bad) or
these variables will be undefined (also bad!). In any case, I'd probably
prefer to access the $_POST[] array directly, and write something like:
if (@$_POST['user'] && @$_POST['pass']):
$_SESSION['s_user'] = $_POST['user'];
$_SESSION['s_pass'] = $_POST['pass'];
else:
...
endif;
Which makes it pellucidly clear what's going on (and also eliminates the
need for the ugly "global" statement).
I also notice you appear to have variables called $USER and $user, as well
as $PASS and $pass. This is *terrible* programming style -- differentiating
purely by case is a disaster waiting to happen, and sh
Re: [PHP] session_register vs. $_SESSION superglobal
Once again, thanks for the replies...
But I'm afraid I'm not getting this right... I've tested with the various
versions of $_SESSION syntax which I've been recommended by the people on
this group. i.e.:
$_SESSION['s_user'] = $_POST['s_user'];
$_SESSION['s_pass'] = $_POST['s_pass'];
or
$_SESSION['s_user'] = "s_user";
$_SESSION['s_pass'] = "s_pass";
None of this seems to really make a difference I was wondering if this
was due to the nature of the array being used...
If I understand you right
session_register("s_user");
session_register("s_pass");
adds the values "s_user" and "s_pass" to an array, I suppose by index so the
key/value pairs would look like this "0/s_user" and "1/s_pass" - correct?
Now when I use the $_SESSION syntax as mentioned above I would think the
array changed nature so the key value pairs would look like this instead
"s_user/s_user" and "s_pass/s_pass", is that right?
How would this affect the use of the session variables in the
application/site?
As I said I'm not getting any real headway here, so I've posted the relevant
pages below in the hope that someone had the time and inclination to take a
look at them.
I've added a few comments of my own and removed the MySQL credentials 8-)
--- START session.php START ---
--- END session.php END ---
--- START loginfunc.php START ---
PAGE TITLE
function doSubmit(sub)
{
document.form.sub.value = sub;
document.form.submit();
}
LOGIN";
$HEADER = "ADMIN";
$USER = "admin";
$PASS = "admin";
$WIDTH = 600;
$logout_text = "You have now logged out from the Admin
Application";
$login_page = "adminHome.php";
#-#
# login functions #
#-#
function checklogin($s_user, $s_pass)
{
global $USER,$PASS;
if($s_user == $USER && $s_pass == $PASS)
return "OK";
else
return "0";
}
function drawlogin()
{
global $LOGIN_INFO,$HEADER,$PHP_SELF;
?>
>
username:
password:
[
login ] [
clear ]
__
Log in";
}
function dologin($user,$pass)
{
global $s_user, $s_pass;
if($user && $pass)
{
$s_user = $user;
$s_pass = $pass;
}
if($s_user && $s_pass)
{
if(!checklogin($s_user,$s_pass))
{
if($user && $pass)
echo "wrong username/password";
else
drawlogin();
die();
}
}
else
{
drawlogin();
die();
}
}
#-#
# end login functions #
#-#
#-#
# basic functions #
#-#
function drawhtmlhead()
{ global $style_page,$title;
?>
cellpadding=0 cellspacing=0 border=0>
border=0 cellpadding=1
cellspacing=0>
enctype="multipart/form-data">
--- END loginfunc.php END ---
--- START adminHome.php START ---
Choose page to edit
Home
Company
Products
Price
Links
Log Out
--- END adminHome.php END ---
--- START global.php START ---
--- END global.php END ---
The more I look at all of this, the more convinced I get that the dev's just
downloaded this code from somewhere - or rather a couple of somewheres, the
comments on the different pages are in entirely different styles and the PHP
sections in loginfunc.php were of the "" version instead of the more
accepted "" version.
/KLL
"Justin Patrin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Kim L. Laage wrote:
>
> > (This msg. may arrive twice, with two different senders, I've had a
little
> > trouble with the news server)
> >
> > Hi, thanks for your reply.
> >
> >
> >>first $_SESSION works like this:
> >>
> >>session_start();
> >>$_session[user]=$_POST[user];//if using register_globals=off
> >>$_SESSION[user]=$user;//if register_globals=on..unsafe though
> >>
> >>$_SESSION superglobal is an array (usually associative) meaning that the
> >>element of the array (the part in the []) is either a variable name or
> >
> > some
> >
> >>custom name instead of the element number
> >>
> >>$_POST[user] and $user are 2 different variables if
> >
> > register_globals=off...
> >
> > Just a couple of questions.
> > 1. I tried adding the lines as you wrote them, but then I got a "Notice:
Use
> > of undefined constant user - assumed 'user' in [FILENAME]", I assume I
need
> > to add quotation marks around "user" on both sides of the equal sign,
that
> > at least removes that notice.
> > 2. I also get a "Notice: Undefined index: user in [FILENAME]", do I need
to
> > declare the $_SESSION variable before populating it?
> >
>
> This is due to using this syntax:
> $_SESSION[user]
>
> You want to do this instead:
> $_SESSION['user'] = $_POST['user'];
>
> Whenever you index into an associative array, you should use strings for
> the key/index (i.e. use quotation marks). That is, unless you're using
> define(), b
Re: [PHP] RE:[PHP] session_register vs. $_SESSION superglobal
I am using PHP with register_globals ON... since I don't have access to
the host environment.
The way I use sessions is:
session_start();
do some database connection and checking here.
if (condition is met) {
$_SESSION['valid_user'] = $_POST['login'];
}
Is this approach safe ?? Pl let me know. Also I use if
(isset($_SESSION['valid_user'] ) ) to check if the user is logged in on
secure pages.
Please comment.
Thanks in advance
Pushpinder Singh
___
Web Dev
On Tuesday, March 23, 2004, at 10:38 AM, Andy B wrote:
first $_SESSION works like this:
session_start();
$_session[user]=$_POST[user];//if using register_globals=off
$_SESSION[user]=$user;//if register_globals=on..unsafe though
Re: [PHP] session_register vs. $_SESSION superglobal
Kim L. Laage wrote: (This msg. may arrive twice, with two different senders, I've had a little trouble with the news server) Hi, thanks for your reply. first $_SESSION works like this: session_start(); $_session[user]=$_POST[user];//if using register_globals=off $_SESSION[user]=$user;//if register_globals=on..unsafe though $_SESSION superglobal is an array (usually associative) meaning that the element of the array (the part in the []) is either a variable name or some custom name instead of the element number $_POST[user] and $user are 2 different variables if register_globals=off... Just a couple of questions. 1. I tried adding the lines as you wrote them, but then I got a "Notice: Use of undefined constant user - assumed 'user' in [FILENAME]", I assume I need to add quotation marks around "user" on both sides of the equal sign, that at least removes that notice. 2. I also get a "Notice: Undefined index: user in [FILENAME]", do I need to declare the $_SESSION variable before populating it? This is due to using this syntax: $_SESSION[user] You want to do this instead: $_SESSION['user'] = $_POST['user']; Whenever you index into an associative array, you should use strings for the key/index (i.e. use quotation marks). That is, unless you're using define(), but that's out of scope for this thread. ;-) -- paperCrane -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: RE:[PHP] session_register vs. $_SESSION superglobal
(This msg. may arrive twice, with two different senders, I've had a little trouble with the news server) Hi, thanks for your reply. > first $_SESSION works like this: > > session_start(); > $_session[user]=$_POST[user];//if using register_globals=off > $_SESSION[user]=$user;//if register_globals=on..unsafe though > > $_SESSION superglobal is an array (usually associative) meaning that the > element of the array (the part in the []) is either a variable name or some > custom name instead of the element number > > $_POST[user] and $user are 2 different variables if register_globals=off... Just a couple of questions. 1. I tried adding the lines as you wrote them, but then I got a "Notice: Use of undefined constant user - assumed 'user' in [FILENAME]", I assume I need to add quotation marks around "user" on both sides of the equal sign, that at least removes that notice. 2. I also get a "Notice: Undefined index: user in [FILENAME]", do I need to declare the $_SESSION variable before populating it? > to answer the second question about user/password names in scripts...if at > all possible avoid it at any cost to yourself...even in an include file... > use some other way to store/retrieve the user/password (mysql or something > like that). and for me if its a password i usually encrypt it before storing > it.. This was what I thought too The code we got from this person seems all messed up, I'm starting to wonder if it wouldn't be easier for me to build things from scratch rather than try to fix this *sigh*. > > hope that helps.. I'm pretty sure that it will, once I get my head around this 8-) /KLL -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: RE:[PHP] session_register vs. $_SESSION superglobal
> $_session[user]=$_POST[user];//if using register_globals=off Actually, $_SESSION with a capital letters does work... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE:[PHP] session_register vs. $_SESSION superglobal
[snip] session_start(); $_SESSION = "user"; $_SESSION = "pass"; This doesn't work of course, but as I said I'm unsure of how the $_SESSION superglobal is used, and the info I've found about it didn't shed much light... I hope I'm just tired today 8-) Another semi-related question is, is it common to include the username and password for a site directly in the PHP code on a site... even if it is in an include file? [/snip] first $_SESSION works like this: session_start(); $_session[user]=$_POST[user];//if using register_globals=off $_SESSION[user]=$user;//if register_globals=on..unsafe though $_SESSION superglobal is an array (usually associative) meaning that the element of the array (the part in the []) is either a variable name or some custom name instead of the element number $_POST[user] and $user are 2 different variables if register_globals=off... to answer the second question about user/password names in scripts...if at all possible avoid it at any cost to yourself...even in an include file... use some other way to store/retrieve the user/password (mysql or something like that). and for me if its a password i usually encrypt it before storing it.. hope that helps.. grin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session_register() twice?
I've got the index.php page that checks if there's a session created. If it is not, it creates a new one. I print the session_id; Then I go through a link to a login.php page there I print the session_id and its a different one. What could be the problem? Sascha Schumann wrote: > On Fri, 26 Apr 2002, Javier wrote: > > >>What happens if I call session_start() twice? >>Does it creates another session? > > > It does nothing. > > if (PS(session_status) != php_session_none) > return; > > - Sascha Experience IRCG > http://schumann.cx/http://schumann.cx/ircg > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session_register() twice?
On Fri, 26 Apr 2002, Javier wrote: > What happens if I call session_start() twice? > Does it creates another session? It does nothing. if (PS(session_status) != php_session_none) return; - Sascha Experience IRCG http://schumann.cx/http://schumann.cx/ircg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session_register() - Netscape workaround?
-Original Message-
> From: Jennifer [mailto:[EMAIL PROTECTED]]
> Subject: Re: [PHP] session_register() - Netscape workaround?
> I thought of a workaraound for Netscape and would like some
> feedback on how to do it and whether it is a good idea.
>
> I manually edited the session file and Netscape was able to read
> the variable on subsequent pages. It just can't seem to write
> it.
>
> 1) Is there some reason that this would be a bad idea?
If it works, go for it!
But it is hard to make sense of this, because it is not the browser that is
doing the reading and writing of the session file, that is PHP's job. The
browser simply requests a page, either accepts the session cookie or
doesn't, and accepts what the web server serves it. It does no
reading/writing of the session file.
Which is why this apparent session problem with Netscape 4.x is so confusing
to me. Go back and look at the original test code you posted, "if
(session_register("testing"))", etc. All the interaction with the session
file, as well as the 'if' blocks, are being done on the server. The browser
only displays what is echo'd to it. That's it. PHP is parsing the script and
handles the session_start(). PHP knows when it is done parsing the script,
so it knows when and how to store the session variables to the session file.
The browser has no role in that. PHP reads the session file and restores the
session variables on the next page. The browser has no role in that. So, it
is hard to see how the browser version is the problem here, yet it seems to
be, since several people have reported seeing this problem.
I dunno.
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register()
So sprach Matthew Luchak am Fri, May 04, 2001 at 11:57:50AM -0400: > I would be very interested in hearing of any developments with session > anomilies.. Although you've posted the question twice in the message, I still think you've forgot one minor point - your question! :) Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.digitalprojects.com | http://www.iso-top.de iso-top.de - Die günstige Art an Linux Distributionen zu kommen Uptime: 1 day 7 hours 28 minutes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register() - Netscape workaround?
Jennifer wrote: > I thought of a workaraound for Netscape and would like some > feedback on how to do it and whether it is a good idea. > > I manually edited the session file and Netscape was able to read > the variable on subsequent pages. It just can't seem to write > it. > > So I thought, until Netscape 4.x is more of a gonner, I could > have my own custom_session_register() function that can open the > file and write the info manually. > > 2 questions. > 1) Is there some reason that this would be a bad idea? I would still really like to know this answer. > 2) What is the format of the file? My file contents are > testing|s:24:"Let's see if this works."; I think I figured this out. variable_name|variable_type*:length*:value*; *variable_type is the first letter of the type *length can be diferent things depending on the variable type. I've only tried a few, but here is what I have gathered thus far. If type is string, then length is the length of the value, pretty simple. If type is integer then there is no length and it is skipped altogether rather than being left blank. If type is array, then length is the number of elements. *value can also vary depending on type. If type is string, then it is simply the value quoted, if the type is integer then it is simply the value. If type is array, then each element of the array is described by type and length etc. After trying a few, it's not too difficult to see the pattern. Jennifer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register() - Netscape workaround?
"Johnson, Kirk" wrote: > > > -Original Message- > > From: Jennifer [mailto:[EMAIL PROTECTED]] > > Subject: Re: [PHP] session_register() > > > > 1. What browser are you using? I, and others, have seen > > erratic results with > > > sessions using Netscape 4.x. If this is your browser, try > > your code with > > > another browser, if possible. > > > > This appears to be the problem. Now what? So I have to forget > > about sessions or forget about the multitude of NS 4.x users that > > still exist? > > At least 3 of us have reported this problem here on this list. No one seems > to have an answer. On the up side, it seems to be erratic, Netscape 4.x > sometimes works. Realistically, this affects less than 10% of your visitors. > So I don't know what else to say, except good luck! > I thought of a workaraound for Netscape and would like some feedback on how to do it and whether it is a good idea. I manually edited the session file and Netscape was able to read the variable on subsequent pages. It just can't seem to write it. So I thought, until Netscape 4.x is more of a gonner, I could have my own custom_session_register() function that can open the file and write the info manually. 2 questions. 1) Is there some reason that this would be a bad idea? 2) What is the format of the file? My file contents are testing|s:24:"Let's see if this works."; So that is variable_name|what is the s for? scalar maybe?:value_length?:value in quotes; And I'm assuming that a newline delimits the variables? Sorry, haven't tried a test with more than one variable yet. Jennifer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] session_register()
I would be very interested in hearing of any developments with session anomilies.. Netscape® Communicator 4.76 M$2000 PHP Version 4.0.4pl1 System Windows NT 5.0 build 2195 Server API CGI ZEND_DEBUG disabled Thread Safety enabled "works" using: Hello visitor, you have seen this page times. is necessary to preserve the session id # in the case that the user has disabled cookies ?> Matthew Luchak Webmaster Kaydara Inc. [EMAIL PROTECTED] I would be very interested in hearing of any developments with session anomilies.. Netscape® Communicator 4.76 M$2000 "works" using: Hello visitor, you have seen this page times. is necessary to preserve the session id # in the case that the user has disabled cookies ?> Matthew Luchak Webmaster Kaydara Inc. [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] session_register()
> -Original Message- > From: Jennifer [mailto:[EMAIL PROTECTED]] > Subject: Re: [PHP] session_register() > > 1. What browser are you using? I, and others, have seen > erratic results with > > sessions using Netscape 4.x. If this is your browser, try > your code with > > another browser, if possible. > > This appears to be the problem. Now what? So I have to forget > about sessions or forget about the multitude of NS 4.x users that > still exist? At least 3 of us have reported this problem here on this list. No one seems to have an answer. On the up side, it seems to be erratic, Netscape 4.x sometimes works. Realistically, this affects less than 10% of your visitors. So I don't know what else to say, except good luck! Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register()
This is bad, bad, bad. I tried using another browser as you suggested (since I was using Netscape 4.7) and the session_register worked. I still got different results than you though. Read throughout for more comments. "Johnson, Kirk" wrote: > > Jennifer, there are at least two of us totally confused. I did a copy and > paste of your code and got the expected results: > > session id is afb1f9e27afc752f7d9e96e096ca2209 > session_register worked. > testing is a registered variable Using IE 5, I got the same results here as with NS4.7 session id is e49f9b5ddb39388ab48c45dd4f14b00c session_register did not work testing is a registered variable Go to next page. *But* It did work. So why did session_register return false? > with the contents of /tmp/sess_afb1f9e27afc752f7d9e96e096ca2209 being: > > testing|s:24:"Let's see if this works."; This is the contents of my session file too *when* I use IE for my browser. > 1. What browser are you using? I, and others, have seen erratic results with > sessions using Netscape 4.x. If this is your browser, try your code with > another browser, if possible. This appears to be the problem. Now what? So I have to forget about sessions or forget about the multitude of NS 4.x users that still exist? > 2. This is a longshot, but who is PHP running as? By default, it is nobody. > In any case, check that whomever PHP is running as has write permission to > /tmp. I had thought of that one. I increased the permissions to be world writable and it had no effect. Thank you for helping me find the problem, now I just wish there was an easy solution. Arggg. Jennifer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register()
I am experiencing this EXACT SAME PROBLEM after upgrading PHP from 4.0.4pl2
to 4.0.5. It is ROYALLY TICKING ME OFF!!! I can't complete my site until
this stupid functionality is FIXED WTF!
""Johnson, Kirk"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Jennifer, there are at least two of us totally confused. I did a copy and
> paste of your code and got the expected results:
>
> session id is afb1f9e27afc752f7d9e96e096ca2209
> session_register worked.
> testing is a registered variable
>
> with the contents of /tmp/sess_afb1f9e27afc752f7d9e96e096ca2209 being:
>
> testing|s:24:"Let's see if this works.";
>
> I then tried your code with register_globals = off. Interestingly, I got
> "session_register worked" even though $testing was not registered (it
can't
> be registered with register_globals off).
>
> I see nothing wrong with your code, so... some thoughts:
>
> 1. What browser are you using? I, and others, have seen erratic results
with
> sessions using Netscape 4.x. If this is your browser, try your code with
> another browser, if possible.
>
> 2. This is a longshot, but who is PHP running as? By default, it is
nobody.
> In any case, check that whomever PHP is running as has write permission to
> /tmp.
>
> 3. I cannot think of any other configuration settings in php.ini that
might
> be the trouble, since turning register_globals off does not reproduce your
> results.
>
> I am stumped.
>
> Kirk
>
> > -Original Message-
> > From: Jennifer [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 02, 2001 11:55 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [PHP] session_register()
> >
> >
> > "Johnson, Kirk" wrote:
> > >
> > > > -Original Message-
> > > > From: Jennifer [mailto:[EMAIL PROTECTED]]
> > > > Do you need to register a variable with the session before you
> > > > assign it a value?
> > >
> > > Not in my experience.
> > >
> > > > session_register should return true if the variable was
> > > > successfully registered?
> > >
> > > It returns "1".
> > >
> > > > The variable name and it's value should be written to the file
> > > > with the same name as session_id()?
> > >
> > > Yes, here's a sample from a session file: superUser|s:3:"Yes";
> > > Here's a sample session filename:
> > sess_01bc2e24aa5291300887948f0af74899
> >
> >
> > This is all what I thought, but I am still having problems and I
> > don't have a clue what I am missing. Here's an example that I
> > have been paying with for testing.
> >
> > page1.php contains
> > > session_start();
> > echo "session id is ".session_id()."\n";
> > if (session_register("testing")) {
> > echo "session_register worked.\n";
> > }
> > else {
> > echo "session_register did not work\n";
> > }
> > if (session_is_registered("testing")) {
> > echo "testing is a registered variable\n";
> > }
> > else {
> > echo "testing is not a registered variable\n";
> > }
> > $testing = "Let's see if this works.";
> > ?>
> > Go to next page.
> >
> >
> > The output of the above page, gives me
> > session id is e35c2893382e28a14fa0455302edb06e
> > session_register did not work
> > testing is a registered variable
> > Go to next page.
> >
> >
> > and page2.php contains
> > > session_start();
> > echo "session id is ".session_id()."\n";
> > echo "Testing: $testing\n";
> > ?>
> >
> >
> > The output of page2 gives me
> > session id is e35c2893382e28a14fa0455302edb06e
> > Testing:
> >
> > I am totally confused. First off, why isn't it registering the
> > variable? There is a file named e35c2893382e28a14fa0455302edb06e
> > in my /tmp directory, but it is empty.
> >
> > Second, if it isn't registering the variable then why is
> > session_is_registered("testing") returning true?
> >
> > Jennifer
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
> > [EMAIL PROTECTED]
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] session_register()
Jennifer, there are at least two of us totally confused. I did a copy and
paste of your code and got the expected results:
session id is afb1f9e27afc752f7d9e96e096ca2209
session_register worked.
testing is a registered variable
with the contents of /tmp/sess_afb1f9e27afc752f7d9e96e096ca2209 being:
testing|s:24:"Let's see if this works.";
I then tried your code with register_globals = off. Interestingly, I got
"session_register worked" even though $testing was not registered (it can't
be registered with register_globals off).
I see nothing wrong with your code, so... some thoughts:
1. What browser are you using? I, and others, have seen erratic results with
sessions using Netscape 4.x. If this is your browser, try your code with
another browser, if possible.
2. This is a longshot, but who is PHP running as? By default, it is nobody.
In any case, check that whomever PHP is running as has write permission to
/tmp.
3. I cannot think of any other configuration settings in php.ini that might
be the trouble, since turning register_globals off does not reproduce your
results.
I am stumped.
Kirk
> -Original Message-
> From: Jennifer [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 02, 2001 11:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] session_register()
>
>
> "Johnson, Kirk" wrote:
> >
> > > -Original Message-
> > > From: Jennifer [mailto:[EMAIL PROTECTED]]
> > > Do you need to register a variable with the session before you
> > > assign it a value?
> >
> > Not in my experience.
> >
> > > session_register should return true if the variable was
> > > successfully registered?
> >
> > It returns "1".
> >
> > > The variable name and it's value should be written to the file
> > > with the same name as session_id()?
> >
> > Yes, here's a sample from a session file: superUser|s:3:"Yes";
> > Here's a sample session filename:
> sess_01bc2e24aa5291300887948f0af74899
>
>
> This is all what I thought, but I am still having problems and I
> don't have a clue what I am missing. Here's an example that I
> have been paying with for testing.
>
> page1.php contains
> session_start();
> echo "session id is ".session_id()."\n";
> if (session_register("testing")) {
> echo "session_register worked.\n";
> }
> else {
> echo "session_register did not work\n";
> }
> if (session_is_registered("testing")) {
> echo "testing is a registered variable\n";
> }
> else {
> echo "testing is not a registered variable\n";
> }
> $testing = "Let's see if this works.";
> ?>
> Go to next page.
>
>
> The output of the above page, gives me
> session id is e35c2893382e28a14fa0455302edb06e
> session_register did not work
> testing is a registered variable
> Go to next page.
>
>
> and page2.php contains
> session_start();
> echo "session id is ".session_id()."\n";
> echo "Testing: $testing\n";
> ?>
>
>
> The output of page2 gives me
> session id is e35c2893382e28a14fa0455302edb06e
> Testing:
>
> I am totally confused. First off, why isn't it registering the
> variable? There is a file named e35c2893382e28a14fa0455302edb06e
> in my /tmp directory, but it is empty.
>
> Second, if it isn't registering the variable then why is
> session_is_registered("testing") returning true?
>
> Jennifer
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register()
Warren Vail wrote:
>
> When the session_register is executed the session contents are partially
> updated.
> Your first test actually executed the session_register that posted the
> variable with 0 string length, because the variable had not yet been
> initialized (the bad return is the only indication of this).
Ok. I changed the script below to set the variable before
registering it and it makes no difference to the output.
> You can identify what actually happened by viewing the session file contents
> after your two pages are displayed.
I mentioned that already. The file is empty.
Jennifer
> "Johnson, Kirk" wrote:
> >
> > > -Original Message-
> > > From: Jennifer [mailto:[EMAIL PROTECTED]]
> > > Do you need to register a variable with the session before you
> > > assign it a value?
> >
> > Not in my experience.
> >
> > > session_register should return true if the variable was
> > > successfully registered?
> >
> > It returns "1".
> >
> > > The variable name and it's value should be written to the file
> > > with the same name as session_id()?
> >
> > Yes, here's a sample from a session file: superUser|s:3:"Yes";
> > Here's a sample session filename: sess_01bc2e24aa5291300887948f0af74899
>
> This is all what I thought, but I am still having problems and I
> don't have a clue what I am missing. Here's an example that I
> have been paying with for testing.
>
> page1.php contains
> session_start();
> echo "session id is ".session_id()."\n";
> if (session_register("testing")) {
> echo "session_register worked.\n";
> }
> else {
> echo "session_register did not work\n";
> }
> if (session_is_registered("testing")) {
> echo "testing is a registered variable\n";
> }
> else {
> echo "testing is not a registered variable\n";
> }
> $testing = "Let's see if this works.";
> ?>
> Go to next page.
>
> The output of the above page, gives me
> session id is e35c2893382e28a14fa0455302edb06e
> session_register did not work
> testing is a registered variable
> Go to next page.
>
> and page2.php contains
> session_start();
> echo "session id is ".session_id()."\n";
> echo "Testing: $testing\n";
> ?>
>
> The output of page2 gives me
> session id is e35c2893382e28a14fa0455302edb06e
> Testing:
>
> I am totally confused. First off, why isn't it registering the
> variable? There is a file named e35c2893382e28a14fa0455302edb06e
> in my /tmp directory, but it is empty.
>
> Second, if it isn't registering the variable then why is
> session_is_registered("testing") returning true?
>
> Jennifer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] session_register()
Jennifer,
I could be wrong but this is what I think you have;
When the session_register is executed the session contents are partially
updated.
Your first test actually executed the session_register that posted the
variable with 0 string length, because the variable had not yet been
initialized (the bad return is the only indication of this).
Your test that the variable is registered would seem to suggest this.
You then changed the variable value and failed to register this new value.
The second page found the only value you registered (the uninitialized
variable with zero length) and displayed that.
You can identify what actually happened by viewing the session file contents
after your two pages are displayed.
hope this helps,
Warren Vail
-Original Message-
From: Jennifer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 02, 2001 10:55 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] session_register()
"Johnson, Kirk" wrote:
>
> > -Original Message-
> > From: Jennifer [mailto:[EMAIL PROTECTED]]
> > Do you need to register a variable with the session before you
> > assign it a value?
>
> Not in my experience.
>
> > session_register should return true if the variable was
> > successfully registered?
>
> It returns "1".
>
> > The variable name and it's value should be written to the file
> > with the same name as session_id()?
>
> Yes, here's a sample from a session file: superUser|s:3:"Yes";
> Here's a sample session filename: sess_01bc2e24aa5291300887948f0af74899
This is all what I thought, but I am still having problems and I
don't have a clue what I am missing. Here's an example that I
have been paying with for testing.
page1.php contains
\n";
if (session_register("testing")) {
echo "session_register worked.\n";
}
else {
echo "session_register did not work\n";
}
if (session_is_registered("testing")) {
echo "testing is a registered variable\n";
}
else {
echo "testing is not a registered variable\n";
}
$testing = "Let's see if this works.";
?>
Go to next page.
The output of the above page, gives me
session id is e35c2893382e28a14fa0455302edb06e
session_register did not work
testing is a registered variable
Go to next page.
and page2.php contains
\n";
echo "Testing: $testing\n";
?>
The output of page2 gives me
session id is e35c2893382e28a14fa0455302edb06e
Testing:
I am totally confused. First off, why isn't it registering the
variable? There is a file named e35c2893382e28a14fa0455302edb06e
in my /tmp directory, but it is empty.
Second, if it isn't registering the variable then why is
session_is_registered("testing") returning true?
Jennifer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register()
"Johnson, Kirk" wrote:
>
> > -Original Message-
> > From: Jennifer [mailto:[EMAIL PROTECTED]]
> > Do you need to register a variable with the session before you
> > assign it a value?
>
> Not in my experience.
>
> > session_register should return true if the variable was
> > successfully registered?
>
> It returns "1".
>
> > The variable name and it's value should be written to the file
> > with the same name as session_id()?
>
> Yes, here's a sample from a session file: superUser|s:3:"Yes";
> Here's a sample session filename: sess_01bc2e24aa5291300887948f0af74899
This is all what I thought, but I am still having problems and I
don't have a clue what I am missing. Here's an example that I
have been paying with for testing.
page1.php contains
\n";
if (session_register("testing")) {
echo "session_register worked.\n";
}
else {
echo "session_register did not work\n";
}
if (session_is_registered("testing")) {
echo "testing is a registered variable\n";
}
else {
echo "testing is not a registered variable\n";
}
$testing = "Let's see if this works.";
?>
Go to next page.
The output of the above page, gives me
session id is e35c2893382e28a14fa0455302edb06e
session_register did not work
testing is a registered variable
Go to next page.
and page2.php contains
\n";
echo "Testing: $testing\n";
?>
The output of page2 gives me
session id is e35c2893382e28a14fa0455302edb06e
Testing:
I am totally confused. First off, why isn't it registering the
variable? There is a file named e35c2893382e28a14fa0455302edb06e
in my /tmp directory, but it is empty.
Second, if it isn't registering the variable then why is
session_is_registered("testing") returning true?
Jennifer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] session_register()
> -Original Message- > From: Jennifer [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 02, 2001 2:51 AM > To: [EMAIL PROTECTED] > Subject: [PHP] session_register() > > Do you need to register a variable with the session before you > assign it a value? Not in my experience. > session_register should return true if the variable was > successfully registered? It returns "1". > The variable name and it's value should be written to the file > with the same name as session_id()? Yes, here's a sample from a session file: superUser|s:3:"Yes"; Here's a sample session filename: sess_01bc2e24aa5291300887948f0af74899 Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register()
Maybe this example will help you: Program 1: Program 2: Richard "Jennifer" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have been racking my brain with this for hours and I am not > getting anywhere. > > session_register doesn't seem to be registering my variables. > > Several questions to see if I am even on the right track. > > Do you need to register a variable with the session before you > assign it a value? > > session_register should return true if the variable was > successfully registered? > > The variable name and it's value should be written to the file > with the same name as session_id()? > > Jennifer > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register()
On Vie 20 Abr 2001 18:15, Wade wrote:
> I am registering a number of variables. Can I combine them into one
> session_register, such as session_register("one", "two" ... "n")?
Well, the manuals say YES!
Saludos... :-)
--
El mejor sistema operativo es aquel que te da de comer.
Cuida tu dieta.
-
Martin Marques |[EMAIL PROTECTED]
Programador, Administrador | Centro de Telematica
Universidad Nacional
del Litoral
-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] session_register()
I do.
Kirk
> -Original Message-
> From: Wade [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 20, 2001 9:16 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] session_register()
>
>
> I am registering a number of variables. Can I combine them into one
> session_register, such as session_register("one", "two" ... "n")?
>
> Thanks
> Wade
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] session_register in function
you have to have the variable you register (in both ways) global. so no matter how you call the function the variable must be defined global. mailto:[EMAIL PROTECTED]] Sent: Sunday, February 25, 2001 1:16 AM To: PHP List Subject: [PHP] session_register in function The variable I register before the function becomes available in the session to other pages...the variable I register inside the function are not accessible in the session to ohter pages. Is this normal? How can I work around this? Thanks! PHP4.0.4pl1 on Linux. sample code: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register in function
I had this same exact problem just today. It all stems from the variable
namespace, I think
A similar code 'snippet' is shown below. I just made it up, but I think it
illustrates my point.
Good luck with whatever you are doing,
Jeff Lacy
""Jon Rosenberg"" <[EMAIL PROTECTED]> wrote in message
000901c09e7d$16835420$0100a8c0@slinkyboi5">news:000901c09e7d$16835420$0100a8c0@slinkyboi5...
> The variable I register before the function becomes available in the
session
> to other pages...the variable I register inside the function are not
> accessible in the session to ohter pages. Is this normal? How can I work
> around this? Thanks! PHP4.0.4pl1 on Linux.
>
> sample code:
>
> session_Start();
>
> $foo = "bar";
> session_register("foo");
>
> function bob($user){
> $username = $user . "one";
> $username2 = $user . "two";
> session_register("username");
> session_register("username2");
> return true;
> }
> ?>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] session_register()
> session_start();
> session_register('email');
> $session = session_id();
> $userid = '$user';
> $sql = "SELECT *
> FROM users
> WHERE user='$user' and pass='$pass'";
> if ($num == 1) {
> include "quote2.php";
> }
Unless quote2.php sets $email, you've never set it to anything.
You've probably got their email in $result -- you just need to pull it out
and set it.
$email = mysql_result($result, 0, 'email');
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
