Re: [PHP-DB] php5-sessions next

[mel list_php]

Dear Martin,
Thank you very much for that, I made the suggested changes.
The problem was again coming from the session.save_path directive which was 
not well configured.

With your settings I know have a wonderful display of undefined index, 
coming from all that non instantiated variables...at least I know what I 
have to do now!!
One thing:
I use @session_start() because in the other case I have a warning a session 
has already been started. On the other had  have to call it at the beginning 
of each script.
Is there a way to test that?

With php5 I also saw than a script having a white line and only later on the 
?php is not interpreted but displayed as text.
Any reason for that?

Once again thank you for your help, and sorry I should have displayed the 
errors at the beginning.


From: Martin Norland [EMAIL PROTECTED]
Reply-To: php-db@lists.php.net
To: php-db@lists.php.net
Subject: Re: [PHP-DB] php5-sessions next
Date: Wed, 02 Mar 2005 10:50:38 -0600
mel list_php wrote:
Hi again,
I erased and recreated my php.ini file from the php ini recommended.
In my application I use a suthentication of the user against a database 
table, once the user is allowed I  set a session variable at true.

I test this variable at the beginning of each script.
With php4 no problem, in each script I have:
@session_start();
if (!$_SESSION['allowed']) exit();
With php5, I'm unable to navigate through different protected pages, each 
time I have to re-login.

I don't know if it is something in my php.ini that is wrong, or if the 
session support has been modified between php4 and 5?
I tried to find information on the web but without success.

Comparing the section dedicated to session in phpinfo on my 4.3 and on 
4.5, the only difference is on 4.3 session.save_path=/tmp whereas for php5 
even if specified in the php.ini it still has no value.

I'm a bit stuck here, anybody has an idea?
Whenever you run into errors - the first thing to do is start getting error 
messages back.  There are two ways to do this: 1) modify your php.ini to 
make sure it's reporting errors usefully, and check your logs  - 2) modify 
your code that is EXPRESSLY SUPPRESSING ERRORS to not do so.

1) in php.ini (E_STRICT might be php5 only, I don't recall exactly - 
shouldn't hurt if it's undefined and you  ~ it)

error_reporting  =  E_ALL  ~E_NOTICE  ~E_STRICT
2) in code
@session_start();
becomes
session_start();
... in addition, there is an option that many developers do not change in 
php.ini between development and live sites - and they should:

; Print out errors (as a part of the output).  For production web sites,
; you're strongly encouraged to turn this feature off, and use error 
logging
; instead (see below).  Keeping display_errors enabled on a production web 
site
; may reveal security information to end users, such as file paths on your 
Web
; server, your database schema or other information.
display_errors = Off


you'll want to couple this with some of the following:

; Log errors to specified file.
;error_log = filename
; Log errors to syslog (Event Log on NT, not valid in Windows 95).
error_log = syslog

/longwindedrant
Cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International 
Outreach x3257
The opinion(s) contained within this email do not necessarily represent 
those of St. Jude Children's Research Hospital.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] php5-sessions next

[Jochem Maas]

mel list_php wrote:
Dear Martin,
Thank you very much for that, I made the suggested changes.
The problem was again coming from the session.save_path directive which 
was not well configured.

With your settings I know have a wonderful display of undefined index, 
coming from all that non instantiated variables...at least I know what I 
have to do now!!
you have 3 options with these kinds of errors:
1. change error_reporting to not include NOTICEs
2. change all the relevant code so that all vars are initialized (possibly lots 
of work)
3. use the '@' sign on the vars to repress the errors e.g:
if (@$_GET['rule']) {
// take over world
}
I wouldn't recommend 3 unless its a specific case and you know what you're doing

One thing:
I use @session_start() because in the other case I have a warning a 
session has already been started. On the other had  have to call it at 
the beginning of each script.
Is there a way to test that?
you may be able to get away with testing to see whether session_id() returns
an empty string or not (i.e. if its empty you still have to start the session)
although I would recommend rewriting your session starting code so that you
only call session_start() in one place - if you put all this code in
a seperate file you can then require_once() the file as and when you need it.
With php5 I also saw than a script having a white line and only later on 
the ?php is not interpreted but displayed as text.
Any reason for that?
that doesn't sound like it should be happening - post some code please.
Once again thank you for your help, and sorry I should have displayed 
the errors at the beginning.
now you know :-) - the next time someone hits the list with a similar case 
you can
'parrot' Martin's tips!

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] php5-sessions next

[Martin Norland]

mel list_php wrote:
Dear Martin,
Thank you very much for that, I made the suggested changes.
The problem was again coming from the session.save_path directive which 
was not well configured.

With your settings I know have a wonderful display of undefined index, 
coming from all that non instantiated variables...at least I know what I 
have to do now!!
[snip]
No problem, glad to help!
The extra errors is strange actually - that's E_STRICT error reporting. 
 E_ALL doesn't include E_STRICT, so it's further odd that the line:

error_reporting  =  E_ALL  ~E_NOTICE  ~E_STRICT
return strict errors - it should read return all errors, except notice, 
and except strict.  In any case, you can change it to

error_reporting  =  E_ALL  ~E_NOTICE
 In PHP 4 and PHP 5 the default value is E_ALL  ~E_NOTICE. This 
setting does not show E_NOTICE level errors. You may want to show them 
during development.

I don't develop with E_STRICT enabled - but then again, that's mainly 
because I could spend probably a month cleaning up uninitialized 
variables / array references and still not be close to finished.  I'd 
love to turn it on for a new project (though I might end up turning it 
right back off!), but it's just not feasible with my existing projects.

cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International 
Outreach x3257
The opinion(s) contained within this email do not necessarily represent 
those of St. Jude Children's Research Hospital.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] php5-sessions next

[Martin Norland]

mel list_php wrote:
Hi again,
I erased and recreated my php.ini file from the php ini recommended.
In my application I use a suthentication of the user against a database 
table, once the user is allowed I  set a session variable at true.

I test this variable at the beginning of each script.
With php4 no problem, in each script I have:
@session_start();
if (!$_SESSION['allowed']) exit();
With php5, I'm unable to navigate through different protected pages, 
each time I have to re-login.

I don't know if it is something in my php.ini that is wrong, or if the 
session support has been modified between php4 and 5?
I tried to find information on the web but without success.

Comparing the section dedicated to session in phpinfo on my 4.3 and on 
4.5, the only difference is on 4.3 session.save_path=/tmp whereas for 
php5 even if specified in the php.ini it still has no value.

I'm a bit stuck here, anybody has an idea?
Whenever you run into errors - the first thing to do is start getting 
error messages back.  There are two ways to do this: 1) modify your 
php.ini to make sure it's reporting errors usefully, and check your logs 
 - 2) modify your code that is EXPRESSLY SUPPRESSING ERRORS to not do so.

1) in php.ini (E_STRICT might be php5 only, I don't recall exactly - 
shouldn't hurt if it's undefined and you  ~ it)

error_reporting  =  E_ALL  ~E_NOTICE  ~E_STRICT
2) in code
@session_start();
becomes
session_start();
... in addition, there is an option that many developers do not change 
in php.ini between development and live sites - and they should:

; Print out errors (as a part of the output).  For production web sites,
; you're strongly encouraged to turn this feature off, and use error logging
; instead (see below).  Keeping display_errors enabled on a production 
web site
; may reveal security information to end users, such as file paths on 
your Web
; server, your database schema or other information.
display_errors = Off


you'll want to couple this with some of the following:

; Log errors to specified file.
;error_log = filename
; Log errors to syslog (Event Log on NT, not valid in Windows 95).
error_log = syslog

/longwindedrant
Cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International 
Outreach x3257
The opinion(s) contained within this email do not necessarily represent 
those of St. Jude Children's Research Hospital.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php