ID: 9689
Updated by: kalowsky
Reported By: [EMAIL PROTECTED]
Old-Status: Feedback
Status: Closed
Bug Type: *Session related
Operating system:
PHP Version: 4.0.4pl1
Assigned To:
Comments:
no user feedback. considered fixed in cvs. if this is untrue please reopen the bug.
Previous Comments:
---------------------------------------------------------------------------
[2001-05-30 12:00:45] [EMAIL PROTECTED]
does this still happen with a simple script (like one that is about 10 lines max) in
the current releases?
---------------------------------------------------------------------------
[2001-03-11 22:22:15] [EMAIL PROTECTED]
Basic script. The script uses sessions for login data. When you login, the password
and login are stored as session variables. When you try anything else (without passing
the login variables as arguments) the session variables are empty (completely) but the
session ID still exists. The sessions work fine in Netscape Navigator. I did all the
suggested things (turning off the cache, turning off AUTOCOMPLETE) to no avail.
Here's the code:
<?
session_start();
error_reporting(E_ALL);
while (list ($key, $val) = each ($HTTP_POST_VARS)) {
echo "$key => $val<br>";
}
# this is empty the second time...
while (list ($key, $val) = each ($HTTP_SESSION_VARS)) {
echo "$key => $val<br>";
}
echo session_id();
include("config.php3");
if (!isset($login_message)) {$login_message="";}
echo $logged_in."X".$action.$password;
session_register("logged_in");
session_register("action");
if (isset($password))
$spassword=$password;
if (isset($email))
$semail=$email;
session_register("semail");
session_register("spassword");
if (!isset($logged_in)) { $logged_in=0;};
if (!isset($action)) {$action=1;};
echo "<HTML>";
$logged_in=checkInfo($spassword,$semail);
if ($logged_in==0)
$action=0;
if ($action==3)
$logged_in=0;
if ($logged_in==1) {
if ($action==1||!isset($action)||$action==0)
include("mainmenu.php3");
else if ($action==2)
include("mod.php3");
}
else
include("login.php3");
#page_close();
function connectDB()
{
global $dbname,$dbpass,$dbhost,$dblogin;
$db=mysql_pconnect($dbhost,$dblogin,$dbpass);
return $db;
}
function checkInfo($password,$email)
{
global $login_message;
global $dbname;
global $password,$email;
$db=connectDB();
mysql_select_db($dbname,$db);
$logged_in=0;
$sql="SELECT * FROM Alumni where Email='$email' and Password='$password'";
$res=mysql_query($sql);
echo $sql;
if (!$res||mysql_num_rows($res)==0) {
print mysql_error();
$login_message="Please check your password and login again.";
}
else
{
while ($myrow=mysql_fetch_array($res)) {
if ($myrow["Approved"]==1)
$logged_in=1;
if ($myrow["Approved"]==0) {
$login_message="Sorry, your account has not
been approved yet.";
$logged_in=2;
}
}
---------------------------------------------------------------------------
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=9689&edit=2
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
