|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2002-12-02 18:38 UTC] judd at ob-wan dot com
The login script I am using ( part of a tutorial by Ying Zhang, see http://zope1.devshed.com/zope.devshed.com/Server_Side/PHP/Commerce ) is only working when entered from a page requiring login. If login is voluntary by clicking on a "login" link, then login does not occur. The only difference is the execution of the following code from the MyMarket.php library: function is_logged_in() { /* this function will return true if the user has logged in. a user is logged * in if the $SESSION["user"] is set (by the login.php page) and also if the * remote IP address matches what we saved in the session ($SESSION["ip"]) * from login.php -- this is not a robust or secure check by any means, but it * will do for now */ global $SESSION, $REMOTE_ADDR; return isset($SESSION) && isset($SESSION["user"]) && isset($SESSION["ip"]) && $SESSION["ip"] == $REMOTE_ADDR; } function require_login() { /* this function checks to see if the user is logged in. if not, it will show * the login screen before allowing the user to continue */ global $CFG, $SESSION; if (! is_logged_in()) { $SESSION["wantsurl"] = qualified_me(); redirect("$CFG->wwwroot/login.php"); } } This code was developed in and is known to have worked in PHP4 beta. Note that the tutorial requires register_globals=On also, in case you decide to test it. qualified_me() returns the name of the current script without the querystring portion. As delivered it didn't work, I'm using a stripped $_SERVER['SCRIPT_NAME']. wantsurl is used later by the following code: /* if wantsurl is set, that means we came from a page that required * log in, so let's go back there. otherwise go back to the main page */ $goto = empty($SESSION["wantsurl"]) ? $CFG->wwwroot . "/index.php" : $SESSION["wantsurl"]; header("Location: $goto"); die; The error only occurs if $CFG->wwwroot/index.php is called. Hope this is enough information to nail the sucker. PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Wed Sep 18 22:01:26 2024 UTC |
At top of login page: session_start(); session_register("SESSION"); if (! isset($SESSION)) { echo("Dead session!!<br>"); } From a direct <a href> style link I get "Dead session!!" at the top of the page. From a redirect via require_login() (see below) it works. Sure looks like a bug to me.Iliaa, My reply of 2 Dec 9:17pm contains a small script which demonstrates this fault. Don't know what else you want here. If you run this, you'll see "Dead session!!". Thus either session_register() or isset() is misbehaving compared to versions prior 4.2.3 <? session_start(); session_register("SESSION"); if (! isset($SESSION)) { echo("Dead session!!<br>"); } ?>Hi Sniper, I'll wait until an RC3 eventuates, rather than trying to build this right now. In addition to this morning's message, I have now discovered that part of my frustration was that there were TWO bugs in PHP-4.2.3 in the same piece of login script code! 1. session_register() is apparently quirky, as stated earlier. 2. The one I just discovered is that header() is apparently also broken. I had already mentioned a different behaviour depending on the way the URL is included (see original message in this report) but have just isolated that header() is evidently not doing enough to ensure the browser knows it has been redirected. This will have unreliable results: header("Location: $CFG->wwwroot/index.php"); This will not: redirect("$CFG->wwwroot/index.php"); function redirect($url, $message="", $delay=0) { /* redirects to a new URL using meta tags */ echo "<meta http-equiv='Refresh' content='$delay; url=$url'>"; if (!empty($message)) echo "<div style='font-family: Arial, Sans-serif; font-size: 12pt;' align=center>$message</div>"; die; } Ignoring the fancy formatting if you can, it looks like header() isn't flushing the browser. Hope this helps.