|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2004-07-28 06:42 UTC] roberto_stivanello at libero dot it
Description:
------------
Same problem as previous notified bugs, currently marked "closed".
Errore arise in production (webserver is ISP owned).
No problem during test on "localhost" on my machine: software works properly under ISS/WinXP.
Therefore I guess I cannot try last CVS solution: if you think it is available, tell me, and I'll endorse your advice to my ISP.
Do you think I should have appended this report to any of the previous ones instead of opening a new one? To which one, in your opinion? (If so, pardon me).
Thanks.
Reproduce code:
---------------
<?php # Script 12.13 - logoutadm.php
require_once ('../includes/config.inc'); // Include the configuration file for error management and such.
require_once ('../authentication.php'); // connects to mysql + defines functions + ob_start() + session_start()
include_once ('../includes/admin_header.inc'); // administrator page header
?>
<H2 id=essentials><A href="/" rel=bookmark>Logout</A></H2>
<?php
if (!isset($_SESSION['usera'])) {
ob_end_clean(); // Delete the buffer.
header ("Location: http://" . $_SERVER['HTTP_HOST'] . "xxxxx.php");
exit(); // Quit the script.
} else { // Logout the user.
echo "<h3>Session = " . session_id() . "</h3>"; // for test purpose
$_SESSION = array(); // Destroy the variables.
session_destroy(); // Destroy the session itself.
setcookie (session_name(), '', time()-300, '/', '', 0); // Destroy the cookie.
}
echo "<h3>Logout successful! </h3>"; // Print a customized message.
?>
<?php // Include the HTML footer.
include ('../includes/admin_footer.inc');
?>
Expected result:
----------------
As in test: user logged out, with no error displayed.
Actual result:
--------------
"session object destruction failed" error returned and displayed by error handler routine.
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Dec 27 03:01:28 2024 UTC |
Member details prevoiusly missing: ===========authentication.php <?php # Script 12.13 - authentication.php // This page handles the authentication for the admin pages. // require_once ('mysql_connect_auth.php'); // Connect to the database. Suppressed as from PHP Bugs request function getAdminUser() { return 'adminuserid'; } // end function function getAdminPsw() { return 'adminpassword'; } // end function function checkAdminIdPsw($iadmin,$ipsw) { if ( ($iadmin == (getAdminUser()) ) AND ($ipsw == (getAdminPsw()) ) ) { // If the correct values were entered... return 0; } else { return 1; } } // end function ?> <?php # Script 12.10 - authentication.inc // Session handling added for administrator too as HTTP authentication allowed only with php4 on Apache // Start output byffering and initialize a session ob_start(); session_start(); ?> <?php # Script 12.11 - authentication.inc $authorized = FALSE; // Initialize a variable. // Check for authentication submission. // Begin authentication code - server independent if ( (isset($_SESSION['usera'])) ) { if ( getAdminUser() == $_SESSION['usera'] ) { $authorized = TRUE; } } // If they haven't been authorized, create the pop-up window. if ((!$authorized) AND (!$fromlogin)) { // show Admininistrator login page ob_end_clean(); // Delete the buffer header("Location: http://" . $_SERVER['HTTP_HOST'] . "/administratordirectory/index.php"); exit(); } ?> =========================index.php================= <?php # Script 12.01 - index.php (site administration) // Initial page for Administrator // Include config file for error handling require_once ('../includes/config.inc'); //requires authentication $fromlogin = TRUE; require_once ('../authentication.php'); $reldir ='/'; // posizione relativa rispetto a pagina attuale: '/' o '../' // Includi testata $bodyid = 'bodyadmin'; $idprimarymenu = 'menu'; $titolo_pagina_h2 = 'Home'; // Administrator header include_once ('../includes/admin_header.inc'); // Corpo della pagina ?> <!-- href deliberatamente anonimo --> <H2 id=essentials><A href="/" rel=bookmark>Login Amministratore</A></H2> <?php echo "<h3>Sessione = " . session_id() . "</h3>"; if (isset($_POST['submit'])) { // Check if the form has been submitted. // Create e function for escaping the data /* function escape_data ($data) { global $dbc; // Need the connection if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string ($data, $dbc); } // End of function. */ if (empty($_POST['username'])) { // Validate the username. $u = FALSE; echo '<p><font color="red" size="+1">Administrator name missing!</font></p>'; } else { $u = escape_data($_POST['username']); } if (empty($_POST['password'])) { // Validate the password. $p = FALSE; echo '<p><font color="red" size="+1">Administrator password missing!</font></p>'; } else { $p = escape_data($_POST['password']); } if ($u && $p) { // If everything's OK. $rc = checkAdminIdPsw($_POST['username'],$_POST['password']); if ( 0 == $rc ) { // If the correct values were entered... // Start the session, register the values & redirect. $_SESSION['usera'] = $_POST['username']; // $_SESSION['pswa'] = $_POST['password']; echo '<p><font color="green" size="+1">You are logged in as administrator.</font></p>'; } else { // No match was made. echo '<p><font color="red" size="+1">Wrong user and password.</font></p>'; } } else { // If everything wasn't OK. echo '<p><font color="red" size="+1">Please try again!</font></p>'; } } // End of SUBMIT conditional. ?> <!-- <h1>Login</h1> --> <p>Il tuo browser deve consentire i cookies per il "login".</p> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset> <p><b>Nome Utente:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p> <p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> </form><!-- End of Form --> </DIV> <?php //include pie' di pagina require_once ('../includes/admin_footer.inc'); ?> ====================admin_footer.inc================= <DIV id=footer> </DIV></DIV></BODY></HTML> <?php # Script fine sessione // Aggiunto gestione sessione anche per ADMIN in quanto autenticazione HTTP permessa solo con PHP4 su Apache ob_end_flush(); ?> ======================admin_header.inc ================= <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Il Portico</TITLE> <META http-equiv=Content-Type content="text/html; charset=ISO-8859-1"> <META http-equiv=Content-Language content=en-us> <META content=all name=robots> <META http-equiv=imagetoolbar content=false> <META content="Roberto Stivanello." name=author> <META content="Copyright (c) 2004-2005 Roberto Stivanello" name=Copyright> <META content="Il Portico Onlus: specializzata in pietre scartate dai costruttori che divengono testate d'angolo." name=description> <META content="onlus, umanitari, diversabili, emarginazione, handicap, associazioni" name=keywords> </HEAD> <BODY id=mybody > <DIV id=headwrap> <H1 id=nufront>Il Portico (onlus)</H1></DIV> <UL id=menu> <LI id=chisiamomenu><A title="Ci presentiamo" href="/chisiamo/">chi siamo</A></LI> </UL> <DIV id=wrapper> <DIV id=bravefourhundred> ===================config.inc==================== <?php # Script 12.3 - config.inc // This script sets the error reporting and logging for the site. //error_reporting (0); // Production level error_reporting (E_ALL); // Development level // Use my own error handling function. function my_error_handler ($e_number, $e_message) { $message = 'Error in: ' . __FILE__ . ' line # ' . __LINE__ . ": $e_message"; //error_log ($message, 1, 'ilporticoonlusadmin@libero.it'); // Production (send email) echo '<font color="red" size="+1">', $message, '</font>'; // Development (print the error in red) } set_error_handler('my_error_handler'); ?>