php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37261 fopen() drops $_SESSION variables
Submitted: 2006-05-01 14:58 UTC Modified: 2006-05-01 15:40 UTC
From: info at handyheroes dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.4.2 OS: Linux with Apache/1.3.34
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: info at handyheroes dot com
New email:
PHP Version: OS:

 

 [2006-05-01 14:58 UTC] info at handyheroes dot com 
Description:
------------
When using fopen() to open a url within the same domain all session variables are ignored. Including POST and GET.

I want to provide a link for users to send thier current page. The current page is based on their security level and company_id which are stored as $_SESSION['sess_perms'] and $_SESSION['sess_cid'] after they login. 

The link to send the page is provided on each page and when clicked accesses the function to generate the page and then mail it via mail();

The problem is when using fopen() or hightlight_file() the sessions variables are missing so the DB query does a full result set.

Reproduce code:
---------------
1) The Link
$link=$_SERVER['PHP_SELF']."?main_page=".$main_page."&PHPSESSID=".$PHPSESSID;

<a href="index.php?mod=send_page&main_page=send_page.php&p=<? echo rawurlencode($link) ?>">Send Page</a>

2) Function
	function page_to_send() {
	global $mod,$p,$page,$query;
	$p="http://www.molloyllc.com".$p."&mail_ok=ok";
	$fh=fopen("$p", "r");
	while(!feof($fh)){
	$output =(fgets($fh, 1024));
	$page=$page."\r\n".$output;
	}
	fclose($fh);
	return($page);
	}


Expected result:
----------------
fopen() opens the supplied URL and then based on users security and company should return a list of data from a MySQL query based on the $_SESSION variables. EXAMPLE

if($_SESSION['sess_perms']=="Staff"){
$query="select uid,realname,email,client_id,location_id,phone from users";
$query.=" where client_id=\"$_SESSION[sess_cid]\" ";

should return a list of employees for that company only.

Actual result:
--------------
Returns all employees from DB. This is the $GLOBALS dump

main_page users.php
mail_ok ok
DOCUMENT_ROOT /usr/local/etc/httpd/htdocs/molloyllccom
HTTP_HOST www.molloyllc.com
PATH /bin:/usr/bin
REMOTE_ADDR 66.219.104.44
REMOTE_PORT 55682
SCRIPT_FILENAME /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/index.php
SERVER_ADDR 66.219.104.44
SERVER_ADMIN strangeb@strangebrew.com
SERVER_NAME molloyllc.com
SERVER_PORT 80
SERVER_SIGNATURE 
Apache/1.3.34 Server at molloyllc.com Port 80

SERVER_SOFTWARE Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.1
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.0
REQUEST_METHOD GET
QUERY_STRING main_page=users.php&mail_ok=ok
REQUEST_URI /CVS/molloyllccom/index.php?main_page=users.php&mail_ok=ok
SCRIPT_NAME /CVS/molloyllccom/index.php
PATH_TRANSLATED /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/index.php
PHP_SELF /CVS/molloyllccom/index.php
HTTP_POST_VARS Array
_POST Array
HTTP_GET_VARS Array
_GET Array
HTTP_COOKIE_VARS Array
_COOKIE Array
HTTP_SERVER_VARS Array
_SERVER Array
HTTP_ENV_VARS Array
_ENV Array
HTTP_POST_FILES Array
_FILES Array
_REQUEST Array
HTTP_SESSION_VARS Array
_SESSION Array
db_name molloy_cvs
spaw_dir /CVS/molloyllccom/spaw/
spaw_base_url http://www.molloyllc.com/
spaw_root /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/spaw/
spaw_default_toolbars full
spaw_default_theme default
spaw_default_lang en
spaw_default_css_styles heet /CVS/molloyllccom/spaw/wysiwyg.css
spaw_inline_js 
spaw_active_toolbar 1
spaw_dropdown_data Array
spaw_valid_imgs Array
spaw_upload_allowed 1
spaw_img_delete_allowed 1
spaw_imglibs Array
spaw_a_targets Array
spaw_img_popup_url /CVS/molloyllccom/spaw/img_popup.php
spaw_internal_link_script url to your internal link selection script
spaw_disable_style_controls 1
spaw_wysiwyg_instCount 0
user Object
uid 
del_uid 
query select locationname from locations where lid="44" 
client_id 
location_id 
client_name Terrys Car Care
news 

and the regular dump

mod send_page
main_page send_page.php
p http://www.molloyllc.com/CVS/molloyllccom/index.php?main_page=users.php&mail_ok=ok
PHPSESSID 5b9f2384e5047292f982ad2ea3a00cd9
DOCUMENT_ROOT /usr/local/etc/httpd/htdocs/molloyllccom
HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
HTTP_ACCEPT_ENCODING gzip, deflate
HTTP_ACCEPT_LANGUAGE en-us
HTTP_CONNECTION Keep-Alive
HTTP_COOKIE PHPSESSID=5b9f2384e5047292f982ad2ea3a00cd9
HTTP_HOST molloyllc.com
HTTP_REFERER http://molloyllc.com/CVS/molloyllccom/index.php?main_page=users.php
HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
PATH /bin:/usr/bin
REMOTE_ADDR 70.125.85.128
REMOTE_PORT 2068
SCRIPT_FILENAME /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/index.php
SERVER_ADDR 66.219.104.44
SERVER_ADMIN strangeb@strangebrew.com
SERVER_NAME molloyllc.com
SERVER_PORT 80
SERVER_SIGNATURE 
Apache/1.3.34 Server at molloyllc.com Port 80

SERVER_SOFTWARE Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.1
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
QUERY_STRING mod=send_page&main_page=send_page.php&p=%2FCVS%2Fmolloyllccom%2Findex.php?main_page=users.php
REQUEST_URI /CVS/molloyllccom/index.php?mod=send_page&main_page=send_page.php&p=%2FCVS%2Fmolloyllccom%2Findex.php?main_page=users.php
SCRIPT_NAME /CVS/molloyllccom/index.php
PATH_TRANSLATED /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/index.php
PHP_SELF /CVS/molloyllccom/index.php
HTTP_POST_VARS Array
_POST Array
HTTP_GET_VARS Array
_GET Array
HTTP_COOKIE_VARS Array
_COOKIE Array
HTTP_SERVER_VARS Array
_SERVER Array
HTTP_ENV_VARS Array
_ENV Array
HTTP_POST_FILES Array
_FILES Array
_REQUEST Array
HTTP_SESSION_VARS Array
_SESSION Array
sess_uid 56
sess_realname Nick Reale
sess_lid 34
sess_cid 23
sess_perms Admin
sess_client Jordanas Goodyear
sess_version full
db_name molloy_cvs
spaw_dir /CVS/molloyllccom/spaw/
spaw_base_url http://www.molloyllc.com/
spaw_root /usr/local/etc/httpd/htdocs/molloyllccom/CVS/molloyllccom/spaw/
spaw_default_toolbars full
spaw_default_theme default
spaw_default_lang en
spaw_default_css_stylesheet /CVS/molloyllccom/spaw/wysiwyg.css
spaw_inline_js 
spaw_active_toolbar 1
spaw_dropdown_data Array
spaw_valid_imgs Array
spaw_upload_allowed 1
spaw_img_delete_allowed 1
spaw_imglibs Array
spaw_a_targets Array
spaw_img_popup_url /CVS/molloyllccom/spaw/img_popup.php
spaw_internal_link_script url to your internal link selection script
spaw_disable_style_controls 1
spaw_wysiwyg_instCount 0
common Object
client_id 
locationname 
address 
location_id 
query select uid,realname,location_id from users order by realname
uid 
user 
page

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-01 15:00 UTC] tony2001@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
 [2006-05-01 15:40 UTC] info at handyheroes dot com 
Ok.. Bogus not a bug. I try to pass the PHPSESSID and fopen() fails.. Is that a bug?
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Thu Apr 02 19:00:02 2026 UTC