PHP :: Bug #22861 :: sessions don't destroy

Bug #22861	sessions don't destroy
Submitted:	2003-03-24 16:26 UTC	Modified:	2003-03-24 16:44 UTC
From:	notepad at codewalkers dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.3.1	OS:	winxp pro IIS
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	notepad at codewalkers dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2003-03-24 16:26 UTC] notepad at codewalkers dot com

i couldn't get sessions to destroy in PHP v4.3.1. - it seemed to set the variable $_SESSION['valid_user'] even when the login form is left blank (allowing you to login as anyone). so i made login a seperate function, and now the login function won't return true even if it's a valid attempt.. craziness

i was thinkin that maybe my approach is wrong, but, then nobody else seems to be able to tell me why it doesn't work. my apologies if i'm just blind

testdb.txt example:
myuserid|mypass

sessiontest.php example:
<?php

session_start();

if(isset($_POST['userid']) && isset($_POST['password']))
{
    // if user has just tried to login
    $userid = trim($_POST['userid']);
    $password = trim($_POST['password']);
}

// retrieve info from database, register id if they're in the database
$data = file('testdb.txt');
function login($db, $id, $pass)
{
    foreach($db as $key=>$value)
    {
        $divide = explode('|', $value);
        if(($divide[0] == "$id") && ($divide[1] == "$pass"))
            return true;
        else
            return false;
    }
}

if(@login($data, $userid, $password))
{
    $_SESSION['valid_user'] = $userid;

    $olduser = $_SESSION['valid_user'];
    $oldid = session_id();
    $_COOKIE = array();
    $_SESSION = array();
    $_REQUEST = array();
    session_destroy();
    echo '<html><body>';
    echo 'you are logged in as '.$olduser.' : '.$oldid.'<br>';
    echo '<br><a href="'.$_SERVER['PHP_SELF'].'">logout</a>';
}
elseif(isset($userid))
    echo 'could not log you in';
else
    echo 'you are not logged in';

?>
<html><body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table><tr><td>
userid:
</td><td>
<input type="text" name="userid">
</td></tr><tr><td>
password:
</td><td>
<input type="password" name="password">
</td></tr><tr><td colspan="2" align="center">
<input type="submit" value="login">
</td></tr></table></form>
</body></html>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-03-24 16:32 UTC] notepad at codewalkers dot com

i'm so sorry.. my login function is the problem - as it's last return value is false (blank line) i'd delete this if i knew how.. sorry

[2003-03-24 16:44 UTC] rioter@php.net

this is not a bug in php 
marking as bogus

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Apr 29 15:01:31 2024 UTC