ID: 17106 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Session related Operating System: Win98, Win2000 Pro PHP Version: 4.1.2 New Comment:
The last version for which this script works on all my tested platforms (Win98-Win2000, Apache1.3.22, Netscape 4.75) is 4.0.6. Using the php4xx-installer.exe for MS Windows. Also note that 4.0.6 does NOT register PHP in the MS Win registry, whereas versions >= 4.1.0 DO register it. Could the registry be causing problems with session variables? Just a question from an un-initiated user. Lee Previous Comments: ------------------------------------------------------------------------ [2002-05-13 19:28:07] [EMAIL PROTECTED] 14 May 2002 PHP 4.2.1, all other settings as before Same behavior as 4.2.0 - on "submit" the login prompt immediately re-appears. So has NOT been fixed. The last version for which this script works is 4.1.0 Lee ------------------------------------------------------------------------ [2002-05-09 01:34:57] [EMAIL PROTECTED] I found the following on Zend's site: ---- FIX: 4.2.0 session SID broken Sascha Schumann has posted a fix for problems with the session SID under 4.2.0. If you need it immediately, the fix can be found at http://apache.org/~sascha/php-420-session-fix, or will be available in 4.2.1 along with the other fixes since 4.2.0. ---- Sounds like it may resolve the issue we're having??? ------------------------------------------------------------------------ [2002-05-08 22:18:00] [EMAIL PROTECTED] Sequence of tests: originally running php4.1.0 Un-installed that, installed php4.2.0 - found bug. Un-installed php4.2.0, installed php4.1.2 - still bug. Same behavior if Apache/php and Netscape on same machine (using 127.0.0.1 or localhost) or on different machines with different users. ------------------------------------------------------------------------ [2002-05-08 20:23:43] [EMAIL PROTECTED] When it fails under PHP 4.1.2, does it fail for ALL users or just SOME users? We've been having sheer hell since upgrading to PHP 4.2 with exactly this - SOME people are having severe intermittent problems with reading cookies (ie sometimes they'll login okay, other times they keep being asked to login), others (such as myself) have no problem what-so-ever. ------------------------------------------------------------------------ [2002-05-08 19:00:35] [EMAIL PROTECTED] Following is a login script which sets a session variable $userSN. First time it is run, it prompts for username and password, then sets the $userSN and displays "Welcome...". Second time it is run within a session, it checks isset($userSN) and displays "You are already logged in" Performance: Win98, Apache1.3.22, Netscape 4.75, php4.1.0 - first time - prompts as expected and displays "Welcome..", second time - displays "already logged in" as expected Win98, Apache1.3.22, Netscape 4.75, php4.1.2 - first time - prompts as expected and displays "Welcome..", second time - prompts for name and password again, so $userSN has NOT been set or has disappeared. (Note: same behavior with Win2000 Pro, Apache1.3.22, Netscape 4.75, php4.1.0) Win98, Apache1.3.22, Netscape 4.75, php4.2.0 - first time - prompts as expected, but on "submit" returns immediately to the prompt again. PHP session parameters in php.ini are the default options. Previous bug report 15867 - was claimed to have been fixed. <? // sets global $userSN // $OnLine = true by default ////////////////////////////////////////////////////////////////////// //Note: // ensure no headers are called! include("./HealthWebConfig.php"); include("./CommonFunction.php"); session_start(); // starting session // session variables must be global global $userSN; // registering session variables session_register("userSN"); // test if user is loged-in ?> <html> <head> <script language="JavaScript"> <!-- Begin validation script function validate_form() { if(document.loginForm.form_username.value == "") { alert('\nPlease enter a user name.'); document.loginForm.form_username.select(); document.loginForm.form_username.focus(); return false; } if(document.loginForm.form_password.value == "") { alert('\nPlease enter a password.'); document.loginForm.form_password.select(); document.loginForm.form_password.focus(); return false; } return true; } // End of validation script --> </script> </head> <link rel=stylesheet type='text/css' href='style/display.css'> <body bgcolor="#FFFFFF"> <? if(isset($userSN)) { printf("<H1>You have already logged in for this session.</H1><br>\n"); printf("<center>To logout click <a href=\"logout.php\">here.</a></center>"); printf("</body></html>"); exit; } //Check Password IF $userSN is NOT SET AND either clicked Submit or are off-line if ($submit || ($OnLine == false)) { $conn = odbc_connect( DB_PROVIDER_NAME, DB_PROVIDER_USERNAME, DB_PROVIDER_PASSWORD, DB_PROVIDER_CURSORTYPE); // OFFLINE VERSION uses $DefaultPassword or $DefaultUserSN if ($OnLine == false) { $query = "SELECT ProviderSN, ProviderName, UserName, Password, RefereeStat FROM Provider WHERE ProviderSN = $DefaultUserSN;"; } //End of OnLine = False else { $form_password = md5($form_password); $query = "SELECT ProviderSN, ProviderName, UserName, Password, RefereeStat FROM Provider WHERE UserName = '" . cleanString($form_username) . "' AND Password = '" . cleanString($form_password) . "';"; } // end if online $result = odbc_exec($conn, $query); if(odbc_fetch_row($result, 1)) { $realUserSN = odbc_result($result, 1); $providerName = odbc_result($result, 2); $userName = odbc_result($result, 3); $realPassword = odbc_result($result, 4); $refereeStat = odbc_result($result, 5); $userSN = $realUserSN; odbc_free_result($result); odbc_close($conn); if (isset($userSN)) { printf("<FONT size=5><b>Welcome to Provider Login</b></FONT><br>"); printf("<FONT size=3>%s</FONT><br>\n", $providerName); printf("<b><i>You are logged on from :</i></b> %s <br><br>\n", $REMOTE_ADDR); } else printf("<FONT size=5><b>ERROR setting session cookie</b></FONT><br>"); printf("</body></html>"); exit; } else { //didn't find the given password $notFound = true; } odbc_free_result($result); odbc_close($conn); } //END of SUBMIT or ONLINE=false ?> <div align="center"> <table border="0" width="100%"> <tr> <td bgcolor="E6E6E6" width="70%"> <H1 align="center">Agency Login Page</H1> <H5 align="center">Please note that cookies must be turned on in your browser to keep track of your agency. <br> Please contact the Mornington Div. of GP - 9769 6133 - for your password.</H5> </td> </tr> </table> <? if($notFound) { ?> <H2><font color="#FF0000">Login Failed</font>. Please go try again. Remember that the password is case-sensitive.</H2> <? } ?> </div> <form method="post" name="loginForm" action="providerlogin.php" onSubmit="return validate_form()"> <div align="center"> <table width="400" align="center" border="0" cellpadding="3" cellspacing="0" bgcolor="#FF0000"> <tr> <td colspan="2" align="left"> <center> <strong><font face="verdana" color="#FFFFFF" size="-1">Please enter Username & Password</font></strong> </center> </td> </tr> </table> <table width="400" border="0" cellspacing="0" bgcolor="#E6E6E6"> <tr> <td align="right"><br> <font face="arial" size="2"><b>Username:</b></font></td> <td><br> <input NAME="form_username" value="" maxlength="12"> </td> </tr> <tr> <td align="right"><font face="arial" size="2"><br> <b>Password:</b></font></td> <td><br> <input NAME="form_password" type="password" maxlength="12"> </td> </tr> <tr> <td colspan=2> </td> </tr> </table> <table width="400" align="center" border="0" cellpadding="3" cellspacing="0" bgcolor="#FF0000"> <tr> <td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td> <td> <input type="reset" name="reset" value="Clear"> </td> </tr> </table> </div> </form> </body> </html> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=17106&edit=1