ID: 20776
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Bogus
+Status: Open
Bug Type: Unknown/Other Function
Operating System: Win2K Server
PHP Version: 4.2.3
New Comment:
At top of login page:
session_start();
session_register("SESSION");
if (! isset($SESSION)) { echo("Dead session!!<br>"); }
>From a direct <a href> style link I get "Dead session!!" at the top of
the page. From a redirect via require_login() (see below) it works.
Sure looks like a bug to me.
Previous Comments:
------------------------------------------------------------------------
[2002-12-02 19:23:14] [EMAIL PROTECTED]
I would have thought that code with two results depending on the how
the return path is acquired would definitely imply a bug, or am I
missing something obvious here? I have a ton of programming experience
(including proprietary systems similar to but more complex than PHP)
but I'm very new at PHP itself so you may be right.
------------------------------------------------------------------------
[2002-12-02 18:44:38] [EMAIL PROTECTED]
Sorry, but your problem does not imply a bug in PHP itself. For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.
Thank you for your interest in PHP.
------------------------------------------------------------------------
[2002-12-02 18:38:24] [EMAIL PROTECTED]
The login script I am using ( part of a tutorial by Ying Zhang, see
http://zope1.devshed.com/zope.devshed.com/Server_Side/PHP/Commerce ) is
only working when entered from a page requiring login. If login is
voluntary by clicking on a "login" link, then login does not occur.
The only difference is the execution of the following code from the
MyMarket.php library:
function is_logged_in() {
/* this function will return true if the user has logged in. a user is
logged
* in if the $SESSION["user"] is set (by the login.php page) and also
if the
* remote IP address matches what we saved in the session
($SESSION["ip"])
* from login.php -- this is not a robust or secure check by any means,
but it
* will do for now */
global $SESSION, $REMOTE_ADDR;
return isset($SESSION)
&& isset($SESSION["user"])
&& isset($SESSION["ip"])
&& $SESSION["ip"] == $REMOTE_ADDR;
}
function require_login() {
/* this function checks to see if the user is logged in. if not, it
will show
* the login screen before allowing the user to continue */
global $CFG, $SESSION;
if (! is_logged_in()) {
$SESSION["wantsurl"] = qualified_me();
redirect("$CFG->wwwroot/login.php");
}
}
This code was developed in and is known to have worked in PHP4 beta.
Note that the tutorial requires register_globals=On also, in case you
decide to test it.
qualified_me() returns the name of the current script without the
querystring portion. As delivered it didn't work, I'm using a stripped
$_SERVER['SCRIPT_NAME'].
wantsurl is used later by the following code:
/* if wantsurl is set, that means we came from a page that required
* log in, so let's go back there. otherwise go back to the main
page */
$goto = empty($SESSION["wantsurl"]) ? $CFG->wwwroot . "/index.php" :
$SESSION["wantsurl"];
header("Location: $goto");
die;
The error only occurs if $CFG->wwwroot/index.php is called. Hope this
is enough information to nail the sucker.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=20776&edit=1
