php-general Digest 9 Dec 2012 19:45:51 -0000 Issue 8060

Sun, 09 Dec 2012 11:47:49 -0800 

php-general Digest 9 Dec 2012 19:45:51 -0000 Issue 8060

Topics (messages 319824 through 319830):

Re: Session ?
        319824 by: Jim Giner
        319825 by: Daniel Brown
        319826 by: Jim Giner
        319827 by: Jim Giner
        319828 by: David OBrien
        319829 by: Jim Giner

Re: how to read emails with php
        319830 by: Michael Wallner

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-gene...@lists.php.net


----------------------------------------------------------------------
--- Begin Message --- 
On 12/7/2012 4:02 PM, Jim Giner wrote:

So i need the ini set in both scripts. Thx. Ill try that later

jg


OK - I put the line:

ini_set('session.cookie_domain','.albanyhandball.com');
session_start();

into each of my scripts.

Didn't work.
Let me explain my domain names. My main domain is "albanyhandball.com". I have two subs called "x.albanyhandball.com" and "y.albanyhandball.com". Attached to each of these is what my isp calls an "add-on domain" name. These two names are not similar at all. As in "addon1.net" and "myothersub.com", but each is tied to one of the sub-domain names. Looking at a phpinfo dump, the true sub-domain names (*.albanyhandball.com) show up only in the SERVER_ADMIN setting, while my add-on domain names show up in the SERVER_NAME settings.
I've read about passing the session id to a script and using that to opene up the existing session file. Is this something I could do in this case? Or am I SOL?

--- End Message ---
--- Begin Message --- 
On Sat, Dec 8, 2012 at 10:52 AM, Jim Giner <jim.gi...@albanyhandball.com> wrote:
> Didn't work.
>
> Let me explain my domain names.  My main domain is "albanyhandball.com".  I
> have two subs called "x.albanyhandball.com" and "y.albanyhandball.com".
> Attached to each of these is what my isp calls an "add-on domain" name.
> These two names are not similar at all.  As in "addon1.net" and
> "myothersub.com", but each is tied to one of the sub-domain names.  Looking
> at a phpinfo dump, the true sub-domain names (*.albanyhandball.com) show up
> only in the SERVER_ADMIN setting, while my add-on domain names show up in
> the SERVER_NAME settings.

    That won't work and should not work.  You could technically do it,
but you'd be deliberately creating an XSS for your sites.  If it
worked that way on its own, it would either be (a) a horrible browser
or (b) 1995.

    It'll work for the subdomains, but not addon or parked domains.

> I've read about passing the session id to a script and using that to opene
> up the existing session file.  Is this something I could do in this case?
> Or am I SOL?

    You can pass the session ID and reactivate the session that way,
sure.  Not pretty, and it does lead to security considerations, but it
would work.

-- 
</Daniel P. Brown>
Network Infrastructure Manager
http://www.php.net/

--- End Message ---
--- Begin Message --- 
On 12/8/2012 11:04 AM, Daniel Brown wrote:

     You can pass the session ID and reactivate the session that way,
sure.  Not pretty, and it does lead to security considerations, but it
would work.


OK - I've done this in script 1:

if (isset($_REQUEST['sess']))
        $sess_id = $_REQUEST['sess'];
else
        $sess_id = '';
if ($sess_id > '')
{
        session_start($sess_id);
        $errmsg .= "started sess id is: $sess_id ";
}
else
{
        session_start();
        $errmsg .= "started new sess ";
}


Then my process creates a Session array and calls script 2
In script 2 I have:

if (isset($_GET['sess']) && $_GET['sess'] <> '')
{
        $sess_id = $_GET['sess'];
        session_start($sess_id);
        $errmsg .= "started sess $sess_id ";
}
else
{
        session_start();
        $sess_id = session_id();
        $errmsg = "started NEW sess with id of $sess_id ";
}
My $errmsg shows me the same sess id in both scripts, and it would appear that I have managed to pass my session across the sub-domains. But when script 2 attempts to access the contents of the Session array created in script 1 it doesn't find it. What am I not doing?

--- End Message ---
--- Begin Message --- 
On 12/8/2012 11:41 AM, Jim Giner wrote:

On 12/8/2012 11:04 AM, Daniel Brown wrote:

     You can pass the session ID and reactivate the session that way,
sure.  Not pretty, and it does lead to security considerations, but it
would work.


OK - I've done this in script 1:

if (isset($_REQUEST['sess']))
     $sess_id = $_REQUEST['sess'];
else
     $sess_id = '';
if ($sess_id > '')
{
     session_start($sess_id);
     $errmsg .= "started sess id is: $sess_id ";
}
else
{
     session_start();
     $errmsg .= "started new sess ";
}


Then my process creates a Session array and calls script 2
In script 2 I have:

if (isset($_GET['sess']) && $_GET['sess'] <> '')
{
     $sess_id = $_GET['sess'];
     session_start($sess_id);
     $errmsg .= "started sess $sess_id ";
}
else
{
     session_start();
     $sess_id = session_id();
     $errmsg = "started NEW sess with id of $sess_id ";
}

My $errmsg shows me the same sess id in both scripts, and it would
appear that I have managed to pass my session across the sub-domains.
But when script 2 attempts to access the contents of the Session array
created in script 1 it doesn't find it.  What am I not doing?
Forgot to mention that when I do header(...) to go to script 2 that I do append the session id to my url 
Same on the return from script 2 back to script 1.

--- End Message ---
--- Begin Message --- 
On Sat, Dec 8, 2012 at 12:10 PM, Jim Giner <jim.gi...@albanyhandball.com>wrote:

> On 12/8/2012 11:41 AM, Jim Giner wrote:
>
>> On 12/8/2012 11:04 AM, Daniel Brown wrote:
>>
>>>      You can pass the session ID and reactivate the session that way,
>>> sure.  Not pretty, and it does lead to security considerations, but it
>>> would work.
>>>
>>>  OK - I've done this in script 1:
>>
>> if (isset($_REQUEST['sess']))
>>      $sess_id = $_REQUEST['sess'];
>> else
>>      $sess_id = '';
>> if ($sess_id > '')
>> {
>>      session_start($sess_id);
>>      $errmsg .= "started sess id is: $sess_id ";
>> }
>> else
>> {
>>      session_start();
>>      $errmsg .= "started new sess ";
>> }
>>
>>
>> Then my process creates a Session array and calls script 2
>> In script 2 I have:
>>
>> if (isset($_GET['sess']) && $_GET['sess'] <> '')
>> {
>>      $sess_id = $_GET['sess'];
>>      session_start($sess_id);
>>      $errmsg .= "started sess $sess_id ";
>> }
>> else
>> {
>>      session_start();
>>      $sess_id = session_id();
>>      $errmsg = "started NEW sess with id of $sess_id ";
>> }
>>
>> My $errmsg shows me the same sess id in both scripts, and it would
>> appear that I have managed to pass my session across the sub-domains.
>> But when script 2 attempts to access the contents of the Session array
>> created in script 1 it doesn't find it.  What am I not doing?
>>
>>  Forgot to mention that when I do header(...) to go to script 2 that I do
> append the session id to my url
> Same on the return from script 2 back to script 1.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I know i'm late to the party here but I had to do something similar

I used something similar to
http://www.nczonline.net/blog/2010/09/07/learning-from-xauth-cross-domain-localstorage/

ie storing the session state in html localstorage objects then using the
methods in that link to read them thru iframes on the other domain...

--- End Message ---
--- Begin Message --- 
On 12/8/2012 12:10 PM, Jim Giner wrote:

On 12/8/2012 11:41 AM, Jim Giner wrote:

On 12/8/2012 11:04 AM, Daniel Brown wrote:

     You can pass the session ID and reactivate the session that way,
sure.  Not pretty, and it does lead to security considerations, but it
would work.


OK - I've done this in script 1:

if (isset($_REQUEST['sess']))
     $sess_id = $_REQUEST['sess'];
else
     $sess_id = '';
if ($sess_id > '')
{
     session_start($sess_id);
     $errmsg .= "started sess id is: $sess_id ";
}
else
{
     session_start();
     $errmsg .= "started new sess ";
}


Then my process creates a Session array and calls script 2
In script 2 I have:

if (isset($_GET['sess']) && $_GET['sess'] <> '')
{
     $sess_id = $_GET['sess'];
     session_start($sess_id);
     $errmsg .= "started sess $sess_id ";
}
else
{
     session_start();
     $sess_id = session_id();
     $errmsg = "started NEW sess with id of $sess_id ";
}

My $errmsg shows me the same sess id in both scripts, and it would
appear that I have managed to pass my session across the sub-domains.
But when script 2 attempts to access the contents of the Session array
created in script 1 it doesn't find it.  What am I not doing?


Forgot to mention that when I do header(...) to go to script 2 that I do
append the session id to my url
Same on the return from script 2 back to script 1.
Plugging away at my problem still. Here is something interesting. Apparently I don't understand how some of these session settings work. 
In my script 2 (the called one) I have this code:

if (isset($_REQUEST['sess']))
        $sess_id = $_REQUEST['sess'];
else
        $sess_id = '';
if ($sess_id > '')
{
        session_start($sess_id);
        $errmsg .= "started sess with id of $sess_id ";
}
else
{
        session_start();
        $errmsg .= "started a NEW sess ";
}
$sid = session_id();
$errmsg .= "started sess actual id is: $sid ";
Now - there is a 'sess' argument in my url string that calls this, so I am using the branch of the logic that shows me that I "started sess with id of xxxx". But I've added the last two lines to check on that and I get "started sess actual id is: zzzzzz" - NOT the right id.
Can someone explain the use of session ids and the right commands to use? From my understanding my thinking is: 

in script 1 after establishing the initial session wiht a session_start():
1 - get the session id save it in a hidden field on my screen
2 - when script 1 starts again, retrieve the id and when going to my script 2 (in the other sub-dom) attach it as an argument 3 - in the called script 2, retrieve the argument from the url and start the session with: 
session_start($sessid)
4 - save the sessid in this screen's fields
5 - when script 2 gets control again, retrieve the id from the hidden field and if the user has opted to return to script 1, attach the session id to the url again.
All my debugging messages indicagte that I have the same session id, yet I don't have the same variables, ie, they're missing.
--- End Message ---
--- Begin Message --- 
On 4 December 2012 19:24, Farzan Dalaee <farzan.dal...@gmail.com> wrote:
> Warning: imap_open() [function.imap-open]: Couldn't open stream
> mail.mydomain.net:143/pop3INBOX in C:\xampp\htdocs\mail.php on line 6
>
> this is my code
>
> $host = 'mail.mydomain.net:143/pop3';
> $user = 'x...@mydomain.net';
> $password = 'myPassword';
> $mailbox = "{$host}INBOX";
              ^^^^^^^

PHP interprets that as "insert $host in string" and removes the curly braces.

Try

$mailbox = "{mail.mydomain.net:143/pop3}INBOX";

Cheers,
Mike

--- End Message ---

Reply via email to