Sebastian Pfohl
|
| Posted: 07/27/2002, 2:10 PM |
|
Hello
It seems that there are problems with PHP 4.2.2 (4.1.0 to) with the common.php and the setting "register_globals=0ff" in the php.ini.
When this is set (standard since PHP 4.x) no one cant login with the build in security levels.
When all is standard, the user will be prompted to a clear login box again and again... I have read in the german forum a code from Joachim Uersfeld (very good Support there) like this:
function get_session($param_name)
{
global $HTTP_SESSION_VARS;
return isset($HTTP_SESSION_VARS[$param_name]) ? $HTTP_SESSION_VARS[$param_name] : "";
}
for the common.php. When i use this instead of the orginal code i will not prompted to a clear login box but i become instead of this the logoutbox ...
Any Ideas without to change the setting in the php.ini ? The most people cant change them himself on his servers ...
|
|
|
 |
jjtoubia
|
| Posted: 07/27/2002, 9:32 PM |
|
The $HTTP_*_VARS while still available in 4.2.0+, the are depricated. Try using the $_* type variables.
Here is your old function:
function get_session($param_name)
{
global $HTTP_SESSION_VARS;
return isset($HTTP_SESSION_VARS[$param_name]) ? $HTTP_SESSION_VARS[$param_name] : "";
}
Here is the rewritten function using the new globals
function get_session($param_name)
{
return isset($_SESSION[$param_name]) ? $_SESSION[$param_name] : "";
}
|
|
|
|
Sebastian Pfohl
|
| Posted: 07/28/2002, 12:45 AM |
|
Hmm same thing ... pointed me to the logoutbox 
i will try to recode the whole common.php to use the new global functions from PHP 4.1.0
Im totaly new to PHP, i hope i can get this to work 
|
|
|
|
Wendy Leung
|
| Posted: 08/28/2002, 11:28 AM |
|
Hi there:
I've also been stumped trying to figure out to get beyond the login page with the register_globals feature in the PHP.ini file set to Off, but I think I've found a way to solve the problem without having to set register_globals to On.
(Just for reference, I'm using CC 2.0.5.)
jjtoubia's solution is definitely on the right track, but you also need to alter the code accordingly in the set_session and check_security functions as well. If you don't, you'll continue ending up with the endless login page!
The key to this is by going to the PHP website and checking out their online documentation on session handling by going to: http://www.php.net/manual/en/ref.session.php
The key phrase I found on this page was:
"If you are using $HTTP_SESSION_VARS/$_SESSION and disable register_globals, do not use session_register(), session_is_registered() and session_unregister(). "
So what that means is that in the get_session, set_session and check_security functions, you need to substitute any and all instances of:
session_register('nameOfYourVariable') with $_SESSION['nameOfYourVariable'] = $whateverValue
session_is_registered('nameOfYourVariable') with isset($_SESSION['nameOfYourVariable'])
session_unregister('nameOfYourVariable') with unset($_SESSION['nameOfYourVariable'])
respectively.
You will need to do a little code cleanup in those 3 functions I just mentioned, (delete all globally declared variables, as a start), and once that's done, you should be able to log in successfully.
I tested it with a login page I generated with CC and a couple of other record pages that use the session variable of "UserID" (eg. submit a record with the user id of the person who's currently logged in), and logged in and out with several user accounts, and the code seems to hold up fine.
Hope that helps!
|
|
|
|
|
