John Ramsden
|
| Posted: 01/15/2003, 7:50 AM |
|
[Crossposted from news://comp.lang.php]
After writing a PHP web app that works fine on one PC, I reinstalled
it on another, on which I can't for the life of me get the authorization
to work.
The app was written using CodeCharge Studio, and this handles user
logins by writing session data for the main screen to pick up and
check.
I have checked that the session file is being written, and that
the session_register() calls in common.php are being supplied
with the correct data and all return _true_.
But the problem is that when I check the session file, all the
variables are set to "\N", which I presume means "undefined".
So it looks like PHP is throwing away the value supplied to
session_register(). Has the calling sequence for this changed
recently, or is there some security setting one needs to amend
in php.ini? (I've left most of the defaults unchanged, except
for session.save_path; but then, as I say, it writes the session
file OK.)
I even tried checking the PHP source file session.c, but can't
make much sense of this without spending much more time than
I'd like to spare at the moment.
Any ideas? Has anyone else encountered this problem.
I'm running Apache v2.0.43, PHP v4.3.0 (full release),
on Windows 2K Professional.
Cheers
John Ramsden (john_ramsden@sagitta-ps.com)
|
|
|
 |
Alex Alexapolsky
|
| Posted: 01/15/2003, 8:48 AM |
|
Turn globals on in php.ini
Make sure cookies in IE are enabled.
|
|
|
|
John Ramsden
|
| Posted: 01/15/2003, 9:29 AM |
|
Thanks for your prompt reply, Alex. I tried both of those,
but with no luck (although it could be I didn't reset
everything thoroughly enough between tests).
However, the good news is that I've fixed the problem by
recoding a couple of functions in my copy of common.php,
as follows:
::
function CCGetSession ($param_name)
{
return isset($_SESSION[$param_name]) ? $_SESSION[$param_name] : '';
}
function CCSetSession ($param_name, $param_val)
{
$_SESSION[$param_name] = $param_val;
}
Apparently session handling, which was introduced at PHP v4,
was in a "state of flux" for some time (putting it nicely).
But at v4.3.0, the maintainers have settled on using the
$_SESSION global array, and the $HTTP_SESSION_VARS array
should no longer be used.
Anyway, that's the impression I get from reading posts on
the topic over the last year or so, although many of their
authors, understandably, seemed almost as confused as I was!
So the bottom line is that if anyone using PHP v4.3.0+
with CodeCharge starts getting gyp from session variables
not working properly (e.g. manifested by logins not working,
when the database connection and login table both look OK),
then just use the above versions of the functions.
Incidently, just to pass on another pearl of wisdom while
I'm here, if the code does use $HTTP_SESSION_VARS then
bear in mind that session_register() doesn't work how
one might expect (and how it looks like the CodeCharge
authors believe!):
session_register() does _not_ during its call somehow
tuck away the current value of the variable being
registered. All it does is note the variable's name;
but the values of any session variables registered
are only saved at the end, after the page has been
output.
The implication of this is that calling session_register
for a variable and then changing the latter's value will
result in the changed value being saved.
Cheers
John Ramsden (john_ramsden@sagitta-ps.com)
P.S. After all my dumb questions to this group, It's nice
to be able to put something back for a change ;)
|
|
|
|
Alien003
|
| Posted: 01/15/2003, 10:17 AM |
|
Same problem here...ok..can you explanin what EXACTLY must i change to fix it
The code would be sweet :)
|
|
|
|
EMG
|
| Posted: 01/15/2003, 10:19 AM |
|
Thanks John.
I spent more than a little time with the new 4.3 changes (upload and globals).
I'm sure this will help more than a few - like me when I forget in 2-3 weeks and need to retweak something!
-EMG
|
|
|
|
John Ramsden
|
| Posted: 01/16/2003, 1:12 AM |
|
Alien003, AFAIK the only change you need to make is to
replace the Get & Set functions with the versions in
my reply. These are both in common.php, which is one
of the standard modules added to a new project when
the latter is created.
EMG, Glad to help. But what's this 'upload' problem
you mentioned? I'd like to be one step ahead of the
game for a change and know about a problem before
it bites me!
Cheers
John Ramsden (john_ramsden@sagitta-ps.com)
|
|
|
|
Tom D.
|
| Posted: 02/15/2003, 5:38 PM |
|
After numerous searched in this message board and other websites, I found my the answer to my problem.
First, I created a new function in common.php called XXSetSession. There are some strange curly brackets that are generated in CCSetSession, and rather than mess something up that I didn't understand... I created another function and used it.
function XXSetSession($param_name, $param_value)
{
global $param_name;
if(session_is_registered($param_name))
session_unregister($param_name);
$param_name = $param_value;
session_register($param_name);
}
Next, I included the following in the Page/After Initilize Event;
*** Note, I am trying to integrate Codecharge into an intensive multi-module project, so I chose not to use any of CC's Authentication support, as we already have a very intensive ACL.
function Page_AfterInitialize() { //Page_AfterInitialize @1-56434BCA
session_start();
//Custom Code @140-2A29BDB7
// -------------------------
$UserID = ####Bridge to my current ACL####;
XXSetSession("UserID", $UserID);
$sessUserID = CCGetSession("UserID");
If you want to make sure that the session variables are getting set properly, just echo the output to the screen in this event.
echo "Session UserID: ". CCGetSession("UserID");
I am running php v4.2.2/Redhat Linux/Apache and the CC genrated code, with reference to sessions, works fine(watch out for curly bracket!!).
Check out the following URL for PHP session related information.
http://www.php.net/manual/en/ref.session.php
This is my first stab at code charge, but I am a Enterprise level developer in multiple languages on multiple platforms. My feeling is that once I completely understand everything that the generated code is doing, I will be a Code Monster! =)
Good Luck!
Tom D. (hostmaster@itcynergy.com)
|
|
|
|
|
