Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Beginning PHP, Apache, MySQL Web Development ISBN: 978-0-7645-5744-6
This is the forum to discuss the Wrox book Beginning PHP, Apache, MySQLWeb Development by Michael K. Glass, Yann Le Scouarnec, Elizabeth Naramore, Gary Mailer, Jeremy Stolz, Jason Gerner; ISBN: 9780764557446
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning PHP, Apache, MySQL Web Development ISBN: 978-0-7645-5744-6 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #11 (permalink)  
Old July 6th, 2004, 04:46 PM
Registered User
 
Join Date: Jun 2004
Location: , New York, USA.
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to LopezAF
Default

Hey guys...The problem is with the
if($_SESSION['authuser']!=1) line in the moviesite.php file as I can see in your code you have a semicolon at the end of the ); which must no be included after an if statement. You also forgot to put a semicolon to close out the "</a>" in the movie1.php file.

Reply With Quote
  #12 (permalink)  
Old July 9th, 2004, 07:15 PM
Registered User
 
Join Date: Jul 2004
Location: san antonio, tx, .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Edna,

Experienced everything you described, even the two files per session transaction(with one containing no information)in the \php\sessiondata directory.

In the php.ini file, I changed the session.cookie_path=C:\php\sessiondata to session.cookie_path=/ . Movie1.php & moviesite.php then passed session data as expected. I do not understand why this change in the ini file worked, but it worked! Maybe this will save you some time.
Reply With Quote
  #13 (permalink)  
Old July 11th, 2004, 05:35 PM
Authorized User
 
Join Date: Jul 2004
Location: Isle of South Uist, Outer Hebrides, United Kingdom.
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks, folks, for all the help. Here's what I did with it:

1. OOOops! Thank you, LopezAF, for pointing out the semicolon (and lack of). I amended this first because it was easiest. Ran the scripts, sure that this was it, and got the same error as before.

2. Next easiest, Obewan. Thanks for this too. I looked at session.cookie_data and found it was already set to / . So I thought perhaps it ought to match session.save_path so changed it to match. This produced the same result (yes, I did restart Apache every time :-) ). Then I wasn't sure whether it had been originally set to / or ./ , so went back and changed it to / - same message. What do you have session.save_path set to?

3. Richard, I left yours till last because there was so much of it!

(i) yes, I have cookies enabled. I am using Opera by the way.

(ii) I am leaving the hard-coding of the session id for later, as the purpose of this exercise is to get it working just as it says in the book. But I won't forget it!

(iii) (your next message) I am saying that movie1.php writes the variables to the sessiondata file, but moviesite.php instead of reading that file creates a new one, with no data (because it doesn't have any new variables to write).

(iv) There are no messages at all except the Notice mentioned in my first post, engendered by moviesite.php. No error messages.

(v) All the folders and files I mentioned do exist.

(vi) I read your article on permissions and changed those for the SESSIONDATA folder to "full". Note that I am running Windows98SE not XP, so it was not exactly the same as you describe. Anyway it didn't make any difference.

(vii) I'm not sure what you mean when you say " if the user tries to access that page directly without being logged in". The page is only accessed by a link from movie1.php, never directly. I don't understand "logged in" - to what? (I'm not online - apache is running locally.)

(viii) and I do restart apache every time I change php.ini


Now thanks again to everybody. I feel very strongly that the answer lies somewhere in the session part of php.ini, but I won't be able to look at it now for another week. It would help if anybody could give me their version of the session directives - although it won't match mine, it might give a clue. Alternatively, can you point me at the source code for the function session_data() so I can see exactly what it's doing? I don't want to download the whole of the source just yet :-)

Sorry to give you all this trouble! Feel free to give up. I'll find the answer eventually, but am not averse to shortcuts. Don't want to be a nuisance, though.

Best regards

Edna





Reply With Quote
  #14 (permalink)  
Old July 11th, 2004, 05:42 PM
Authorized User
 
Join Date: Jul 2004
Location: Isle of South Uist, Outer Hebrides, United Kingdom.
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Sorry - I meant the code for session_start() !

Reply With Quote
  #15 (permalink)  
Old July 11th, 2004, 09:54 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

Quote:
quote:
I'm not sure what you mean when you say " if the user tries to access that page directly without being logged in". The page is only accessed by a link from movie1.php, never directly. I don't understand "logged in" - to what? (I'm not online - apache is running locally.)
Ok, what I was saying is if someone types in the path to the moviesite.php file directly, without first visiting the movie1.php page they'll see an undefined variable error since the "authuser" variable doesn't exist, nevermind that you only link to this from the one page and that you don't intend for it to be accessed directly, that doesn't mean someone couldn't just type in the path to that page to access it directly or that a search engine wouldn't follow that link and index the page. "Logged in" means that the user has been authenticated and can access your secret pages. From a real world standpoint its better to consider such things, which was the point I was trying to make, but I understand for the purposes of learning it's alright to ignore.

On to your other comments...

This narrows it down a little but there's still a few things to check.

To verify that sessions are working correctly, you need to verify that a session exists.

When you load the first page, does the session id appear in the url to the second page?

echo "<a href='http://localhost/moviesite.php?favmovie=$myfavmovie'>";

The session id looks like this:
sid=2b327030dd80abafcb2fe64e0872e392

or
PHPSESSID=2b327030dd80abafcb2fe64e0872e392

When you load up the page in a browser, this might appear directly in the URL. If the session id appears here, take note of it, If not, then cookies are being used to pass the session id and you'll need to locate the cookie manually and take note of the session id stored there. In Opera look under File -> Preferences -> Privacy -> Manage Cookies Then you should see a cookie entry under your domain for sid or PHPSESSID with the unique number for its value.

Click the link to the second page and compare the session ids. If they are identical then, all is well with sessions.

The next step is to check the session data file itself. Open the file in the sessiondata directory with the same name as the unique session id. Verify that there is a variable named authuser in that file and that it has the right value.

I haven't a clue of how to set permissions in versions of Windows previous to XP, which is why no instructions are included in my article.

My hunch is that a new session is being created when you click through to the second page. If this is the case, then it is probably an ini problem. If this is the case, post the session portion of your ini file here.

HTH!


Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::
Reply With Quote
  #16 (permalink)  
Old July 11th, 2004, 09:58 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

Sorry forgot one thing..

To see what the session id is for the moviesite.php file you'll need to add the following after the call to session_start().

Code:
(moviesite.php)
<?php
session_start();
echo 'The session id is:'.session_id()."\n";
// check to see if user has logged in with a valid password
Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::
Reply With Quote
  #17 (permalink)  
Old July 14th, 2004, 03:28 PM
Authorized User
 
Join Date: Jul 2004
Location: Isle of South Uist, Outer Hebrides, United Kingdom.
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks, Richard. I too think that moviesite is creating another session, hence the empty session files interleaved with those that contain data. I'll check that out and post the session part - again it will probably be at the weekend.

Regards

Edna


Reply With Quote
  #18 (permalink)  
Old July 19th, 2004, 02:32 AM
Authorized User
 
Join Date: Jul 2004
Location: Isle of South Uist, Outer Hebrides, United Kingdom.
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi, Richard, here's the latest. By the way, I do understand what you are saying about best practice, but I am treating this just as an exercise to understand PHP.

The sessionid does not appear in the url of moviesite, which is
http://localhost/moviesite.php?favmovie=Life+of+Brian
favmovie is initialised in movie1.php (the calling script).

I looked in preferences in opera, and there was no cookie associated with these two scripts. By the way, preferences is now in the Tools menu in Opera; I am sure it was under File before.

I put the line you suggested - "echo 'The session id is:'.session_id()."\n";" into moviesite.php, and got the following result:

The session id is:8be88b153c74def38dcd5a408f98b14b

Looking into the sessiondata folder, this file was present with no data in it. The file before it, with timestamp less than a minute before, had all the variables. So I guess moviesite.php is generating a new file instead of picking up the one that's there already.

Lastly, here is the relevant part of php.ini. I removed most of the comments except those that seemed relevant. Should there be a value in session.entropy_file?


[Session]
session.save_handler=files

session.save_path=E:\PHP1\sessiondata

session.use_cookies=1

; session.use_only_cookies=1

session.name=PHPSESSID

session.auto_start=0

session.cookie_lifetime=0

session.cookie_path=/

session.cookie_domain=

session.serialize_handler=php

session.gc_probability=1
session.gc_divisor=100

session.gc_maxlifetime=1440

session.bug_compat_42=1
session.bug_compat_warn=1

session.referer_check=

session.entropy_length=0

; Specified here to create the session id.
session.entropy_file=

;session.entropy_length=16

;session.entropy_file=/dev/urandom

session.cache_limiter=nocache

session.cache_expire=180

session.use_trans_sid=0

url_rewriter.tags="a=href,area=href,frame=src,inpu t=src,form=,fieldset="

Thanks again
Edna


Reply With Quote
  #19 (permalink)  
Old July 19th, 2004, 03:17 AM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

Well, if you say that a cookie isn't present in Opera, then that's the problem. You should see in the cookies panel a reference to the domain, localhost, then within that an entry for the cookie data with the session id.

If you are certain that cookies are enabled in Opera, but the cookie containing the session id doesn't show up, then test the script in another browser, Mozilla, IE, Safari, Konqueror, whatever you are able to test on, ensuring that cookies are enabled in that browser then you'll know if it is PHP or Opera itself. From what you've shown me, I'm 99% sure that your cookie settings in Opera are the problem.

Other than that your ini file looks fine. It has all the values that it's supposed to have, you also say that sessions exist in the sessiondata directory, then all looks good with the PHP side of things.

As an even further test of PHP you can always just go to embedding the session id directly in the URL.

Furthermore this only requires one of two possible modifications, the first:

Modify this ini setting to a value of 1:
session.use_trans_sid = 1

Now the session id is output directly in the URL automatically by PHP.

Or as an alternative to the first method, the second method is to manually code the session id in the URL:
echo "<a href='http://localhost/moviesite.php?favmovie=$myfavmovie&PHPSESSID=".ses sion_id()."'>";

There are some potential security risks with including the session id in the URL manually, as you can see from the comments in the php.ini file for the session.use_trans_id directive, but that's another discussion all together.

Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::
Reply With Quote
  #20 (permalink)  
Old July 21st, 2004, 09:04 AM
Authorized User
 
Join Date: Jul 2004
Location: Isle of South Uist, Outer Hebrides, United Kingdom.
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi, Richard, thanks again.

I don't think we are supposed to be using cookies in this exercise - they come in page 55 :-), but I may be wrong, and I'll check it with other browsers as you suggest.

I'll try outputting the session id in the URL - may give a clue.

If this doesn't work, I am going to ignore it and go on to the cookie exercise, and may pick up some info along the way (eg that may not work either :-( ). I may also try the exercise in linux; but the whole idea of doing this under Windows was so that I didn't have to re-boot into another operating system every time I wanted to spend ten minutes on it.

Many thanks for all your help. I will come back to this sometime soon, when I get a result.

Edna

Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Undefined index junemo Pro PHP 8 October 31st, 2007 05:45 PM
Hung up on Ch 2, Pg 53 - new to VB xxxiii BOOK: Expert One-on-One Access Application Development 4 July 20th, 2006 09:25 AM
Undefined Index Error rit01 Beginning PHP 0 March 1st, 2006 10:03 AM
Undefined index ashinotani Beginning PHP 2 August 17th, 2004 03:31 PM



All times are GMT -4. The time now is 06:47 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.