ok i'm developing a cms from a tutrial i found here.
the problem is i'm makeing the site on a windows 98 machine and it works really good. so i decided to move over to my linux box to see how it runs there. all works great except the session will not store the user password when they login. I have searched and searched but no one seems to have quite the same problem i am haveing so maybe some one can tell me what i am missing here.
All settings seem to be the same but the version are slightly different. but here are the specs and script.
Working on this setup:
windows 98:
apache_1.3.28-win32-x86-no_src
php-4.3.4-installer
mysql-4.0.16
Session file contents on 98 machine:
user|s:5:"username";pass|s:6:"password";groupid|s:1:"1";
Session options on 98 machine:
[Session]
; Handler used to store/retrieve data.
session.save_handler=files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
; As of PHP 4.0.1, you can define the path as:
; session.save_path="N;/path"
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
session.save_path= C:\PHP\sessiondata ; argument passed to save_handler
; Whether to use cookies.
session.use_cookies=1
; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies=1
; Name of the session (used as cookie name).
session.name=PHPSESSID
; Initialize session on request startup.
session.auto_start=0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime=0
; The path for which the cookie is valid.
session.cookie_path=/
; The domain for which the cookie is valid.
session.cookie_domain=
; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler=php
; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.
session.gc_probability=1
session.gc_divisor=100
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime=1440
; NOTE: If you are using the subdirectory option for storing session files
; (see session.save_path above), then garbage collection does not
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds=24 minutes):
; cd /path/to/sessions; find -cmin +24 | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning seperately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.
session.bug_compat_42=1
session.bug_compat_warn=1
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check=
; How many bytes to read from the file.
session.entropy_length=0
; Specified here to create the session id.
session.entropy_file=
;session.entropy_length=16
;session.entropy_file=/dev/urandom
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter=nocache
; Document expires after n minutes.
session.cache_expire=180
; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid=1
; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.tags="a=href,area=href,frame=src,input=src,form=,fieldset="
Now the none working machine:
Linux Red Hat 7.3
apache-1.3.27-4
php-4.1.2-7.3.6
MySQL-server 4.0.21-0
Session file contents on linux machine:
user|s:5:"username";pass|N;groupid|s:1:"1";
Session options on linux machine:
[Session]
; Handler used to store/retrieve data.
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored.
session.save_path = /tmp
; Whether to use cookies.
session.use_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID
; Initialize session on request startup.
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0
; The path for which the cookie is valid.
session.cookie_path = /
; The domain for which the cookie is valid.
session.cookie_domain =
; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php
; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability = 1
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440
; Check HTTP Referer to invalidate externally stored URLs containing ids.
session.referer_check =
; How many bytes to read from the file.
session.entropy_length = 0
; Specified here to create the session id.
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache
; Document expires after n minutes.
session.cache_expire = 180
; use transient sid support if enabled by compiling with --enable-trans-sid.
session.use_trans_sid = 1
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
Script that handles the login process:
class ac {
var $loggedin = false;
var $userdata;
function ac(){
session_start();
header("Cache-control: private");
}
function logout(){
unset($this->userdata);
session_destroy();
return true;
}
function cl($user = '',$pass = '',$group = 4,$gr = '',$br = ''){
require_once('dbcon.inc.php');
require_once('val.inc.php');
$val = new val();
$con = new dbcon();
if ($SESSION['user'] && $SESSION['pass']){
if (!$val->valto($SESSION['user'])){return false;}
if (!$val->valto($SESSION['pass'])){return false;}
//md5($pass)
$getUser = $con->query("SELECT * FROM users WHERE user_name = '".$SESSION['user']."' AND password = '".md5($SESSION['pass'])."' AND groupid <= ".$group.' AND enabled = 1');
if ($con->getnumrows($getUser) > 0){
if ($gr != '') {
header("Location: ".$gr."?".strip_tags(session_id())) ;
}
return true;
}else{
$this->logout();
return false;
}
}else{
if (!$val->valto($user)){return false;}
if (!$val->valto($pass)){return false;}
$getUser = $con->query("SELECT * FROM users WHERE user_name = '$user' AND password = '".md5($pass)."' AND groupid <= $group AND enabled = 1");
$this->userdata = $con->fetcharray($getUser);
if ($con->getnumrows($getUser) > 0){
$SESSION["user"] = $user;
$SESSION["pass"] = $this->userdata['pass'];
$_SESSION["groupid"] = $this->userdata['groupid'];
if ($gr) {
header("Location: ".$gr."?".strip_tags(session_id())) ;
}
return true;
}else{
unset($this->userdata);
if ($br) {
session_write_close();
header("Location: ".$br) ;
}
return false;
}
}
}
}
Thanks for any help. Just maybe a fresh set of eye's can figure it out.
