Login problem with ver 2.0

[Eric Culpepper]

For what its worth, I have the session.auto_start = 0 set in my php.ini file and I'm still experiencing this issue, but this is on a Win2k test server so there maybe something else also working against me.

Thanks.

[webchills]

same thing here:
session.auto_start is OFF

Any ideas? Would like to update to 2.0 but can' t even test it...

[Thorsten]

Hi,

you're using MS SQL, right?

bye
Thorsten

[webchills]

yes MS SQL

[Thorsten]

Hi,

it seems, this bug only appears in MS SQL. I don't have any experience in MS SQL, so I need help. Could we try to do it together?

bye
Thorsten

[webchills]

Some posts before Eric has said
"One thing I've noticed is the pmf_auth_ COOKIE is changing and I'm guessing that shouldn't be happening."
I' m quite sure that this is the cause.
I' d be glad to assist, but have no idea where to start

[matuse]

it seems, this bug only appears in MS SQL.

I had this same issue on my site using MySQL on windows 2000. I Changed

Code: Select all

session.auto_start = 1

to

Code: Select all

session.auto_start = 0

and that seemed to fix things. I would like to have this feature enabled however, for other applications running on the same server.

FWIW - here is my configuration:

Code: Select all

phpMyFAQ Version
    phpMyFAQ 2.0.3
Server Software
    Apache/2.2.6 (Win32) PHP/5.2.4
PHP Version
    PHP 5.2.4
Register Globals
    off
Safe Mode
    off
Open Basedir
    off
Database Server
    Mysql
Database Client Version
    5.0.45
Database Server Version
    4.1.22-community-nt
Webserver Interface
    APACHE2HANDLER
PHP Extensions
    bcmath, calendar, com_dotnet, ctype, session, filter, ftp, hash, iconv, json, odbc, pcre, Reflection, date, libxml, standard, tokenizer, zlib, SimpleXML, dom, SPL, wddx, xml, xmlreader, xmlwriter, apache2handler, exif, gd, imap, ldap, mbstring, mysql, snmp, soap, sockets 

[Thorsten]

Hi,

the problem is, that I cannot change this value on run time within the script... thanks for the hint!

bye
Thorsten

[matuse]

It seems to me that maybe

Code: Select all

sessionstart()

is getting called somewhere that it's not supposed to be. Or that your scripts don't recognize that the session already exists when created from autostart and it tries to re-create the session id.

Just my $0.02

Matt

[webchills]

I tried 2.04 now but still the same issue. Session autostart is OFF on the server. Any new ideas?

[webchills]

I've found the following function in inc/Init.php:

Code: Select all

 /**
     * This function deregisters the global variables only when 'register_globals = On'.
     * Note: you must assure that 'session_start()' is called AFTER this function and not BEFORE,
     *       otherwise each $_SESSION key will be set to NULL because $GLOBALS
     *       has an entry, as copy-by-ref, for each $_SESSION key when 'register_globals = On'.
     *
     * @return  void
     * @access  private
     * @author  Stefan Esser <sesser@php.net>
     */
    function unregisterGlobalVariables()
    {
        if (!ini_get('register_globals')) {
            return;
        }

        if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
            die('GLOBALS overwrite attempt detected.');
        }

        $noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
        $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
        foreach (array_keys($input) as $k) {
            if (!in_array($k, $noUnset) && isset($GLOBALS[$k])) {
                $GLOBALS[$k] = null;
                unset($GLOBALS[$k]);
            }
        }
    }

On my server register globals is ON.
I' ve the tried to delete this function, but could not open the admin/index.php anymore.
I had to deactivate another function in inc/Init.php:

Code: Select all

// remove global registered variables to avoid injections
        //if (ini_get('register_globals')) {
         //   PMF_Init::unregisterGlobalVariables();
        //}

Then the admin menu worked again but I still get logged out when clicking any link.

[Thorsten]

Hi,

which version of PHP do you use? Can you provide me a phpinfo() of your server?

Thanks!

bye
Thorsten

[webchills]

PHP Version 4.3.9
I' ve sent you a PM with the detailed php info

[bryanw]

Hi There

I am having the same problem. One thing I have noticed is that after having logged on as admin then the homepage reports 2 Users online :: 1 Guests and 1 Registered but I am the only one using it and prior to loggin in it only reported 1 Guest.

session.auto_start is OFF. Here is my system info:

phpMyFAQ Version
phpMyFAQ 2.0.4
Server Software
Microsoft-IIS/5.0
PHP Version
PHP 5.2.5
Register Globals
off
Safe Mode
off
Open Basedir
off
Database Server
Mssql
Database Client Version
Database Server Version
Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
Webserver Interface
ISAPI
PHP Extensions
bcmath, calendar, com_dotnet, ctype, session, filter, ftp, hash, iconv, json, odbc, pcre, Reflection, date, libxml, standard, tokenizer, zlib, SimpleXML, dom, SPL, wddx, xml, xmlreader, xmlwriter, ISAPI, mssql, mysql

I can send more info if required but don't know what you need.

Thanks in advance.

Bryan