Administrator login (continued)

[WaveyDavey]

Script URL: http://(localserver)/hesk/admin.php
Version of script: 0.93b
Version of PHP: 5.0.4
Hosting company: internal server, Fedora Core 4
Have you searched THIS FORUM for your problem: Yes
(if not please do before posting)
If so, what terms did you try: various admin login issues

Write your message below:

As others, I get the administrator login issue. Further info however:
admin_debug.php first instance shows:
Start process info:

1. Session started successfully
2. Database connection started successfully

Submitting that gives:
Start process info:

1. Session started successfully
2. Database connection started successfully
3. Username and password received
4. Database info received
5. Password OK
6. Categories OK, now redirecting (not in debug version)...
Location: admin_main.php

Also, ran the session test scripts:
session_test.php gives

Session started successfully!
CLICK HERE FOR PAGE 2

and session_test2 shows
$_SESSION['test'] is set to: TRUE

The session file on the server contains the following:
test|s:4:"TRUE
for the test script,

and the session file for the general login is empty (zero bytes long).

(potentially) relevant php.ini vars are:

session.save_handler = files
session.save_path = "/tmp"
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5

Hope this casts some light on the subject

David

[WaveyDavey]

What is this notice=1 thing in the url ? Where and why is it set ?

Enquiring minds need to know !

David

[Klemen]

Have you tried things discussed here:
viewtopic.php?t=303

and here:
viewtopic.php?t=230

?

[WaveyDavey]

Yes, I have of course read and checked the things in the other threads.

The problem, as I see it, seems to be happening as follows:

assume that you have enterned the correct password and submitted it. Then this form is submitted and POSTed to admin.php.

do_login function is called, which calls hesk_dbFetchAssoc($result).

This (correctly) assigns id, user, pass, isadmin, anme, email, signature, categories, notify to $_SESSION variables. I have tested this, and they are set after this operation.

However, if I stop the script there (with exit()) I find that the session variable on the server (stored in the location specified in php.ini with session.save_path = "/var/lib/php/session" or wherever) is 0 bytes long - the session variable is not saved.

Then the header is written Header("Location: admin_main.php") to redirect.

Again this is fine in terms of program flow, but session_start in admin_main.php is arrived ad, and $_SESSION is empty.

I am at a loss to understand why this happens, and yet the supplied session test scripts fail.

Hope this further info helps. As a stopgap, I am having to downgrade my server to php 4.3.x, which is requiring a full build from source of apache and php, ahich is going to cost me at least a day. This shows just how much my manager wants us to use Hesk !

David

[Klemen]

Hi,

I am also not sure why that happens, but if even the session test script fails then something must be misconfigured on the server side (why would session end if script exit()s?).

Here are session settings on my server (PHP 4.3.11):
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid On On

If you can try with PHP 4.3.x or 4.4.x please do as I haven't yet had the chance to test my scripts in PHP5.

Regards,

[WaveyDavey]

My apologies - I said the exact opposite of what I meant !

The supplied session test scripts don't fail - they work correctly.

This is why I am confused - the test scripts successfully update the session variables, so I know it not a write permission problem on the server, and yet the values loaded into the session form the database are not stored correctly.

Just in case there was an issue with the multiple updates to $_SESSION, I altered the test scripts as follows:

session_test.php:
error_reporting(E_ALL);
if (session_start())
{
$arr['first']='tiddly';
$arr['seeconde']='pom';
$arr['treed']=3;
$arr['quartic']='poodle';
$arr['fively']='bom';
echo 'Session vars set';
$_SESSION=$arr;
}
else
{
echo "Session NOT started, check your server setup!";
}
exit();


sessions_test2.php:
error_reporting(E_ALL);
session_start();
print_r($_SESSION);
exit();

and guess what - session_test2 displays :
Array ( [first] => tiddly [seeconde] => pom [treed] => 3 [quartic] => poodle [fively] => bom )
exactly as it should.

This is on a built-from-source php 4.4.1.

I *really* don't know what to look at next.

[psironii]

I just added the following line to hesk_setting_inc.php right after the do not edit below (sorry) and it seemed to do the trick for me. Since it was the only setting that was different in both of our php session settings it may work for you as well.

ini_set("session.use_trans_sid", false);

I need to test it a bit more, but I hope it puts you on the right track.

[psironii]

my bad -

ini_set("session.use_trans_sid", true);