Page 1 of 2

Working with sessions?

Posted: Sat Oct 19, 2002 1:23 pm
by terji
I'm trying to save a variable with session scope! But I keep getting this error from the Apache Server.

Warning: open(/tmp\sess_cdd6b6e09f51738ad553a00e0bfa73a1, O_RDWR) failed: m (2) in c:\phpdev\www\cms\index.php on line 5

These are the 2 lines I've used:

session_register("myVar");
$myVar = 0;

What am I doing wrong here :?:

Posted: Sat Oct 19, 2002 1:43 pm
by Heavy
You need to start the session, like this:

Code: Select all

<?
session_start();
session_register("myVar");
$myVar = 0;
?>
If you like and have access, you can set the directive...

Code: Select all

session.auto_start = 1
...in your php-ini file.

Posted: Sat Oct 19, 2002 1:49 pm
by Heavy
OOH! Stupid I am!
It's all in the error message:

Code: Select all

open(/tmp\sess_cdd6b6e09f51738ad553a00e0bfa73a1, O_RDWR) failed: m (2) in c:\phpdev\www\cms\index.php on line 5
It tries to open a file in the "/tmp" directory!
That would be in unix, right?

Set your session.save_path correctly in your php.ini file.Please read the following carefully:

Code: Select all

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_path = /tmp
set it to

Code: Select all

session.save_path = c:\session_temp_folder
..or wherever (I've forgot) the system temp-folder is.

I'm totally lost here?!?!

Posted: Sat Oct 19, 2002 1:59 pm
by terji
My current tmp folder is located here: C:\phpdev\php\temp

And in my php.ini file is says:

; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored.
session.save_path = C:\phpdev\php\temp;

To what am I supposed to change it :oops:

Posted: Sat Oct 19, 2002 2:04 pm
by Heavy
Are you still seeing error messages?
let us see them!
You might want to test viewing warnings too
php.ini:

Code: Select all

error_reporting  =  E_ALL
A quick check in the error log file might do the job.
The location of that file is also specified in the php.ini file.

error log??????

Posted: Sat Oct 19, 2002 2:18 pm
by terji
It seems I don't have an error log file.

This is from my php.ini file:

; Log errors to specified file.
;error_log = filename


Setting error_reporting to E_ALL didn't change the 'error' output....

So now I'm even more confused.

Posted: Sat Oct 19, 2002 3:31 pm
by Zeceer
You need to set the error writing to a file.
; Log errors to specified file.
;error_log = c:\php\errolog.txt
For an example.

Posted: Sat Oct 19, 2002 4:02 pm
by volka
try it with backslashes replaced by slashes
session.save_path = C:/phpdev/php/temp;
the account your webserver is running under has read/write permissions to this directory?

Still not working.......

Posted: Sat Oct 19, 2002 4:47 pm
by terji
Nothing that I do to my session.save_path has any effect on the error that I recieve....

My current path is:
session.save_path = C:/phpdev/php/temp;

...and that matches the path to the folder.

The error msg I get is still:
Warning: open(/tmp\sess_7a44b7acffa1a35f51bb93481d3c02f0, O_RDWR) failed: m (2) in c:\phpdev\www\cms\logon.php on line 5

Her is the logon file:


//Include the common functions
include("classes/common.php");

session_start();
session_register("authent");

if($username AND $password)
{
$conn = dbConnection($conn);
$sql = "SELECT username, password FROM siteusers WHERE username = '" . $username . "' AND password = '" . $password . "';";
$recordSet = &$conn->Execute($sql);
if(!$recordSet->EOF)
{
$authent = 1;
}
}

header("location: index.php");


Isn't there a wiz out there who can help me with this?!?!?!?!??! :cry:

Posted: Sat Oct 19, 2002 5:25 pm
by sweahe
In your php.ini file...

session.save_path = C:/phpdev/php/temp;

..do you have that semicolon in the end of the path? Remove it! :wink:
(don't know but it's worth a try!)

I suppose you have restarted your server after changing the path in php.ini, or? Because it looks like it still tries to open the file in /tmp that would be the case if you didn't restart your server since changing in php.ini.
Run phpinfo(); to see where your session.save_path is set to.

Posted: Sat Oct 19, 2002 5:45 pm
by sweahe
By the way...

Think about what happens if someone calls your logon.php like this:
logon.php?authent=1

Posted: Sat Oct 19, 2002 6:30 pm
by Heavy
This is really a discussion about how to setup PHP correctly :D
Think about what happens if someone calls your logon.php like this:
logon.php?authent=1

To more or less avoid situations like that, one should have this setting in php.ini:

Code: Select all

; This directive describes the order in which PHP registers GET, POST, Cookie,
; Environment and Built-in variables (G, P, C, E & S respectively, often
; referred to as EGPCS or GPC).  Registration is done from left to right, newer
; values override older values.
variables_order = "EGPCS"

; Whether or not to register the EGPCS variables as global variables.  You may
; want to turn this off if you don't want to clutter your scripts' global scope
; with user data.  This makes most sense when coupled with track_vars - in which
; case you can access all of the GPC variables through the $HTTP_*_VARSї],
; variables.
;
; You should do your best to write your scripts so that they do not require
; register_globals to be on;  Using form variables as globals can easily lead
; to possible security problems, if the code is not very well thought of.
register_globals = Off
register_globals = Off, I meant...
Which means that every parameter passed by url,like in the quote above, are registered in an array named $GET.
Also, session vars are put into the array called $_SESSION, where the var we are talking about could be accessed through

Code: Select all

$_SESSIONї'authent']
Please read the following: http://www.php.net/manual/en/security.r ... lobals.php

oh no ....

Posted: Sat Oct 19, 2002 7:39 pm
by terji
I actually have 2 php.ini files !!!!! :?

I'm using phpdev4 downloaded from firepages. And there are 2 php.ini files. They are located:
C:\phpdev\php\php.ini
C:\WINXT\php.ini
Which one should I modify? Is this right?!?!

I'm getting a bit frustrated here .... My phpinfo() says that my session.save_path = /tmp and that is not what my 2 php.ini files say...

When I create a C:\tmp folder everything works just fine. This isn't very pretty though. If any of you wiz' figure this out I'd be extremely glad. I've even tried reinstalling my phpdev but there's still no change.

oh dear

Posted: Sat Oct 19, 2002 7:45 pm
by terji
Not even my little logon code works :cry:

Posted: Sat Oct 19, 2002 7:47 pm
by Heavy
PHP checks the system path for the php.ini
see the manual where the header is "Installation on Windows systems":

Code: Select all

#

Copy your choosen ini file (see below) to your '%WINDOWS%' directory on Windows 9x/Me or to your '%SYSTEMROOT%' directory under Windows NT/2000/XP and rename it to php.ini. Your '%WINDOWS%' or '%SYSTEMROOT%' directory is typically:

c:\windows for Windows 9x/ME/XP
c:\winnt or c:\winnt40 for NT/2000 servers

There are two ini files distributed in the zip file, php.ini-dist and php.ini-optimized. We advise you to use php.ini-optimized, because we optimized the default settings in this file for performance, and security. The best is to study all the ini settings and set every element manually yourself. If you would like to achive the best security, then this is the way for you, although PHP works fine with these default ini files.
#