PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Object-Oriented Features New To PHP5
Object Oriented Programming in PHP: The Way to Large PHP Projects
10 Tips That Every PHP Developer Should Know, Part 2
Creating a PHP-Based Content Management System
COM Functions in PHP4

[phplib] auto_init / setup.inc and auth_preauth() function From: Michael A. Alderete (alderete <email protected>)
Date: 01/24/01

Next message: A.C.N.S. Information and News: "[phplib] Sessions not logging to DB"
Previous message: Spruce Weber: "Re: [phplib] same level perms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have had a tricky-to-reproduce problem, which I finally tracked down to
the fact that the file specified in $sess->auto_init is included into my
page as the LAST step in the page_open() process.

Unfortunately, the $auth->start() function is called BEFORE then, and that
calls my $auth->auth_preauth() function, which in certain circumstances
depends on a session variable to have been created and set by setup.inc.

In other words, here's what I thought was happening when a visitor first
hits my site:

page_open() ->
  session created ->
    setup.inc included ->
      variable $u created ->
        auth_preauth() called ->
          $u is used

And here is what is actually happening:

page_open() ->
  session created ->
    auth_preauth() called ->
      $u is used <- - - - - - - - - - - - - OOPS
        setup.inc included ->
          variable $u created ->

See the problem? auth_preauth() is using $u before it has been properly inited.

I tried to kludge a fix for this by checking for $u in my auth_preauth()
routine, and if it's not defined creating it. But $u is loaded with user
data when the user logs in, e.g., in auth_preauth() or
auth_validatelogin(). But if this happens on the first page the user
visits, then setup.inc gets called AFTER $u is loaded with useful data,
which resets $u to a blank state. This causes serious problems later.

I guess I can kludge a fix for this by modifying my setup.inc to not
overwrite an existing variable. But that's just adding a kludge on top of a
kludge; I have three instances of duplicated code to deal with setup.inc
not being called first, and then additional code in setup.inc dealing with
the consequences of that duplicated code being called first.

The right solution is for setup.inc to be called right after the session is
created. But I think that would cause other problems, like $auth not being
available inside setup.inc. Perhaps $auth could be created, but not have
$auth->start() called quite yet?

Are there any other solutions to this? What are the consequences of moving
the include(setup.inc) block above the $auth creation block in page_open()?

Thanks!

Michael

-- 
Visit MARS! <http://www.michaelandrochellessite.com/>
---
Michael A. Alderete
<mailto:alderete <email protected>>          voice: (415) 861-5758
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>

Next message: A.C.N.S. Information and News: "[phplib] Sessions not logging to DB"
Previous message: Spruce Weber: "Re: [phplib] same level perms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]