Jump to content

lost session variables after submit form


sergej11

Recommended Posts

Hi,

Everything work fine, but my site has been hacked and I restore all content from backup, but I didn’t backup my php.ini and .htaccess files and ask my hosting support to upload default files, because I didn’t make any changes in it.

After that, my sessions don’t work properly

For example:

 

TEST_page1.php

====================================================

<?php

session_start();

ini_set('display_errors',1);

error_reporting(E_ALL);

?>

<html>

<body>

<form name="1" action="includes/TEST_page.inc.php" method="POST">

<input type="text" name="username" id="username"><br>

<input type="text" name="password" id="password"><br>

<input type="hidden" name="startpage" id="startpage" value="index">

<input type="submit" name="submit" value="submit">

 

</form>

<?

if (isset($_REQUEST['error']))

echo $_REQUEST['error'];

?>

</body>

 

</html>

====================================================

 

includes/TEST_page.inc.php

====================================================

<?php

session_start();

 

if ($_REQUEST['username'] && $_REQUEST['username'] != "" && $_REQUEST['password'] && $_REQUEST['password'] != ""){

$_SESSION['username'] = $_REQUEST['username'];

$_SESSION['password'] = $_REQUEST['password'];

$_SESSION['startpage'] = $_REQUEST['startpage'];

header("location:../TEST_page2.php");

exit();

}

else{

header("location:../TEST_page1.php?error=empty");

exit();

}

====================================================

 

TEST_page2.php

====================================================

<?php

session_start();

ini_set('display_errors',1);

error_reporting(E_ALL);

 

if (isset($_SESSION['username']) || isset($_SESSION['password']) || isset($_SESSION['startpage']))

echo $_SESSION['username']."<br>".$_SESSION['password']."<br>".$_SESSION['startpage'];

else

echo "No Session variables.";

?>

====================================================

 

PHP Version 4.4.8

register_globals = Off

 

I think, that the problem in php.ini or .htaccess files, but don’t know where exactly, because this code work fine before hack and on the my other hosting to.

Could anyone help me with this?

Sorry for bad english,

Thanks

 

 

TEST_page3.php

==========================================

<?php

session_start();

ini_set('display_errors',1);

error_reporting(E_ALL);

$username = "john1212";

$password = "pass1234";

$startpage = "index";

 

$_SESSION['username'] = $username;

$_SESSION['password'] = $password;

$_SESSION['startpage'] = $startpage;

 

header("location:../TEST_page2.php");

exit();

?>

==========================================

 

If I load this page - everything is fine - all session vars are displayed.

 

and one more thing - register_globals = Off , but ini_get('register_globals') - return nothing.

there is one more thing:

 

if I put TEST_page3.php in the same folder with TEST_page1 and TEST_page2 and header("location:TEST_page2.php");

then - everything is fine, session var doesn't lost

 

but if I put TEST_page3.php in the /includes/ folder and header("location:../TEST_page2.php");

then vars get lost, even if header("location:http://www.domain.com/TEST_page2.php");

here is my .htaccess file, may be something wrong here?

===================================================

# -FrontPage-

 

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

 

<Limit GET POST>

#The next line modified by DenyIP

order allow,deny

#The next line modified by DenyIP

#deny from all

allow from all

</Limit>

<Limit PUT DELETE>

order deny,allow

deny from all

</Limit>

AuthName domain.com

AuthUserFile /home2/user/public_html/_vti_pvt/service.pwd

AuthGroupFile /home2/user/public_html/_vti_pvt/service.grp

 

<Files 403.shtml>

order allow,deny

allow from all

</Files>

 

deny from 62.146.91.0/24

deny from 67.202.31.0/24

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.