sergej11 Posted July 1, 2008 Share Posted July 1, 2008 Hi, Everything work fine, but my site has been hacked and I restore all content from backup, but I didn’t backup my php.ini and .htaccess files and ask my hosting support to upload default files, because I didn’t make any changes in it. After that, my sessions don’t work properly For example: TEST_page1.php ==================================================== <?php session_start(); ini_set('display_errors',1); error_reporting(E_ALL); ?> <html> <body> <form name="1" action="includes/TEST_page.inc.php" method="POST"> <input type="text" name="username" id="username"><br> <input type="text" name="password" id="password"><br> <input type="hidden" name="startpage" id="startpage" value="index"> <input type="submit" name="submit" value="submit"> </form> <? if (isset($_REQUEST['error'])) echo $_REQUEST['error']; ?> </body> </html> ==================================================== includes/TEST_page.inc.php ==================================================== <?php session_start(); if ($_REQUEST['username'] && $_REQUEST['username'] != "" && $_REQUEST['password'] && $_REQUEST['password'] != ""){ $_SESSION['username'] = $_REQUEST['username']; $_SESSION['password'] = $_REQUEST['password']; $_SESSION['startpage'] = $_REQUEST['startpage']; header("location:../TEST_page2.php"); exit(); } else{ header("location:../TEST_page1.php?error=empty"); exit(); } ==================================================== TEST_page2.php ==================================================== <?php session_start(); ini_set('display_errors',1); error_reporting(E_ALL); if (isset($_SESSION['username']) || isset($_SESSION['password']) || isset($_SESSION['startpage'])) echo $_SESSION['username']."<br>".$_SESSION['password']."<br>".$_SESSION['startpage']; else echo "No Session variables."; ?> ==================================================== PHP Version 4.4.8 register_globals = Off I think, that the problem in php.ini or .htaccess files, but don’t know where exactly, because this code work fine before hack and on the my other hosting to. Could anyone help me with this? Sorry for bad english, Thanks Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted July 1, 2008 Share Posted July 1, 2008 are you losing them only after a submit? Or is it never saving them to begin with? I'd say do a little test and see if they're staying through each page, and not just being lost on the submit page Quote Link to comment Share on other sites More sharing options...
sergej11 Posted July 1, 2008 Author Share Posted July 1, 2008 TEST_page3.php ========================================== <?php session_start(); ini_set('display_errors',1); error_reporting(E_ALL); $username = "john1212"; $password = "pass1234"; $startpage = "index"; $_SESSION['username'] = $username; $_SESSION['password'] = $password; $_SESSION['startpage'] = $startpage; header("location:../TEST_page2.php"); exit(); ?> ========================================== If I load this page - everything is fine - all session vars are displayed. and one more thing - register_globals = Off , but ini_get('register_globals') - return nothing. Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted July 1, 2008 Share Posted July 1, 2008 What's testpage.inc.php? If it is outputting anything, then that's why... session_start() needs to be executed before any output is made. And your headers won't work either. Quote Link to comment Share on other sites More sharing options...
sergej11 Posted July 1, 2008 Author Share Posted July 1, 2008 includes/TEST_page.inc.php - didn't output nothing, just process POST info from TEST_page1.php Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted July 1, 2008 Share Posted July 1, 2008 can you show us its code? Quote Link to comment Share on other sites More sharing options...
sergej11 Posted July 1, 2008 Author Share Posted July 1, 2008 yes, it is in my original post, between TEST_page1.php and TEST_page2.php Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted July 1, 2008 Share Posted July 1, 2008 oh lol oops. I was confused by the way your post was setup. I need to reread Quote Link to comment Share on other sites More sharing options...
sergej11 Posted July 1, 2008 Author Share Posted July 1, 2008 there is one more thing: if I put TEST_page3.php in the same folder with TEST_page1 and TEST_page2 and header("location:TEST_page2.php"); then - everything is fine, session var doesn't lost but if I put TEST_page3.php in the /includes/ folder and header("location:../TEST_page2.php"); then vars get lost, even if header("location:http://www.domain.com/TEST_page2.php"); Quote Link to comment Share on other sites More sharing options...
sergej11 Posted July 1, 2008 Author Share Posted July 1, 2008 here is my .htaccess file, may be something wrong here? =================================================== # -FrontPage- IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti* <Limit GET POST> #The next line modified by DenyIP order allow,deny #The next line modified by DenyIP #deny from all allow from all </Limit> <Limit PUT DELETE> order deny,allow deny from all </Limit> AuthName domain.com AuthUserFile /home2/user/public_html/_vti_pvt/service.pwd AuthGroupFile /home2/user/public_html/_vti_pvt/service.grp <Files 403.shtml> order allow,deny allow from all </Files> deny from 62.146.91.0/24 deny from 67.202.31.0/24 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.