session variables not working anymore

[Beasts]

hello,

i use sessions to handle authentication within my site. my host has been changing a lot of settings in the server recently for "security purposes". and the technicians are pretty much clueless about what they are doing. they changed something in the configuration and all of a sudden the sessions dont seem to be working. i suspect register_globals. can anyone tell me the possible reasons for this?

 

they also played with the open_basedir setting and now i cant seem to be able to upload files because "/tmp" is restricted. i would appreciate it if you can tell me a workaround to it too.

 

/edit:

just did a var_dump on $_SESSION and it gives NULL

[oni-kun]

hello,

i use sessions to handle authentication within my site. my host has been changing a lot of settings in the server recently for "security purposes". and the technicians are pretty much clueless about what they are doing. they changed something in the configuration and all of a sudden the sessions dont seem to be working. i suspect register_globals. can anyone tell me the possible reasons for this?

 

they also played with the open_basedir setting and now i cant seem to be able to upload files because "/tmp" is restricted. i would appreciate it if you can tell me a workaround to it too.

 

/edit:

just did a var_dump on $_SESSION and it gives NULL

 

It'd help to know about your server. What I'd really recommend doing is just writing

<?php phpinfo(); ?>

into a new file and viewing it. It'd display everything they've done to the server and provide the much needed relevant information.

 

What version of PHP are you now at? Is register_globals on when seeing the config?

[Beasts]

i would've done so in the first post if that wasnt being a problem. for some reason phpinfo() does not work! it gives a blank page! they disabled it in the name of security or something?

[oni-kun]

i would've done so in the first post if that wasnt being a problem. for some reason phpinfo() does not work! it gives a blank page! they disabled it in the name of security or something?

 

Hmm.. I've heard shared hosts disabling this to disallow the user to view configuration (paths etc.). If they've gone this far to protect themselves, than I believe that the host isn't worth their salt..

 

Anyway, why not try a global and test? $HTTP_HOST for example.

 

[Beasts]

can you explain the last part a bit more?

[teamatomic]

What does php_info() say, when  it is disabled it is many times able to be used through your control panel, especially on free hosters

 

The fix probably has to come from your hoster as I dont think that you can set the base or access to the Upload_tmp_dir in .htaccess because these need to be set when PHP starts. This is probably a good clue as to when the time is to find another host.

 

 

HTH

Teamatomic

 

[oni-kun]

can you explain the last part a bit more?

<?php
    $_POST['foo'] == 'bar';
    echo $HTTP_POST_VARS;
?>

What do you get if you run this? If $HTTP_POST_VARS comes up as an undefined variable, than register_globals is off.

 

@TeamAtomic, It's already been stated that PHPinfo was off.

 

EDIT:

<?php
   echo 'Current PHP version: ' . phpversion();
?>

That should help as well.

[teamatomic]

What does php_info() say, when  it is disabled it is many times able to be used through your control panel, especially on free hosters

 

Many of the hosters that turn it off do so by default with an upgrade to their control panel. The panel then provides an nice little colored icon somewhere among the many little colored icons to view php info. Just cause you can make a php file with php_info() in it does not mean the info is not available.

 

 

HTH

Teamatomic

[trq]

<?php
    $_POST['foo'] == 'bar';
    echo $HTTP_POST_VARS;
?>

What do you get if you run this? If $HTTP_POST_VARS comes up as an undefined variable, than register_globals is off.

 

$HTTP_POST_VARS has nothing to do with register globals being on or off.

[Beasts]

php_info or phpinfo all gives blank pages. they only provided ftp access. no control panel. this host sucks =/ but the company i work for cant move. you wont believe the reason if i did

 

anyway i got this Undefined variable: HTTP_POST_VARS

[oni-kun]

php_info or phpinfo all gives blank pages. they only provided ftp access. no control panel. this host sucks =/ but the company i work for cant move. you wont believe the reason if i did

 

anyway i got this Undefined variable: HTTP_POST_VARS

 

What about the PHP version? It's funny, my old host bumped me down to 4.3 for some reason.. safely to say I moved.

 

If PHP is run as a module than you're able to change, atleast some settings with .htaccess, such as open_basedir.

[Beasts]

its php 4.3.0

$_SESSION is still NULL

[PFMaBiSmAd]

Post the code you are using to with the phpinfo(); statement, including showing us the opening php tag you are using.

 

Have you got full php error reporting turned on so that any session related errors would be reported and displayed?

 

At least add the following lines of code immediately after your first opening <?php tag (before any session_start() statement) -

 

ini_set("display_startup_errors", "1");
ini_set("display_errors", "1");
error_reporting(E_ALL);

 

And for all we know your code is using old methods that were depreciated over 7 years ago. What is your code that is setting the $_SESSION variables and what is your code that is showing them as a NULL, including showing us everything from the start of the files up to the relevant instructions.

[Beasts]

okay just discovered what the problem was and informed the host.

it was open_basedir settings or something which was preventing the sessions from being stored in /tmp

i added a .htaccess file with the following and created a custom /tmp folder. now the sessions are being written normally

 

php_value session.save_path /tmp