Page 2 of 2

Posted: Fri Jun 30, 2006 11:45 am
by garvinhicking
Hi!

No, sorry for being unprecise. I mean the "remember me" functionality when you login to your serendipity backend!

Best rergards,
Garvin

Posted: Fri Jun 30, 2006 3:51 pm
by plofhead
Hi,

When I'm logged in as Admin and then try to enter a comment works sometimes but not always. Then I get the same error message as before.

When I disable the captchas it's always possible to enter a comment.

Regards,
Bert

Posted: Fri Jun 30, 2006 11:52 pm
by garvinhicking
Hi!

No, I was just talking of the admin section. Create an entry there wihtout being loigged in with the "remember me" functionality. Completely unrelated to comments - this is just to check how/if your sessions properly work.

Best regards,
Garvin

Posted: Sat Jul 01, 2006 9:16 am
by plofhead
Hi,

Sorry but you probably mean logging into the admin without enabling the 'save information' square?
When I do that I have to enter my username and password again almost every time I choose one of the items from the admin.

Regards,
Bert

Posted: Sat Jul 01, 2006 5:11 pm
by garvinhicking
Hi!

Exactly that I meant. And that it doesn't work proves the fact that your PHP sessions are NOT properly enabled!

Please talk to your provider and ask him to fix PHP cookie-based sessions on your server. They either have a wrong directory set, or a wrong php.ini setting. As you couldn't provide a phpinfo(), it is in their obligation to find out.

PHP sessions are required to make Serendipity properly work, sorry for that.

Best regards,
Garvin

Posted: Wed Jul 05, 2006 11:32 am
by plofhead
Hi,

My provider didn't aswer me yet, but this is what I found on there site:

PHP variables

The register_globals configuration is turned off from version PHP 4.2.0 (older versions this is turned on), this is
because of security considerations.

Therefore, on our servers with PHP >=4.2.0 the register_globals are turned off.

What does register_globals do ?

This makes that all variables that are passed by the php script via GET, POST,
SESSION, COOKIE, SERVER exist directly as viariables.

This means that:
during the order http://www.uwdomein.nl/index.php?foo=bar
in the script the variables
$_GET[foo]
$foo
will be available.
Without register_globals only $_GET[foo] will be available.

In the versions PHP >=4.2.0 the variables will be found in the arrays:
$_GET;
$_POST;
$_SESSION;
$_COOKIE;
$_SERVER;

Work Arounds:

In case you have a script that uses a form with method “POST” and you do not wish to rewrite the entire script to correct the variable names the following script can be used as a workaround:

$gblArray="_POST";
$keys=array_keys($$gblArray);
foreach($keys as $key)
{
$$key=trim(${$gblArray}[$key]);
}

However, it is better to make sure that the global variables cannot be set from user input. This means all variables must be declared separately. For example:

$foo=$_POST[foo];
$bar=$_POST[bar];
$submit=$_POST[submit];
$name=$_POST[name];

Because the scripts cannot be changed, you can use the script mentioned below. If you decide to use this script, it means that all security errors will return.

$ArrayList=array("_GET", "_POST", "_SESSION", "_COOKIE", "_SERVER");
foreach($ArrayList as $gblArray)
{
$keys=array_keys($$gblArray);
foreach($keys as $key)
{
$$key=trim(${$gblArray}[$key]);
}
}


Does this ring you a bell?

Regards,
Bert

Posted: Wed Jul 05, 2006 11:43 am
by garvinhicking
Hi!

This does ring a bell, but register_globals is not required for serendipity at all; in fact we also discourage its use.

The PHP Session problem is in this case NOT related to it!

Best regards,
Garvin