Page 2 of 2
Posted: Fri Jun 30, 2006 11:45 am
by garvinhicking
Hi!
No, sorry for being unprecise. I mean the "remember me" functionality when you login to your serendipity backend!
Best rergards,
Garvin
Posted: Fri Jun 30, 2006 3:51 pm
by plofhead
Hi,
When I'm logged in as Admin and then try to enter a comment works sometimes but not always. Then I get the same error message as before.
When I disable the captchas it's always possible to enter a comment.
Regards,
Bert
Posted: Fri Jun 30, 2006 11:52 pm
by garvinhicking
Hi!
No, I was just talking of the admin section. Create an entry there wihtout being loigged in with the "remember me" functionality. Completely unrelated to comments - this is just to check how/if your sessions properly work.
Best regards,
Garvin
Posted: Sat Jul 01, 2006 9:16 am
by plofhead
Hi,
Sorry but you probably mean logging into the admin without enabling the 'save information' square?
When I do that I have to enter my username and password again almost every time I choose one of the items from the admin.
Regards,
Bert
Posted: Sat Jul 01, 2006 5:11 pm
by garvinhicking
Hi!
Exactly that I meant. And that it doesn't work proves the fact that your PHP sessions are NOT properly enabled!
Please talk to your provider and ask him to fix PHP cookie-based sessions on your server. They either have a wrong directory set, or a wrong php.ini setting. As you couldn't provide a phpinfo(), it is in their obligation to find out.
PHP sessions are required to make Serendipity properly work, sorry for that.
Best regards,
Garvin
Posted: Wed Jul 05, 2006 11:32 am
by plofhead
Hi,
My provider didn't aswer me yet, but this is what I found on there site:
PHP variables
The register_globals configuration is turned off from version PHP 4.2.0 (older versions this is turned on), this is
because of security considerations.
Therefore, on our servers with PHP >=4.2.0 the register_globals are turned off.
What does register_globals do ?
This makes that all variables that are passed by the php script via GET, POST,
SESSION, COOKIE, SERVER exist directly as viariables.
This means that:
during the order http://www.uwdomein.nl/index.php?foo=bar
in the script the variables
$_GET[foo]
$foo
will be available.
Without register_globals only $_GET[foo] will be available.
In the versions PHP >=4.2.0 the variables will be found in the arrays:
$_GET;
$_POST;
$_SESSION;
$_COOKIE;
$_SERVER;
Work Arounds:
In case you have a script that uses a form with method “POST” and you do not wish to rewrite the entire script to correct the variable names the following script can be used as a workaround:
$gblArray="_POST";
$keys=array_keys($$gblArray);
foreach($keys as $key)
{
$$key=trim(${$gblArray}[$key]);
}
However, it is better to make sure that the global variables cannot be set from user input. This means all variables must be declared separately. For example:
$foo=$_POST[foo];
$bar=$_POST[bar];
$submit=$_POST[submit];
$name=$_POST[name];
Because the scripts cannot be changed, you can use the script mentioned below. If you decide to use this script, it means that all security errors will return.
$ArrayList=array("_GET", "_POST", "_SESSION", "_COOKIE", "_SERVER");
foreach($ArrayList as $gblArray)
{
$keys=array_keys($$gblArray);
foreach($keys as $key)
{
$$key=trim(${$gblArray}[$key]);
}
}
Does this ring you a bell?
Regards,
Bert
Posted: Wed Jul 05, 2006 11:43 am
by garvinhicking
Hi!
This does ring a bell, but register_globals is not required for serendipity at all; in fact we also discourage its use.
The PHP Session problem is in this case NOT related to it!
Best regards,
Garvin