Jump to content
Sign in to follow this  
CMOTD

Register Globals Support

Recommended Posts

Hi, I Have A Problem With Your Script

Fatal error: Cannot redeclare tep_session_recreate()...

Posting the same thing twice will not get you an answer twice as fast !

 

Read the error message - it is telling you EXACTLY what the error is and even where to look to fix it !

 

...and just so I don't get accused of being unhelpful again, I suppose I ought to add for the hard of reading.... it looks like you have the function tep_session_recreate() declared twice in your code. ie - you messed up when applying the patch.

 

Rich.

Share this post


Link to post
Share on other sites
...Anyone had any success with 2.2-MS1 or are there any alternative options?

Mmmm....

 

The short answer is "I don't know". What I would suggest is :

 

1) Compare the session handling code between the two versions (MS1 and MS2). If it looks the same (or close enough) then you might get the sessions working reasonably easily.

 

2) Applying the rest of the patch (ie - everything that isn't session handling) will probably (?) work, but it depends on how much has changed in the affected files between versions.

 

3) Check _ALL_ the osc code (yes, REALLY !), and see if there are any other variables that might need handling.

 

Basically, yes, in principle, the techniques used by this patch will work on MS1, but the fine detail may have to change, and unless you do a thorough job of looking through the MS1 code, you won't be sure it's correct (even if it seems to work ok, there could be subtle bugs unless you have weeded them out). You are going to have to go through the same exercise I did to create this MS2 patch - it will take you a while :-)

 

Good luck.

 

Rich.

Share this post


Link to post
Share on other sites
Hi, I am new to php etc. and am having trouble to edit the files, is there any way to get a copy of already edited files.

You didn't look very far.

 

Someone has uploaded exactly this to the contribution page. No idea if it is correct though (but I would guess that it probably is).

 

Rich.

Share this post


Link to post
Share on other sites

Hi Richard

 

Thank you very much for your contribution. I have got it working and everything thing seems ok. :)

 

I know you have said in previous posts that you wont look at other contributions but i would be very grateful if you could lend me a hand in some way.

 

I am currently using the wishlist on my website, i am able to add and delete items to it but it does not display anything :blink: i assume it has got something to do with retrieving the correct information to display. Would you be kind enough to point me in the right direction to get this working.

 

Thanks in advance

 

Mike

Share this post


Link to post
Share on other sites
I am currently using the wishlist on my website...Would you be kind enough to point me in the right direction to get this working.

If you look back through this thread, you will find a post from me dated 23 October 2004 and titled "HANDY HINT FOR FINDING REGISTER GLOBALS PROBLEMS AND SOME BUG-HUNTING TIPS"

 

Maybe this will help you

 

Rich.

Share this post


Link to post
Share on other sites

Just a quick note to the good people out there in OSC land.

 

A version of this contribution named register_globals_patch_2005-01-05_1.zip would seem not to be correct.

 

This version has nothing to do with me so don't ask me to support / fix it.

 

I suggest you use the latest version (V 1.2.2 at the time of writing) which should be correct.

 

Rich.

Share this post


Link to post
Share on other sites

V 1.3 - BUGFIX

 

I've put up version 1.3 of this contribution.

 

I came across some blindingly obvious errors in the session management code, and have corrected them.

 

There are three errors in the catalog stuff and two in admin. If you already have this installed then you should be able to just replace the faulty files.

 

I have seen no problems caused by these bugs up to now and nobody has complained to me, so I can only assume that they really have not caused any problems or very few people are using this contribution.

 

Either way, it's all mended now, and full details of what has changed can be found in the CHANGE_HISTORY file.

 

I have also included a new file - OTHER_CONTRIBUTIONS - that is basically a copy of the post I put up on here back in October. It might help if you are trying to get other contributions working with register globals switched off.

 

Right, I'll get back to what I was doing now...

 

Rich.

Share this post


Link to post
Share on other sites

I've downloaded the last version of this but can't open it. I'm using WinZip - is this the problem?

 

Wendy


Wendy

 

 

Go on spread some sunshine!

Share this post


Link to post
Share on other sites
I've downloaded the last version of this but can't open it.  I'm using WinZip - is this the problem?

 

Wendy

I've seen a few posts complaining that winzip can't open tar archives, but I've never had any trouble with it. Maybe you need a newer version of winzip ? - I'm pretty sure anything after version 7 or 8 should be ok. Come back if you still have a problem.

 

Rich.

Share this post


Link to post
Share on other sites
I've seen a few posts complaining that winzip can't open tar archives, but I've never had any trouble with it. Maybe you need a newer version of winzip ? - I'm pretty sure anything after version 7 or 8 should be ok. Come back if you still have a problem.

 

Rich.

 

I downloaded the free version of winzip so probably won't do it (although .tar is in the list). I've since found out that my host does have globals register enabled, but I still can't get it to work (shared ssl). Do you think it's worth me trying your contribution anyway?

 

Wendy


Wendy

 

 

Go on spread some sunshine!

Share this post


Link to post
Share on other sites
I downloaded the free version of winzip so probably won't do it (although .tar is in the list).  I've since found out that my host does have globals register enabled, but I still can't get it to work (shared ssl).  Do you think it's worth me trying your contribution anyway?

 

Wendy

No, the free version of winzip should be fine - if you just open the tar.gz file with winzip it should open it with no problems. Can't understand why people have a problem with this - odd. Maybe you are just trying to click on the file and expect it to open winzip, but it isn't ? If you are then try opening the file manually from winzip instead.

 

Unless you can switch register globals off (you may be able to using a .htaccess file - see the apache ( www.apache.org ) and php ( www.php.net ) web sites for more details), then I would not install this contribution. Installing this and leaving register globals enabled will probably cause problems with the session handling. Besides, there is no point at all in installing this if you are not going to switch register globals off.

 

Rich.

Share this post


Link to post
Share on other sites

Hi all, I've done a recent live install with V 1.3 and keep getting these errors in the Admin Panel:

 

Warning: reset(): Passed variable is not an array or object in .../htdocs/catalog/admin/includes/classes/sessions.php on line 194

 

Warning: Variable passed to each() is not an array or object in ...htdocs/catalog/admin/includes/classes/sessions.php on line 194

 

Only contrib I have added apart from this was the UK-Based, default oscommerce installation... don't know if that has any relevance to the errors or not. If anyone could help or point me in the right direction it would be much appreciated. And of course, apologies if it is a dumb question!

 

Cheers

Share this post


Link to post
Share on other sites
Hi all, I've done a recent live install with V 1.3 and keep getting these errors in the Admin Panel:

 

Warning: reset(): Passed variable is not an array or object in .../htdocs/catalog/admin/includes/classes/sessions.php on line 194

...

Impossible to give you an answer unless you tell me what's on line 194 !

 

If you can post up the function that the line is in (please DON'T post the whole file) and point out which line is 194 then I'll take a look

 

Rich.

Edited by CMOTD

Share this post


Link to post
Share on other sites

  function _php_encode() {
   global $session;

   $ret = '';
// Create a string containing the serialized variables
LINE 194>>    for (reset($session->vars); list($i)=each($session->vars);) {
     $ret .= $session->vars[$i] . $session->delimiter_value . serialize($GLOBALS[$session->vars[$i]]) . $session->delimiter;
   }

   return $ret;
 }

 

Sorry, should have thought of doing that. Shows up at the bottom of the screen under the panel. Admin doesn't seem to be affected by this, I can still use it. But I'm at a loss to as why it keeps showing up. I re-installed with and without the UK contrib, so it's not anything to do with that.

 

Thanks

Share this post


Link to post
Share on other sites
Sorry, should have thought of doing that....

I'm somewhat at a loss here. The problem would seem to be that $session isn't being set to a valid value, but why this might be, I don't know.

 

I'm also at a loss as to where this function is called from !

 

Q1: Are you saving session variables in the database or in a directory ?

Q2: What version of PHP are you using ? Not version 3.* is it ?

 

Anyone else out there with this problem ?

 

Rich.

Edited by CMOTD

Share this post


Link to post
Share on other sites

The server is running PHP 4.3.10 and I've got the store sessions configured to mysql. I've had a good look at the configure files and I think that they are all pretty much in order.

 

I'm thinking that it has to be something to do with the way that the server is set up, I don't really know much about these things. When I attempted to use the cache feature, the site layout broke. So I thought (or think) that means that I can't write to the /tmp/ file on the server... I created another folder in my catalog folder and the cache worked fine. Don't know if this has anything to do with it or if I'm just spouting nonsense!

 

Looking at the PHP ini file I noticed that the include path is set to .:

Again, not sure if that has anything to do with anything. I don't have permissions to fiddle about with the ini file, so will have to ask for it to be changed if I need it to be.

 

Thanks

Share this post


Link to post
Share on other sites

Hi,

I have problems using "file_feature-.77" contribution with register_globals v1.3:

 

Fatal error: Call to undefined function: link_session_variable() in /home/******/public_html/secure/includes/functions/sessions.php on line 95

 

  function tep_session_register($variable) {
   global $session_started;

// >>> BEGIN REGISTER_GLOBALS
   $success = false;

   if ($session_started == true) {
// -skip-   return session_register($variable);

     // Work-around to allow disabling of register_globals - map session variable
     link_session_variable($variable, true);
     $success = true;
   }

   return $success;
// <<< END SESSION_REGISTER
 }

 

Any ideas? I'm lost...

Share this post


Link to post
Share on other sites

Hey,

 

I have downloaded the V1.3 and i have gone through the instruction to install.

 

Then i am experiencing the issue addressed in the README file.

 

"Warning: session_write_close(): Your script possibly relies on a session side-effect

which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in ...<a ref. to sessions.php>"

 

since my site is hosted on a external linux based server, how can i get around this issue? How can i set the variables to OFF? or i can modify some part of the code to get rid of the warning?

 

Cheers

 

Pat :thumbsup:

Share this post


Link to post
Share on other sites
Hi,

I have problems using "file_feature-.77" contribution with register_globals v1.3:

 

Fatal error: Call to undefined function: link_session_variable() in /home/******/public_html/secure/includes/functions/sessions.php on line 95

...

Any ideas? I'm lost...

Yes, read the text file 'OTHER_CONTRIBUTIONS' that comes with the contribution

 

Also, you say that the file is in....

 

.../public_html/secure/includes/functions/sessions.php

 

Is this the catalog or admin ? They are not the same code.

 

Rich.

Edited by CMOTD

Share this post


Link to post
Share on other sites
..."Warning: session_write_close(): Your script possibly relies on a session side-effect

which existed until PHP 4.2.3....

First port of call would be to contact your host and ask them if they will change it in the php.ini file. I don't really see any issue that might cause them not to; there are no security issues with switching this off.

 

Alternatively, you might be able to change this in some .htaccess file. Not sure - You would have a look at the apache and PHP web sites to see if this is possible; off hand, I'm not even sure you can set this in the apache config, and .htaccess files are restricted in what they han do anyway, so you'll have to dig about.

 

Failing that, a really ugly (...and I hesitate to use the word...) 'fix' might be to add a '@' in front of the session_write_close() call. ie -

 

@session_write_close()

 

The @ should suppress warnings, and is normally used with I/O functions that are expected to fail sometimes. As I say though, this is really ugly and I would only use this as a very last resort (or if you are feeling really lazy and don't really care about the state of health of your application environment).

 

Rich.

Share this post


Link to post
Share on other sites
The server is running PHP 4.3.10 and I've got the store sessions configured to mysql.

...

Looking at  the PHP ini file I noticed that the include path is set to .:

Not ignoreing you, but not really sure what to suggest either.

 

I suspect it might be the mysql session storage causing the problem. Can you temporarily change it to file storage and see what happens ?

 

It is normal for the php path to be set to '.' - OSC relies on this for the subdirectories (includes, images etc) to be brought in correctly. So, it looks like that's ok.

 

Rich.

Share this post


Link to post
Share on other sites

Sorry, turns out to be a red herring. Spent hours as well trying to figure out what I had done wrong. I contacted the server admin and told them about the problem and it turns out that they had set up the server incorrectly for session storage. So they've fixed it and it's all working in order. Thanks a lot for the replies and also (as I should have said earlier) thanks for the great contrib.

 

Cheers

Share this post


Link to post
Share on other sites
Also, you say that the file is in....

 

.../public_html/secure/includes/functions/sessions.php

 

Is this the catalog or admin ? They are not the same code.

 

Rich.

 

Sorry about that.

The admin section is working fine. the problem is in the catalog section.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×