Issue
I created a simple login page in php with sessions and it was working great on my LAMP. But today I accidentally changed permission of my /var directory to something like chmod 777 /var, Although I changed back its permission to chmod 755 /var . But now when I tried to access my login page again, I was not able to login. On going through code again, I found that my SESSION variable is not retaining its data while transferring to different page. I am using session_start() in every page (on top of page) , moreover I checked session_id() , it is same in every page. I am using Apache and Mysql in linux environment (Ubuntu 12.04). Code of my program :
index2.php :
<?php
session_start();
if(isset($_SESSION['username']))
{
header('Location: securepage.php');
}
?>
<html>
<head>
<title>Secure LOGIN</title>
</head>
<body>
<h2>User Login </h2>
<form method="POST" action="login.php">
<br>UserName : <input type= "text" name="username">
<br>Password : <input type="password" name="password">
<br><input type="submit" value="Login">
</form>
</body>
</html>
login.php :
<?php
session_start();
include('load.php');
$obj = new load();
$conn = $obj-> connect();
if(!conn)
{
exit('Connection cannot be established');
}
mysqli_select_db($conn,'login') or die('Cannot be established');
$query = "SELECT * FROM users WHERE uname='".$_POST['username']."' and pass = '".md5($_POST['password'])."';";
$login = mysqli_query($conn,$query);
if(mysqli_num_rows($login) == 1)
{
$_SESSION['username'] = $_POST['username'];
header('Location: securepage.php');
}
else
{
header('Location: index2.php');
}
?>
securepage.php :
<?php
session_start();
if (!isset($_SESSION['username'])) {
header('Location: index2.php');
}
?>
<html>
<head>
<title>Secured Page</title>
</head>
<body>
<p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b>
<br>You can put your restricted information here.</p>
</body>
</html>
On echo $_SESSION['username'], after if(mysqli_num_rows) statement in login.php it is correctly displaying the value of username , however on print_r($_SESSION) in securepage.php , it is showing an empty array.
This code was working great till yesterday , I don't know why it is not working now.
I even created two simple test pages to check my SESSION variable , but even that is not working. Although value in $_SESSION is set , but it is not transferring to second page. I have not touched any configuration settings of my LAMP.
My phpinfo() screenshot
Permissions of var direcroty
Please tell me where I am going wrong.
Content of my error.log:
PHP Warning: session_start(): open(/var/lib/php5/sess_mm4ja22k9n0r4gv512imc07ur0, O_RDWR) failed: Permission denied (13) in /var/www/public/index2.php on line 2, referer: http://localhost/index2.php
PHP Warning: Unknown: open(/var/lib/php5/sess_mm4ja22k9n0r4gv512imc07ur0, O_RDWR) failed: Permission denied (13) in Unknown on line 0, referer: http://localhost/index2.php
PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php5) in Unknown on line 0, referer: http://localhost/index2.php
Solution
You mentionned that your did chmod 777 then back 755 to the /var directory (maybe even the subdirectories). Your problem started after that so it seems like a permission problem.
The /var directory contains the www/ folder containing your web documents, but other folders as well ( log, tmp, etc.) as seen on your screenshot.
Do you know where does your php configuration (php.ini) saves your php session files ?
Check out the session.save_path line just to be sure.
The default is /tmp but maybe you're using the /var/tmp or /var/lib/php5. The thing is, the /var/tmp folder is chmod 777 by default so you sould revert back to that.
Good luck !
Answered By - achedeuzot
Posts
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.