| using the forum _inside_ another php script [message #16050] |
Tue, 13 January 2004 01:18  |
 |
hello-world
Messages: 47
Registered: December 2003
Karma: 0
|
Member |
|
|
Hi,
When trying to use fudforum as feedback mechanism, I tried calling the forum _inside_ another php
script.
something like.
readfile("http://" . $_SERVER["SERVER_NAME"] . "/forum/?t=tree&th=2");
This - quite unexpectedly - doesn't work. Actually, it works, but the user information gets lost
and it shows as anonymous. I guess the problem lies in setting up the cookies.
Could you tell me if there is a simple way out of this? Or do I need to go into detailed php cookie
handling?
I am not sending any output before the "readfile". In fact, if I replace "readfile" with a
redirection "header()", it works fine.
Thanks.
[Updated on: Tue, 13 January 2004 05:32] Report message to a moderator |
|
|
|
| Re: using the forum _inside_ another php script [message #16052 is a reply to message #16050] |
Tue, 13 January 2004 06:09  |
|
hello-world
Messages: 47
Registered: December 2003
Karma: 0
|
Member |
|
|
I figured this much out:
The cookies are set only for the path /forum and not for the script
from which I call the forum.
So I changed the COOKIE_PATH variable to "/" but then the whole damn
thing stopped working. I mean, no more logging in.
So now the question is: how do I use the same cookies for the whole
site?, that every one of the scripts should get the cookies set by the
forum.
Thanks.
[Updated on: Tue, 13 January 2004 06:13] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
| Re: using the forum _inside_ another php script [message #16079 is a reply to message #16078] |
Tue, 13 January 2004 16:48 |
|
hello-world
Messages: 47
Registered: December 2003
Karma: 0
|
Member |
|
|
OK.
But will fudforum be able to get the cookie variables if called as
readfile("forum/?t=tree&th=22");
Or maybe I should do the cookie processing and set the user_id
variable before I call readfile. I will see.
Yeah, I think readfile might create a whole new set of data, and
fudforum may not be getting any cookies at all. I have to figure out
the exact workings of readfile.
THe feedback system works if I use a redirection to the forum,
instead of calling readfile, but I wanted to make it absolutely
transparent. This would have been the ideal solution.
I will get some info and come back.
Thanks.
[Updated on: Tue, 13 January 2004 17:01] Report message to a moderator |
|
|
|
| Re: using the forum _inside_ another php script [message #16083 is a reply to message #16079] |
Tue, 13 January 2004 18:07 |
|
hello-world
Messages: 47
Registered: December 2003
Karma: 0
|
Member |
|
|
Hey I got it.
Cookies are not passed through a call to readfile().
So I do a cookie processing before that and convert it into session
variables and call fudforum as
readfile(http://fudforum/?djlf. "&S=" . _COOKIE["$GLOBALS['COOKIE_NAME']").
It works fine. Absolutely. It has to anyway.
But I need to know what is the "SQ" variable, and how to create it using the cookie values.
And I am sorry to post like this in bits and pieces, but I am fucking learning the damn php along
the way.
Thanks a lot.
[Updated on: Tue, 13 January 2004 18:11] Report message to a moderator |
|
|
|
|
|
|
|
|
|
| Re: using the forum _inside_ another php script [message #16107 is a reply to message #16092] |
Wed, 14 January 2004 16:38 |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
The forum is not getting any cookies because when you do readfile() the request comes from PHP and not you, so no cookies are being sent.
When URL sessions are in use strict checks are done, which means SQ is validated on every page. The lack of SQ is preventing you from 'appearing' as a registered user. There is no easy way to fetch SQ because a new one is generated every request.
FUDforum Core Developer
|
|
|
|
|
|
|
|
| Re: cookies for the whole domain [message #16160 is a reply to message #16143] |
Fri, 16 January 2004 21:33 |
 |
Wild_Cat
Messages: 144
Registered: November 2002
Location: Odessa, Ukraine
Karma: 0
|
Senior Member |
|
|
| Ilia ÐÉÓÁÌ(Á) ðÔÎ, 16 ñÎ×ÁÒÑ 2004 18:05 |
You should not leave the cookie host empty, that may cause problems in various browsers.
|
As far as we see, setting the cookie host to what it should be while trying to make cookies valid for the whole domain actually causes such problems for 3 most used browsers that we can't login any more! What should we do then? How to make the cookie work for the whole doamin otherwise and be accepted by the browser too??? (Just a tiny note once more: it doesn't set any cookies even when the domain in question is explicitely given maximum permissions in browser cookie and/or security settings!)
Lady of Avalon
[Updated on: Fri, 16 January 2004 21:34] Report message to a moderator |
|
|
|
| Re: cookies for the whole domain [message #16162 is a reply to message #16160] |
Fri, 16 January 2004 21:38 |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
At max permissions all cookies are rejected, at max - 1 your website needs to have a special setting that validates cookies (at least in IE).
Check what cookie header is being sent by PHP and post it (including the actual domain name).
FUDforum Core Developer
|
|
|
|
| Re: cookies for the whole domain [message #16166 is a reply to message #16162] |
Sat, 17 January 2004 00:27 |
|
Wild_Cat
Messages: 144
Registered: November 2002
Location: Odessa, Ukraine
Karma: 0
|
Senior Member |
|
|
I didn't mean max settings in IE, I meant accept all cookies from this site in Mozilla cookie manager & inclusion in trusted sites in IE, both browsers security for cookies is set to accept cookies for the domain they are sent from - that's my level, but I just added localhost as especially trusted sites when I had login problems yet with local version of 2.5.0. Opera set to accept all cookies from all sites does not even try to create the cookie, it seems - no error alerts for invalid paths or domains... nothing as if the cookie was not being sent
(Well, I wander too why is that your installer is leaving domain empty if it shouldn't be done  )
I am running for now 2.6.0 on localhost (no wish to experiment with alive forum)
Here is what I have for cookies while path is set to / & domain left empty (working logins):
Set-Cookie: fud_session_148542139=59d490552689e2c4546ca5cf43a7ec2b; expires=Fri, 30-Jan-04 22:20:21 GMT; path=/[/face]
response
Cookie: fud_session_148542139=59d490552689e2c4546ca5cf43a7ec2b[/face]
If I set path to / & domain to localhost while the cookie still exists, I can login & all OK. But if I destroy the cookie with such settings the cookie doesn't want to be set:
Set-Cookie: fud_session_148542139=7d7a7013f5cd56045f0e4c83bd167075; expires=Fri, 30-Jan-04 22:36:34 GMT; path=/; domain=localhost
[/face]
and that's all, no new cookie appears in my browser!
The same thing happens when path is set to /forum/ anyway!
Set-Cookie: fud_session_148542139=f8e46c57174d2f3b2c7aa0965b1365fd; expires=Fri, 30-Jan-04 22:39:24 GMT; path=/forum/; domain=localhost[/face]
So if the cookie does not already exist, it doesn't want to be created this way!
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
LiveHHTP Headers extension for Mozilla used (I don't know how to capture them otherwise)
But what browsers are having problems with omitting the domain if they should use the same domain wich sets the cookies according to standards? Or is it a security issue? Or localhost one?...
Lady of Avalon
[Updated on: Sat, 17 January 2004 01:01] Report message to a moderator |
|
|
|
| Re: cookies for the whole domain [message #16167 is a reply to message #16166] |
Sat, 17 January 2004 00:30 |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
You cannot set a cookie on localhost it's not a valid domain because it does not contain @ least 2 dots. In this case you should not be using a cookie domain, set it to "" inside GLOBALS.php
FUDforum Core Developer
|
|
|
|
| Re: cookies for the whole domain [message #17313 is a reply to message #16167] |
Wed, 24 March 2004 14:03 |
spyder
Messages: 5
Registered: March 2004
Karma: 0
|
Junior Member |
|
|
I entered another domain name for 127.0.0.1 in c:/windows/system32/drivers/etc/hosts (www.domain.loc) and set this as the ServerName in apache's httpd.conf.
Still, FUDforum doesn't set any cookies and continues with url sessions.
In http://www.domain.loc/forum/adm/admglobal.php I set Cookie Path: /forum/ and Cookie Domain: .domain.loc and every other setting default. My Browser (Mozilla) is instructed to accept all cookies.
What could be my problem.
TIA
PS: I just realized, that it's not the cookie any more, but the SQ= thing. But if I use index.php/f/1/2/ instead of index.php/f/1/2/?SQ=2aaf... it works as well. So, why can't I get rid of the SQ= thing?
PPS: I asked the same question in http://fud.prohost.org/forum/index.php?t=msg&th=3254, maybe this is a better place to answer.
[Updated on: Wed, 24 March 2004 16:05] Report message to a moderator |
|
|
|
|
|
| @ Wildcat [message #17331 is a reply to message #16050] |
Fri, 26 March 2004 03:20 |
spyder
Messages: 5
Registered: March 2004
Karma: 0
|
Junior Member |
|
|
| Quote: |
It was discussed before (don't remember where)...
|
Unfortunately I cannot search for "SQ" and I don't know any other technical term for it.
| Quote: |
... - a security measure, omitting out of question, i'm still thinking about a hack
|
Ilia gave me a short answer about the importance of the SQ value in this thread: http://fud.prohost.org/forum/index.php?t=msg&th=3254 and I described a rough layout, how it could be transported by means of cookies. If you have any suggestions, they will be welcome.
[Updated on: Fri, 26 March 2004 03:24] Report message to a moderator |
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]