Internet Explorer Clears PHP Session Cookies
I set a session cookie in a PHP script accessed via an iframe in a Google Site as a gadget. The PHP script did a check on the user and if ok, set the session cookie so that they could access secure information on another system on the same domain as the first PHP script. Once the cookie was set, I used a redirect to let the user access the secure information...
<?php
if ($user == 'ok')
{
session_start();
$_SESSION['allowed'] = 1;
header("Location: securepage.php");
}
?>
This worked fine in Firefox and Chrome but not in Internet Explorer 7. Having debugged the code, I realised that the $_SESSION['allowed'] = 1 was not making it to the secure information PHP script. Internet Explorer was deleting or not receiving the PHP SESSION information.
This appears to be a security measure in Internet Explorer 6, 7 and potentially 8. In any case, the fix is to do the following on the first PHP script where you start the session.
<?php
if ($user == 'ok')
{
session_start();
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
$_SESSION['allowed'] = 1;
header("Location: securepage.php");
}
?>
This extra P3P header tells Internet Explorer to accept the cookies from the first PHP script as it links or redirects to the securepage.php. I am not sure why IE would interpret doing this as a security threat but it could be to do with doing a header("Location... from within an iframe. Security level in Internet Explorer was set to medium-high.
Simple PHP Function to Maintain Drop-Down State
This PHP function is a quick, simple way to maintain the state of select / drop downs when the form input is invalid.
/**
* Function to draw drop down boxes and allow the state to be maintained
* if the form has an error
*
* @param array $vals - select box values
* @param array $text - select box show values
* @param string $search - the name/id of the select box to be searched for
*/
function dropDown( $vals, $text, $search )
{
for ($i=0; $i < count($vals); $i++)
{
if ($search == trim($vals[$i]))
{
$selected = "selected=\"selected\"";
}
else
{
$selected = "";
}
$result .= "$text[$i]\n";
}
return ($result);
}
?>
PHP 5+ and MySQL 4.0 Could not connect
Hopefully you should never encounter this problem but I recently needed to do an insert into a MySQL 4.0 table from a remote installation of PHP 5. I could connect from the PHP5 server to the MySQL 4.0 server via the command line, so assumed this would work find using PHP5.
I got the following error: Could not connect: Connecting to 3.22, 3.23 & 4.0 servers is not supported
Basically, later versions of PHP use a password encryption algorithm which means they are incompatible with MySQL 4.0 but not MySQL 4.1+.
Since the command line connection worked, the solution was to create a shell script on the PHP5 server which looked similar to the following:
#!/bin/sh
/usr/bin/mysql -u USERNAME -pPASSWORD DBNAME -h HOST<<STOP
insert into table (name, email) values ('$1','$2')
\g
STOP
exit
You will need to swap the capitalized variables for your own USERNAME, PASSWORD, DBNAME and HOST.
I called the shell script doinsert.sh and chmodded it 755 to make it executable. Then, in my PHP script I used:
<?php
$r = shell_exec('./doinsert.sh ' . $name . " " . $email);
?>
...which executes the shell script and runs the insert statement I was aiming for. If you want to run a select statement instead of my insert example, then anything returned by the shell script should be available in $r.
