PHP $_SESSION Empty on Next Page

PHP $_SESSION is empty during AJAX calls. First thing to check is register_globals must be Off. PHP $_SESSION return empty string when user navigates to the next page. When session ID is not invoked properly, the reason can be that the session.save_path is not set.
$_SESSION['username'] = $_POST['username']; The session variables are not set properly.

Now in this condition the session variables return blank on the next page.
echo $_SESSION['username']; returns blank string.

Checklist for Corrective Measures:

•  Add the following lines at the start of your PHP file:

@ini_set('session.save_path','/home/<UserID>/tmp/sessions');
session_set_cookie_params(3200, '/', $_SERVER['HTTP_HOST']);
session_start();

•  Make sure that the same sesison ID is in use. The session ID is needed to be saved in Javascript or database. 

session_id($_POST['session_id']);

Use session_id() to get the current session. This session ID can be sent to the client in form of values in Javascript variable.

• Normally the session_start() must be called before request headers are being sent, in order to set or retrieve any session variable value using the keyword $_SESSION.
  The session variables has been set or not can re-verified using the following line of codes:

 isset($_SESSION['username']);

• Check the satus of register_globals.

 Paste the code phpinfo(); in the PHP script on server. If the value is register_globals = On, then it is needed to be changed using a php.ini file.
Create a php.ini file in the root folder and add the following line of code.

register_globals = Off

• Create a php.ini file in the root folder and add the following line of codes:

session.save_path = "/home/<UserID>/tmp/sessions"
register_globals = Off

Also add the following lines in .htaccess file in the same folder:

<IfModule mod_suphp.c>
  suPHP_ConfigPath /home/<UserID>
  <Files php.ini>
    order allow,deny
    deny from all
  </Files>
</IfModule>

The <Files> tag makes sure that anyone form outside can't access the php.ini in the form of a web page URL.

Related Links:
PHP .htaccess

vtiger PBX Integration

Call pop-up is sweet
to watch on CRM

Steps to integrate successfully.

1) Change the path: ini_get('include_path')

2) Watch the logs which looks something like this and it will help in troubleshooting the issue.

Date: 12-02-2011
Connecting to asterisk server.....
Connected successfully

Trying to login to asterisk
Logged in successfully to asterisk server

Event: Registry
Privilege: system,all
ChannelDriver: SIP
Domain: sip.aretta.net
Status: Registered

Event: Registry
Privilege: system,all
ChannelDriver: SIP
Domain: sip.aretta.net
Status: Registered

Event: Registry
Privilege: system,all
ChannelDriver: SIP
Domain: sip.aretta.net
Status: Registered

Event: Registry
Privilege: system,all
ChannelDriver: SIP
Domain: sip.aretta.net
Status: Registered

Event: Registry
Privilege: system,all
ChannelDriver: SIP
Domain: sip.aretta.net
Status: Registered

Event: Registry
Privilege: system,all
ChannelDriver: SIP
Domain: sip.aretta.net
Status: Registered

Event: PeerStatus
Privilege: system,all
Peer: SIP/201
PeerStatus: Registered

Event: Registry
Privilege: system,all
ChannelDriver: SIP
Domain: sip.aretta.net
Status: Registered

Event: Newchannel
Privilege: call,all
Channel: SIP/208-b6d036a0
State: Down
CallerIDNum: 208
CallerIDName: device
Uniqueid: 1265982105.5193

Event: Newstate
Privilege: call,all
Channel: SIP/208-b6d036a0
State: Ring
CallerID: 208
CallerIDName: device
Uniqueid: 1265982105.5193
...................
..................
..................

3) Change this important function handleIncomingCalls() in the AsteriskClient.php

vtiger_asteriskincomingcalls must be having the details saved!

4) Check that the required IP mask are allowed from the Asterisk server.
5) All the integration depends on the asterisk server configuration.

6) Logs will always help with all the server config details.

PBX integration is not uniform everywhere. This can be done through Core PHP files as well, just need to make all the mechanism using AJAX usage. This mechanism may be treated similar to the chat system.

This may be a nightmare for many but is easy for them who have invested routine troubleshooting on their available infrastructure and finally gained confidence to understand the entire CRM system and modules to finally succeed in the integration.

Related Links:
CRM Modules Development

Grep String Search

Grep String Search can be fine tuned using the power of regular expressions.

grep -w ^index /var/log/httpd/access.log

This command will display only those lines which is having index.html as the starting word, i.e. the homepage of the domain.

Disable Browser's Back Button

While making admin panel, one must disable the browser's back button after signout.

These are the loopholes left by many a programmers in their programming paradigm.

One of this loopholes can be overcome by disabling the back button, place this code in the head section and the user can't go back and refresh the page to move himself into the Logged In session once again even after the logout has been performed:

 <head>

<title>Welcome to the Secured Admin Panel</title>

<script language="JavaScript">
javascript:window.history.forward(1);
</script>

</head>

What happens under the normal programming architecture that when a user has logged in the entire data being passed into the server is being stored into the browser. Now even when a user logs out, one can easily use the back button to reach the login home page and press F5 to login into another session without having to enter the userid/password combination. However this is possible only if the browser hasn't been closed thereafter. So because of this loophole, one need not destroy the SESSION on logout as this won't solve this potential risk. So just changing the SESSION logged in variable to unset works exactly the same. The thing is to restrict the new visitor of that browser from using the back button for that domain.

There is much more needed to develop the secured login mechanism. For that one needs to catch each session id as well as server side SESSION variable trackback to maintain the unique login id whenever a user logs in and change that variable value on the logout action so that even the back button with the associated refresh action even can't result into the new login session. And in this case the user will have to again login to the admin panel by entering the required login credentials once again from the scratch.

Related Links:
Linux Security for Wamp