neverett

Lots of errors. Line 16 of functions.php: session_start(); Line 8 in test.php: if($_SESSION['logged_in'] == false){ Line 10 in test.php: echo $_SESSION['logged_in']; Line 343 in functions.php: if($_SESSION['logged_in'] == false){ Line 345 in functions.php: echo $_SESSION['logged_in'];

Yes I do.

No errors. I just get this...

I'll see what happens... post back in a few.

I'm looking for any insight as to why I'm losing my session variables. Below is some code. I have run several tests and I know that I lose the variables right after I sendredirect(); in the checklogin.php file. Any help is greatly appreciated. Thanks in advance! checklogin.php <?@session_start(); ob_start(); include("functions.php"); $email = $_POST['email']; $p = $_POST['password']; if($email != "" && $p != ""){ $pass = md5($p); // encrypt password $sql = "select * from users where email = '$email' and password = '$pass'"; $result = mysql_query($sql) or die(mysql_error()); $count = mysql_num_rows($result); // count the number of rows that were queried if($count == 1){ $row = mysql_fetch_array($result); if($row['active'] == 1){ $_SESSION['user_id'] = $row['id']; $_SESSION['logged_in'] = true; sendredirect("test.php"); }else if($row['active'] == 0){?> <center> <b>Your membership was not activated. Please open the confirmation email you received and click on the activation link. Thank you.</b> </center> <?} }else{?> <center> <b>Your login could not be authenticated. <a href="login.php">Click here to login.</a></b> </center> <?} }else{?> <center> <b>Please use your email address and password to login. <a href="login.php">Click here to login.</a></b> </center> <?} ob_end_flush();?> test.php <?@session_start(); include("header.php"); if($_SESSION['logged_in'] == false){ echo "Your session is NOT working in test.php.<br><br>"; echo $_SESSION['logged_in']; }else if($_SESSION['logged_in'] == true){ echo "Your session is working in test.php.<br><br>"; echo $_SESSION['logged_in']; } test(); include("footer.php");?> functions.php <?// start sessions @session_start(); // Redirect function sendredirect($location){ echo " <html>\n <head>\n <meta http-equiv=\"Refresh\" content=\"0;url=".$location."\">\n </head>\n"; } function test(){ if($_SESSION['logged_in'] == false){ echo "Your session is NOT working in functions.php.<br><br>"; echo $_SESSION['logged_in']; }else if($_SESSION['logged_in'] == true){ echo "Your session is working in functions.php.<br><br>"; echo $_SESSION['logged_in']; } }?>

Anymore takers? I just don't understand why the variables get lost right after I send the redirect to test.php. Any help would be greatly appreciated.

But they shouldn't be able to see the hashed password can they (the pw var)??? That should all be hidden. How can I go about fixing this? I really appreciate your input and pointing this out to me.

Still not working. checklogin.php <?@session_start(); ob_start(); include("functions.php"); $email = $_POST['email']; $p = $_POST['password']; if($email != "" && $p != ""){ $pass = md5($p); // encrypt password $sql = "select * from users where email = '$email' and password = '$pass'"; $result = mysql_query($sql) or die(mysql_error()); $count = mysql_num_rows($result); // count the number of rows that were queried if($count == 1){ $row = mysql_fetch_array($result); if($row['active'] == 1){ //@session_start(); $_SESSION['user_id'] = $row['id']; $_SESSION['logged_in'] = true; sendredirect("http://www.ohiotrac.com/members/test.php"); }else if($row['active'] == 0){?> <center> <b>Your membership was not activated. Please open the confirmation email you received and click on the activation link. Thank you.</b> </center> <?} }else{?> <center> <b>Your login could not be authenticated. <a href="http://www.ohiotrac.com/members/login.php">Click here to login.</a></b> </center> <?} }else{?> <center> <b>Please use your email address and password to login. <a href="http://www.ohiotrac.com/members/login.php">Click here to login.</a></b> </center> <?} ob_end_flush();?>

So I changed some things to better test my sessions and still not working. Here are the updated files (the login.php file remains the same as above)... test.php <?@session_start(); include("header.php"); if($_SESSION['logged_in'] == false){ echo "Your session is NOT working in test.php.<br><br>"; echo $_SESSION['logged_in']; }else if($_SESSION['logged_in'] == true){ echo "Your session is working in test.php.<br><br>"; echo $_SESSION['logged_in']; } test(); include("footer.php");?> functions.php <?// start sessions @session_start(); function test(){ if($_SESSION['logged_in'] == false){ echo "Your session is NOT working in functions.php.<br><br>"; echo $_SESSION['logged_in']; }else if($_SESSION['logged_in'] == true){ echo "Your session is working in functions.php.<br><br>"; echo $_SESSION['logged_in']; } }?> checklogin.php <?ob_start(); @session_start(); include("functions.php"); $email = $_POST['email']; $p = $_POST['password']; if($email != "" && $p != ""){ $pass = md5($p); // encrypt password $sql = "select * from users where email = '$email' and password = '$pass'"; $result = mysql_query($sql) or die(mysql_error()); $count = mysql_num_rows($result); // count the number of rows that were queried if($count == 1){ $row = mysql_fetch_array($result); if($row['active'] == 1){ //@session_start(); $_SESSION['user_id'] = $row['id']; $_SESSION['logged_in'] = true; sendredirect("http://www.ohiotrac.com/members/test.php"); }else if($row['active'] == 0){?> <center> <b>Your membership was not activated. Please open the confirmation email you received and click on the activation link. Thank you.</b> </center> <?} }else{?> <center> <b>Your login could not be authenticated. <a href="http://www.ohiotrac.com/members/login.php">Click here to login.</a></b> </center> <?} }else{?> <center> <b>Please use your email address and password to login. <a href="http://www.ohiotrac.com/members/login.php">Click here to login.</a></b> </center> <?} ob_end_flush();?> Results Your session is NOT working in test.php. Your session is NOT working in functions.php.

But it shouldn't need it though because the $_SESSION variables are only being used in the one if statement right??? I'll try it though.

I noticed one place where I didn't have it, and I fixed it. Still not working though. Here is some updated code... test.php <?@session_start(); include("header.php"); test(); include("footer.php");?> functions.php <?function test(){ @session_start(); if($_SESSION['logged_in'] == false){ echo "Your session is NOT working.<br><br>"; echo $_SESSION['logged_in']; }else if($_SESSION['logged_in'] == true){ echo "Your session is working.<br><br>"; echo $_SESSION['logged_in']; } }?> login.php <?include("header.php");?> <div id="content2-pagetitle">Member Management</div> <div id="content-title-noshade-size2">Login</div> <br> <center> <table align="center"> <form name="login" action="checklogin.php" method="post"> <tr> <td>Email </td> <td><input type="text" name="email" size="25"></td> </tr><tr> <td>Password </td> <td><input type="password" name="password" size="25"></td> </tr> </table> <br> <input type="submit" name="Login" value="Login" title="submit"> </form> </center> <?include("footer.php");?> checklogin.php <?ob_start(); include("functions.php"); $email = $_POST['email']; $p = $_POST['password']; if($email != "" && $p != ""){ $pass = md5($p); // encrypt password $sql = "select * from users where email = '$email' and password = '$pass'"; $result = mysql_query($sql) or die(mysql_error()); $count = mysql_num_rows($result); // count the number of rows that were queried if($count == 1){ $row = mysql_fetch_array($result); if($row['active'] == 1){ @session_start(); $_SESSION['user_id'] = $row['id']; $_SESSION['logged_in'] = true; sendredirect("http://www.ohiotrac.com/members/test.php"); }else if($row['active'] == 0){?> <center> <b>Your membership was not activated. Please open the confirmation email you received and click on the activation link. Thank you.</b> </center> <?} }else{?> <center> <b>Your login could not be authenticated. <a href="http://www.ohiotrac.com/members/login.php">Click here to login.</a></b> </center> <?} }else{?> <center> <b>Please use your email address and password to login. <a href="http://www.ohiotrac.com/members/login.php">Click here to login.</a></b> </center> <?} ob_end_flush();?>

Any ideas??? I'm stumped. ???

I have set $_SESSION['logged_in'] to true in checklogin.php. It's there, I double checked. It somehow gets lost when I sendredirect() to the test.php page. I don't really like to send variables via the web address either (as I have considered doing that). I don't know what is going wrong. My redirect is a meta-refresh. Thanks for everything!

The test() function returns true and displays "Your session is working." In other words, when I do that, it works.

No errors. I get Array( )

For some reason... when running the following code the $_SESSION variable never gets set. I always get "Your session is NOT working." login.php <?include("header.php");?> <div id="content2-pagetitle">Member Management</div> <div id="content-title-noshade-size2">Login</div> <br> <center> <table align="center"> <form name="login" action="checklogin.php" method="post"> <tr> <td>Email </td> <td><input type="text" name="email" size="25"></td> </tr><tr> <td>Password </td> <td><input type="password" name="password" size="25"></td> </tr> </table> <br> <input type="submit" name="Login" value="Login" title="submit"> </form> </center> <?include("footer.php");?> checklogin.php <?ob_start(); include("functions.php"); $email = $_POST['email']; $p = $_POST['password']; if($email != "" && $p != ""){ $pass = md5($p); // encrypt password $sql = "select * from users where email = '$email' and password = '$pass'"; $result = mysql_query($sql) or die(mysql_error()); $count = mysql_num_rows($result); // count the number of rows that were queried if($count == 1){ $row = mysql_fetch_array($result); if($row['active'] == 1){ @session_start(); $_SESSION['user_id'] = $row['id']; $_SESSION['logged_in'] = true; sendredirect("http://www.ohiotrac.com/members/test.php"); }else if($row['active'] == 0){?> <center> <b>Your membership was not activated. Please open the confirmation email you received and click on the activation link. Thank you.</b> </center> <?} }else{?> <center> <b>Your login could not be authenticated. <a href="http://www.ohiotrac.com/members/login.php">Click here to login.</a></b> </center> <?} }else{?> <center> <b>Please use your email address and password to login. <a href="http://www.ohiotrac.com/members/login.php">Click here to login.</a></b> </center> <?} ob_end_flush();?> test.php <?@session_start(); include("header.php"); test(); include("footer.php");?> functions.php [this file contains the test() function] <?function test(){ if($_SESSION['logged_in'] == false){ echo "Your session is NOT working.<br><br>"; echo $_SESSION['logged_in']; }else if($_SESSION['logged_in'] == true){ echo "Your session is working.<br><br>"; echo $_SESSION['logged_in']; } }?>

But the md5 hash can be found anywhere on the net. How is this any different?

That would be nice if I could just compare the strings, but I have queried the already encrypted password out of the database therefore i need to encrypt the non-encrypted password entered in the form to be sure the two match.

It's built into Javascript correct? The md5 hash?

function validate_oldpw(opw, pw){ with(opw, pw){ var old = opw.value; old = md5(old); if(opw.value == ""){ alert("The [old] password you entered does not match your current account password.1"); return false; } if(md5(old) == pw.value){ return true; } else{ alert("The [old] password you entered does not match your current account password.2"); return false; } } } Any idea why this won't work. I'm trying to compare two passwords. pw.value is a password stored via the md5 method. I'm trying to take opw and check it with the supplied pw.value. Let me know if you have any ideas. Thanks in advance!!!

I found another way to implement. Thanks everyone.

Didn't work. Thanks though... I was really hopeful!!

Any ideas on how to get something like this to work? Post back if you have any questions. $details = ""; if($newstatus == 4){ $details = echo " <script type=\"text/javascript\"> var det = \"\"; while(det == \"\"){ det = prompt(\"Please detail the changes\", \"\"); } return det; </script> "; } This is the error I get... Parse error: parse error, unexpected T_ECHO in /home/content/t/r/a/tracpr/html/members/changestatus.php on line 16 Line 16 is: $details = echo " <script type=\"text/javascript\"> var det = \"\"; while(det == \"\"){ det = prompt(\"Please detail the changes\", \"\"); } return det; </script> "; Thanks in advance for any help you may have!!! NE

I'm having a bit of trouble working on a do-while loop for a prompt box. I'm looking for a sample piece of code that shows how you can require input on a prompt [using a do-while]. I really only need the conditions for the while portion. I keep making an infinite loop. So if they press cancel or if they type nothing [an empty string] then I want it to pop the prompt up again and again until they enter a string. Thank you for any help in advance. NE

Still didn't work. To test it yourself you can go to www.niceverett.com/test.php. To view the code source you can go to www.niceverett.com/test.phps. Thanks again for your help everyone!!!