Quick help with basic session related question please

[dmccabe]

hi again all,

 

I have a form that users login through and authenticates them against an LDAP server.

 

Q1 ) If the login is not valid it then simply says "incorrect username password, try again" if they do login correctly then I want it direct them to the next page, how do I pass them to the next page (new_user.php).

 

Q2) I have started a session on the login page and have captured the username they enter using

$_session['ldapname'] = $_GET['ldapname'];

How do I use this session variable on the new_users.php page they are then passed to? can i simply just use the $_session['ldapname'] variable? do I have to initialise the session at the top of the new_user.php page?

 

Thanks in advance guys'n'girls.

 

[craygo]

Q1. if you have not outputed anything to the browser, you can use a header to send them to the next page upon authentication

header("Location:new_user.php");

if you have outputed something then you can use a meta tag

<META HTTP-EQUIV=\"Refresh\" content=\"4;url=new_user.php\" />

 

Q2. In order to use any session variables EVERY page will have to begin with session_start(); As long as you do that on every page all session variables will be available to you script.

 

Ray

[dmccabe]

Thanks for the help Craygo.

 

Just looking at the session thing for the moment, I have this on my index.php

 

if (!$_session['ldapname']) {
include('login.php'); 
} else {
echo "Welcome to 1car1 online forms page, please select the relevant form from the list on the left";
}

 

Login.php contains the following:

 

$_session['ldapname'] = $_GET['ldapname'];

 

Which takes the username entered in to the form and sets it to $_session['ldapname']

 

Then on another page, that I dont want them to have access to until they have logged in I have the following:

 

$loginname = $_session['ldapname'];
if (!$loginname) {
echo "You must be logged in to access this page";
} 

 

I have the session_start(); in the header of each page, but the user whether they have logged in or not always gets the "you must be logged in" message?

 

Any clues as to why?

[craygo]

try using isset rather than !

 

! is a true or false thing and may not give you the required results and is usually used with functions or variables that have been set to true or false.

 

$loginname = $_session['ldapname'];
if (!isset($loginname)) {
echo "You must be logged in to access this page";
}

 

Ray

[dmccabe]

Changed it to:

if (!isset($_session['ldapname'])) {
echo "You must be logged in to access this page";
} 

 

However it still only gives the "you must be logged in message".

 

I must be doing something obvious wrong, but what?

 

Here's how my pages work at the moment:

 

index.php includes the header.php (which contains the session start), index checks if the $_session['ldapname']; is set and if not gives them the login window, if it is set it displays a welcome message. (this part works fine)

 

there is a menu on the left to choose the page the user wants and they then choose the new user page which is then inluded in the index.php using:

 

if ($_GET['page'] == 'it_new_user') {
	include('it/new_user.php');
}

 

At the top of that page I have the code specified at the beginning of this post, but it always says "you must be logged in..."

 

Any more ideas?

[craygo]

try to echo out your session variables at the top of the page to see what's set

 

print_r($_SESSION);

 

Ray

[dmccabe]

hmmm... all I get is:

 

Array ( )

[chriscloyd]

top of the page you need to start the session session_start();

then you can simply call the session by doing $_session['ldapname']

[dmccabe]

Ok so at the top of each page I have put:

 

SESSION_START();
$_session['ldapname'];
print_r($_SESSION);

 

and all I still get is the Array ( )

 

Do I need to enable sessions or anything?

[dmccabe]

I have to go now, but if you have any more ideas please leave them for me and I will come back to it in the morning.

 

If not I think I will start again from scratch as I clearly have something wrong with my general coding somewhere.

[kmark]

Hi i was just dealing with something like this. My solution ended up being moving session_start(); to the very top of the login page.  Why this make a difference I have no idea but it did.

 

So instead of

//Form and login has already been validated then...
session_start();
$_SESSION['this'] = 'that';
header('Location:here.php');

 

I use...

 

session_start();
//Form validation login procedure etc....then
$_SESSION['this'] = 'that';
header('Location:here.php');

 

Let me know if this works for you

[revraz]

Because that is the right way to do it.

 

My solution ended up being moving session_start(); to the very top of the login page.  Why this make a difference I have no idea but it did.

 

[kmark]

well then I guess thats a good reason

[craygo]

session_start() MUST or should I can say SHOULD be at the top of your pages. So if you have a page which includes another page you should have it at the top of the main page. The reason it should be at the top is so that nothing gets outputted to the browser before the session starts. once you output any html or java or anything to the browser you will get an error.

 

Ray