Nick_Ninja Posted June 9, 2008 Share Posted June 9, 2008 My code was forgetting sessions as soon as the script ended. Thinking that php.ini was to blame I changed it from [ Session ] ; Handler used to store/retrieve data. session.save_handler = files ; Argument passed to save_handler. In the case of files, this is the path ; where data files are stored. Note: Windows users have to change this ; variable in order to use PHP's session functions. ; ; As of PHP 4.0.1, you can define the path as: ; ; session.save_path = "N;/path" New session configuration ; Argument passed to save_handler. In the case of files, this is the path ; where data files are stored. Note: Windows users have to change this ; variable in order to use PHP's session functions. ; ; As of PHP 4.0.1, you can define the path as: ; session.save_path = "0;/var/www-session" Code to blame: login.php <?php if(isset($_SESSION)) { header('Location: base.php'); exit(); } elseif(isset($_POST['submit'])) { # form submitted if(isset($_POST['username']) && isset($_POST['password'])) { # both exist include "pwcheck.php"; if(pwcheck($_POST['username'], md5($_POST['password']))) { # login correct session_start(); $_SESSION['username'] = $_POST['username']; $_SESSION = array(); if(isset($_SESSION)) { header('Location: base.php'); } else { echo 'session failed'; } } else { # login incorrect print "<font color=red>Wrong Login.</font>"; show_password_form(); } } else { print "Form problem"; show_password_form(); } } else { show_password_form(); } function show_password_form() { $title = "Login"; include "header.php"; ?> <h1>Login</h1> <div class = box> <form method = POST> <b>Username: </b><input type = text name = username><br /> <b>Password: </b><input type = password name = password><br /> <input type = submit name = submit value = Login><br /> <a href = "register.php">Register</a> </div> <?php include "footer.php"; } ?> This worked fine. The password/username is accepted, the session is started, the user is redirected. Then the session is forgotten, and the user is redirected back to the login page. Excerpt from base.php: include "redirect.php"; #BUG HERE - redirects to login even if logged in # the user is logged in if the script gets to this point. redirect.php <?php if(isset($_SESSION)) { #user is logged in } else { header('Location: login.php'); exit(); } ?> Quote Link to comment Share on other sites More sharing options...
trq Posted June 9, 2008 Share Posted June 9, 2008 I don't see any call to session_start() within redirect.php Quote Link to comment Share on other sites More sharing options...
.josh Posted June 9, 2008 Share Posted June 9, 2008 ...or login.php. At the very beginning you are checking for the session array but there's no session_start() before that to let your script know there could be. Quote Link to comment Share on other sites More sharing options...
Nick_Ninja Posted June 9, 2008 Author Share Posted June 9, 2008 I don't see any call to session_start() within redirect.php ??? Why would redirect.php start the session? The session signifies that the user is logged in. ...or login.php. At the very beginning you are checking for the session array but there's no session_start() before that to let your script know there could be. A. Yes, there IS a call to session_start() if(pwcheck($_POST['username'], md5($_POST['password']))) { # login correct session_start(); # <-------- RIGHT HERE $_SESSION['username'] = $_POST['username']; B. The script is checking to see if the user is logged in. If they are (ie. the session is started) there's no point in logging in again. Quote Link to comment Share on other sites More sharing options...
revraz Posted June 9, 2008 Share Posted June 9, 2008 session_start() has to be the FIRST line of code of every page you want to use Sessions on. Quote Link to comment Share on other sites More sharing options...
Nick_Ninja Posted June 9, 2008 Author Share Posted June 9, 2008 session_start() has to be the FIRST line of code of every page you want to use Sessions on. I was under the impression that it only has to be before headers are sent Quote Link to comment Share on other sites More sharing options...
.josh Posted June 9, 2008 Share Posted June 9, 2008 session_start() has to be the FIRST line of code of every page you want to use Sessions on. I was under the impression that it only has to be before headers are sent You are right. But, you need to put it before you make calls to session variables, which you don't seem to be doing, hence the previous posts. Quote Link to comment Share on other sites More sharing options...
revraz Posted June 9, 2008 Share Posted June 9, 2008 Since you have if(isset($_SESSION)) { as your first line, how can you check it if you haven't started it? Quote Link to comment Share on other sites More sharing options...
Nick_Ninja Posted June 9, 2008 Author Share Posted June 9, 2008 Since you have if(isset($_SESSION)) { as your first line, how can you check it if you haven't started it? Umm... Correct me if I am wrong, but my impression is that isset() does not cause errors with the session. I will try turning on the highest level on error reporting. error_reporting(E_ALL); Edit: Didn't show anything. Quote Link to comment Share on other sites More sharing options...
.josh Posted June 9, 2008 Share Posted June 9, 2008 I don't think you're understanding the point. The point is, you cannot use session variables unless php knows there are session variables. your condition works perfectly fine from PHP's point of view; you won't be getting any errors thrown at you. The problem is that it's not working as you expect, because unless you tell PHP that there are session variables in play (by putting session_start() BEFORE using them), it's going to always evaluate that condition as FALSE, because as far as PHP is concerned, it doesn't exist, because you didn't tell PHP that there are session variables. You did indeed use session_start() later on in your script for your other variables, but that doesn't do squat for you trying to use them BEFORE you used it. I don't really understand what you don't get about that...PHP cannot access session variables unless it knows there's a session. It knows there's a session because you put session_start() before trying to use session variables. I really don't know how else to put that. Quote Link to comment Share on other sites More sharing options...
revraz Posted June 9, 2008 Share Posted June 9, 2008 It won't cause an error, but your IF statement won't work either because the session isn't started. So everything under that IF won't even be ran. So why not just add the session_start() at the top? Or would you rather go back and forth about it. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted June 9, 2008 Share Posted June 9, 2008 @revraz: Lol. @Thread Starter: Crayon Violent pretty much has it summed up. PHP needs to have sessions started on every page that wants to use it, because then, what stops other pages on your site from freely using session variables? Quote Link to comment Share on other sites More sharing options...
Nick_Ninja Posted June 10, 2008 Author Share Posted June 10, 2008 I added the session_start call. Now firefox complains that the page is redirecting in a way that will never complete. Quote Link to comment Share on other sites More sharing options...
Nick_Ninja Posted June 10, 2008 Author Share Posted June 10, 2008 *bump* Quote Link to comment Share on other sites More sharing options...
jonsjava Posted June 10, 2008 Share Posted June 10, 2008 you have an infinite loop going on. Hm... *trying to remember how he fixed that problem when he did that to himself* This version of the code makes more sense (well, to me....*sigh, need to get more sleep*) <?php session_start(); if(isset($_SESSION)) { header('Location: base.php'); exit(); } elseif(isset($_POST['submit'])) { # form submitted if(isset($_POST['username']) && isset($_POST['password'])) { # both exist include "pwcheck.php"; if(pwcheck($_POST['username'], md5($_POST['password']))) { # login correct $_SESSION['username'] = $_POST['username']; $_SESSION = array(); } if(isset($_SESSION)) { header('Location: base.php'); } else { echo 'session failed'; } } else { # login incorrect print "<font color=red>Wrong Login.</font>"; show_password_form(); } } else { print "Form problem"; show_password_form(); } function show_password_form() { $title = "Login"; include "header.php"; ?> <h1>Login</h1> <div class = box> <form method = POST> <b>Username: </b><input type = text name = username><br /> <b>Password: </b><input type = password name = password><br /> <input type = submit name = submit value = Login><br /> <a href = "register.php">Register</a> </div> <?php include "footer.php"; } ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted June 10, 2008 Share Posted June 10, 2008 For which page? Repost the code. At least your IF statement is now working, you just have to debug your logic. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted June 10, 2008 Share Posted June 10, 2008 Does base.php also have that if (isset($_SESSION)) thing? Because then it'll infinitely redirect. Quote Link to comment Share on other sites More sharing options...
Nick_Ninja Posted June 22, 2008 Author Share Posted June 22, 2008 Been away from boards for a while. I tested the script again, and then I looked in the www-session folder I made for saving sessions. As expected, the session script creates the session file. It's empty. There isn't even binary data in it. @DarkWater: EDIT WHILE WRITING POST: AAAUGALKDSJF! www-data has access to CREATE files in www-session, but not to WRITE them. AAAUGALKDSJF (number two)! I'm clearing session data by assigning an array to it in login.php. It works fine now, except for this minor problem I'm having with mysql... but that's a different thread (provided I cannot figure it out) Thanks for the contributions of the people in this thread! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.