.CriMson Posted June 26, 2008 Share Posted June 26, 2008 Background: I have a standard content management system that i designed. index.php contains the login form, and splash.php contains the screen with all the detail. splash.php is the only page loaded, the other pages are just included in the body of splash.php based on the query string. splash.php performs a login validation before anything else happens. In here, it just queries the database and looks if the session variables match what is in the database. So what happens is when i create a new user, it creates the user, and then displays the success message, but then clears the session variables that i have set that store the user id so when i click to navigate to another location, it thinks the user is no longer logged in and redirects them to the login page. I found the piece of code where the session variables are being cleared, and it makes no sense because there isnt anything in there that would clear the variables. I also noticed that the sessionID remains the same, so i know the session isnt expiring or being reset. Here is the code where the variables are cleared: } else { // session id is the same, but session variables are being unset // insert into database OpenConnection(); // search for user to see if it exists $sql = "select * from tblUser where username = '".$user."';"; $query = mysql_query($sql); if (mysql_num_rows($query) > 0) { print "User already exists. Please choose a different username"; } else { $sql = "insert into tblUser (username, password, firstName, lastName, userType, clientID, email) values ('".$user."','".$pass."','".$fName."','".$lName."','".$type."','".$clientID."','".$email."');"; $query = mysql_query($sql); if (!$query) { die ("Error creating user. Details: ".mysql_error()); } else { print "<b>".$fName." ".$lName."</b> was added successfully!"; } } CloseConnection(); } Any ideas? I'm clueless. The form is in the same file, and this is the only place in the file that resets the variables. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted June 26, 2008 Share Posted June 26, 2008 Do you have <?php session_start(); ?> at the start of each script where SESSIONs are used? Ken Quote Link to comment Share on other sites More sharing options...
.CriMson Posted June 26, 2008 Author Share Posted June 26, 2008 Yes session_start(); is there. Like i said, the entire file that the code is taken from works as it should. The session variables are available to every if and else statement except the one i posted. Quote Link to comment Share on other sites More sharing options...
.josh Posted June 26, 2008 Share Posted June 26, 2008 I don't see any session variables in that code block... are the regular vars you have in that code block being assigned the session info somewhere else? Quote Link to comment Share on other sites More sharing options...
widox Posted June 26, 2008 Share Posted June 26, 2008 Where are you using session variables? if you do print_r($_SESSION); what happens? Quote Link to comment Share on other sites More sharing options...
.CriMson Posted June 26, 2008 Author Share Posted June 26, 2008 I don't see any session variables in that code block... are the regular vars you have in that code block being assigned the session info somewhere else? im saying that is the block of code that the variables are being cleared. There's no use for the session variables in that block, but when i was troubleshooting, that is the area where they are being cleared. Quote Link to comment Share on other sites More sharing options...
.CriMson Posted June 26, 2008 Author Share Posted June 26, 2008 Where are you using session variables? if you do print_r($_SESSION); what happens? Array ( [user] => [type] => [clientID] => [userID] => ) Quote Link to comment Share on other sites More sharing options...
widox Posted June 26, 2008 Share Posted June 26, 2008 Array ( [user] => [type] => [clientID] => [userID] => ) Ok, isn't that what you wanted? The session variables are cleared. Quote Link to comment Share on other sites More sharing options...
.josh Posted June 26, 2008 Share Posted June 26, 2008 well unless your openconnection/closeconnection function calls are somehow responsible, there's no way that block of code could unset your session vars. How are you troubleshooting? If you are walking the script through step by step and seeing it disappear in that code block, what line specifically? Is it at the beginning? Or how about this: are your session vars being set inside the if or ifelse condition associated with this else, and therefore they just aren't being set at all if the else is true? Quote Link to comment Share on other sites More sharing options...
.CriMson Posted June 26, 2008 Author Share Posted June 26, 2008 well unless your openconnection/closeconnection function calls are somehow responsible, there's no way that block of code could unset your session vars. How are you troubleshooting? If you are walking the script through step by step and seeing it disappear in that code block, what line specifically? Is it at the beginning? Or how about this: are your session vars being set inside the if or ifelse condition associated with this else, and therefore they just aren't being set at all if the else is true? Exactly, thats why im clueless. The openConnection function just opens a mysql connection and selects the db, the closeconnection just closes the mysql connection. Troubleshooting, i walked through step by step for the entire file and tested the output of $_SESSION. it happens right after the } else { executes. I'm beginning to think its just a bogus glitch. Quote Link to comment Share on other sites More sharing options...
.josh Posted June 26, 2008 Share Posted June 26, 2008 well if it happens right at the beginning then wouldn't it be whatever happened right before that that's the culprit? (assuming it's not some bogus glitch) Quote Link to comment Share on other sites More sharing options...
.CriMson Posted June 26, 2008 Author Share Posted June 26, 2008 well if it happens right at the beginning then wouldn't it be whatever happened right before that that's the culprit? (assuming it's not some bogus glitch) i thought that to, but i tested every other if/else block all the way through it. Anyway, i just found the issue. Well, sort of. Somehow the $user variable from the new form was being assigned to the $_SESSION['user'] variable. Then it would validate the login and realize that the user didnt match, and then cleared the variables before redirecting back to index and destroying the session. I just changed the variable names and it solved the problem. I'm still clueless as to how the $user variable could carry across when the form was posted. Thanks for all the help. You guys got me thinking in the right direction to solve the problem Quote Link to comment Share on other sites More sharing options...
.josh Posted June 26, 2008 Share Posted June 26, 2008 register globals on? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 26, 2008 Share Posted June 26, 2008 That would be my guess too (register_globals). Unless there is code that is overwriting a variable - if($_SESSION['user'] = ''), then about the only other thing that causes a value in a variable to be overwritten is register_globals. If this is not due to register_globals, you will need to post your whole code for someone to be able to determine what it is actually doing. Quote Link to comment Share on other sites More sharing options...
.CriMson Posted June 26, 2008 Author Share Posted June 26, 2008 register globals on? i didn't explicitly set it on, unless its set = on by the server. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 26, 2008 Share Posted June 26, 2008 Check what the actual value is using a phpinfo(); statement. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.