[SOLVED] Cookies & Session Problem

[Rommeo]

Hi i m new at php programming.

I have a problem about cookies and sessions. .

My problem is ;

I have a form like this : ( loginpage.php )

Login Page:
Username         *usernamebox*
Password         *passwordbox*
*S. Code*        *codebox* 
         *Submit* 

*S.Code* =  <img src="securitycode.php" width="100" height="25" alt="Security Code">

securitycode.php creates small images that's writing some chars. When i directy enter "securitycode.php" ( also when i refresh ), it creates different pic. And my problem is when i enter or refresh the loginpage.php, just for the first time it creates a pic, Second time it does not create anything there is writing "Security Code" - no pic. When I delete my cookies and try it, again it creates but for the second time there is nothing. I think this is cause of browsers trying to use cache or something ( not sure ).  I ll be glad if anyone can help about this. I tried "session_destroy();" at the top, it worked, everytime i reload i see different pic but at that time it gives me an error like " warning : can not destroy uninitialized session " etc even it works... I m thinking about if i can find a command that ll execute securitycode.php everytime.

 

My second question is; I dont want anyone to enter directly to "securitycode.php" page. Is there anyway to do that ? All ideas are welcome.

 

Thanx in advance.

ll be glad if anyone can help.

 

ps: I dont use cookies, I just use sessions. Dunno why it works when i use "session_destroy();" or when i delete cookies.

[lemmin]

Could you post some code that is relevant to the problem?

[aebstract]

It would help a lot if we could see securitycode.php. As far as getting it in a page without directly going to it, do "include securitycode.php"; wherever you want it to be inserted in to your code.

[Rommeo]

Ok then, here's the code ;

loginpage.php :

<?php  session_start(); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/EN/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<br>Login Page :
<form action="tologin.php" method="post" >
username : <input type="text" name="username">
password : <input type="password" name="password">
securitycode : <img src="securitycode.php" width="100" height="25" alt="Security Code">
Submit
</form>
</body>
</html>

 

securitycode.php file :

<?php
session_start();
create_image();
exit();

function create_image()
{
   ... functions that's about random number and create image.
}
?>

 

[Rommeo]

ll be glad if anyone can help.. waiting for this to finish

[Wolphie]

Well, first of all you're calling the function before it's being defined and then exiting. Exiting stops everything beyond it from being parsed by the PHP engine.

 

<?php
session_start();
function createimage() { ... }
createimage();
exit; // exit is a language construct, not a function. Parentheses aren't necessary.
?>

<?php  session_start(); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/EN/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<br>Login Page :
<form action="tologin.php" method="post" >
username : <input type="text" name="username">
password : <input type="password" name="password">
securitycode : <img src="securitycode.php" width="100" height="25" alt="Security Code">
Submit
</form>
</body>
</html>

 

You have a whitespace <?php  session_start(); ?>, use <?php session_start(); ?>

The whitespace may not do any harm, but it's best practice to avoid them.

 

 

[Rommeo]

Wolphie ; Thank you so much.

That works. My mistake was cause of I wanted to use function before it's being defined. Thought It was about cookies and sessions.

 

Thank you so much again.

[lemmin]

Functions take priority when parsing so the order shouldn't have any relevance to the issue. I'm glad you fixed it, but that wasn't what the problem was. Maybe it is different in another version or something.

[Rommeo]

lemmin ; thank you.

 

Did not think the problem is about functions (: It works now.

 

Does someone has any idea about my second question by the way ? I dont want anyone to enter "securitycode.php" directly. Is there any command that says the user is entered directly or not ? Tried to do it by sessions but when i edit that function that does not work

[lemmin]

It isn't completely fool-proof but you can make whatever page it has to come from send a POST variable, then in securitycode.php make sure it is set.

[Rommeo]

:'( wanna kill myself

Thought i solved my problem about my first question. about functions.

But again, i did nothing and it does not work ...

So again i see "Security Code" instead of a pic.

 

[lemmin]

Does createImage() set headers? Can you show the code for that function?