ron8000 Posted July 5, 2008 Share Posted July 5, 2008 Hello everyone, I am new to these forms, and I'm very glad I've found you guys. I have an issue with session data getting lost. Here is the general info of conditions: OS Linux Kernel version 2.6.24.3-grsec-sg1 PHP version 5.2.5 MySQL version 5.0.51a-community-log These 3 files are the ones mainly being used. Auth.php - this is used to login the user and ensure the user is logged in when each page is requested. Controller.php - this file is used to control the flow of the program. Header.php - this file is just the header temlate for the app and uses My current testing site is www.rznent.com/demo/backend/ if you want to test this out use Username: superadmin Password: midasco It will let you login, and load the controller.php, display the session_id and show a var_dump of the $_SESSION at the very bottom. Now if you try to go to any other link on the page it will take you back to the login screen. I am very very lost i've been looking and working on this for too long now. The worst part about all of this is that these files are on a different server and the software works 100% as it is here. If anyone can help please let me know, and Thank you very much in advance . [FILES BELOW] Auth.php <?PHP //Start the session session_start(); //DB Class require_once('../../../private/classes/DBConn.php'); //Check for username and password //in the POST variables if (isset($_POST['username'])) { $username = $_POST['username']; } if (isset($_POST['password'])) { $password = sha1($_POST['password']); } //Check if a valid session is open if(!isset($_SESSION['username']) || empty($_SESSION['username']) || isset($username)) { //Connect to the database $conn = new DBConn(); // Escape the user input $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); //Create a query to check for valid user $user = $conn->dbGetNumRows('users', "WHERE username='".$username."' AND password='".$password."'"); if($conn->error) { die("ERROR - DB343322 -[ ".$conn->errorMsg." ]- ERROR"); } if($user < 1) { session_destroy(); $locationString = "Location: ".CFG_PROGRAM_URL."/login.php?error=1"; header($locationString); exit(); } //Create query to get user variables $user_info = $conn->dbSelectData('users', NULL, "WHERE username='".$username."' AND password='".$password."'"); if($conn->error) { die("ERROR - DB3322231 -[ ".$conn->errorMsg." ]- ERROR"); } else if(!is_array($user_info) || count($user_info) !== 1) { session_destroy(); $locationString = "Location: ".CFG_PROGRAM_URL."/login.php?error=2"; header($locationString); exit(); } //Get the query results $userid = $user_info[0]["id"]; $username = $user_info[0]["username"]; $firstname = $user_info[0]["firstname"]; $lastname = $user_info[0]["lastname"]; $superuser = $user_info[0]["superuser"]; $active = $user_info[0]["active"]; $change_pwd = $user_info[0]["change_pwd"]; if(!$active) { session_destroy(); header("Location: ".CFG_PROGRAM_URL."/login.php?error=3"); exit(); } else if($superuser < 1) { session_destroy(); header("Location: ".CFG_PROGRAM_URL."/login.php?error=4"); exit(); } //Session variables $_SESSION['userid'] = $userid; $_SESSION['username'] = $username; $_SESSION['displayname'] = $firstname." ".$lastname; $_SESSION['superuser'] = $superuser; $_SESSION['change_pwd'] = $change_pwd; //Log user login date and time $sql_string = "SELECT last_login FROM users where id = $userid"; $result = mysql_query($sql_string); $last_login = mysql_result($result, 0, "last_login"); $_SESSION['last_login'] = date('l F j, Y g:i A', strtotime($last_login)); $sql_string = "UPDATE users SET last_login = now() where id = $userid"; $result = mysql_query($sql_string); if ($change_pwd) { //Redirect to the password page header("Location: ".CFG_PROGRAM_URL."/password.php"); exit; } else { //Redirect to the main page header("Location: ".CFG_PROGRAM_URL."/controller.php"); exit; } } ?> Controller.php <?PHP //error_reporting(E_ALL); //error_reporting(E_WARNING); //Authorization file require('auth.php'); echo session_id(); // Start page load time $startTime = microtime(); //var_dump($_REQUEST); ?> <?PHP // USER CODE // only for super admin //echo session_id(); // Controler.php - This file will control most of the forms //die(var_dump($_SESSION)); if(isset($_REQUEST['toDo'])) { require('../../../private/classes/cat_manager.php'); switch($_REQUEST['toDo']) { case 'DISPLAY': require('header.php'); ?> <script type="text/javascript"> var openEdit = false; var openValue = ''; var openAdd = false; </script> <?PHP $cat = new CatManager(); $cat->displayCatTable($_REQUEST['cat']); require('footer.php'); break; case 'UPDATE': $data = $_REQUEST['values']; $data = explode("|", $data); $newData[$data[0]] = $data[1]; $bob = new CatManager(); $bob->updateCat($_REQUEST['table'], $_REQUEST['id'], $newData); break; case 'ADD': $add = new CatManager(); $fields[0] = $_REQUEST['field']; $data[0] = $_REQUEST['values']; $add->addCat($_REQUEST['table'], $fields, $data); break; case 'DELETE': $delete = new CatManager(); $delete->deleteCat($_REQUEST['table'], $_REQUEST['id']); break; default: break; } } else if(isset($_REQUEST['USER'.session_id()]) && isset($_SESSION['superuser']) && $_SESSION['superuser'] === '1') { ?><script type="text/javascript" src="js/user.js"></script><?PHP require_once('../../../private/classes/User/UserManager.php'); $user = new UserManager(); if(isset($_REQUEST['DELETE_USER'.session_id()])) { $user->deleteUser($_REQUEST['id'], $_REQUEST['profileID'], $_REQUEST['eMail']); require_once('header.php'); $user->displayUserTable('users'); require_once('footer.php'); } else { require_once('header.php'); $user->displayUserTable('users'); require_once('footer.php'); } } else { if(isset($_REQUEST['MODULE'])) { $table = $_REQUEST['MODULE']; } else { $table = NULL; } if($table !== NULL) { // Page SupNav // quick format of the table name to display well $cut = strrpos($table, "s"); if($cut == (strlen($table)-1)) { $display_name = substr($table, 0, $cut); } else { $display_name = $table; } $display_name = ucwords(str_replace("_", " ", $display_name)); $page['NAME'] = $display_name." Manager"; $page['SUB_NAV'][0] = "<input type='button' value='Add' class='button' onclick=\"location = '".$_SERVER['PHP_SELF']."?TASK=DISPLAYADD&MODULE=".$table."';\" /> "; $page['SUB_NAV'][1] = "<input type='button' value='View List' class='button' onclick=\"location = '".$_SERVER['PHP_SELF']."?TASK=LIST&MODULE=".$table."';\"> "; } ?> <?PHP require('site.php'); ?> <?PHP require_once('../../../private/classes/Core/Module.php'); ?> <?PHP require('header.php'); ?> <?PHP if(isset($_REQUEST['TASK'])) { $task = $_REQUEST['TASK']; //echo $task; } if(isset($_REQUEST['id'])) { $id = $_REQUEST['id']; } else $id = NULL; if($table !== NULL) { $module = new Module($table, $task, $id); require("message.php"); if($task !== "LIST" || $task !== "VIEWITEM") { if($module->result === FALSE) { $_SESSION['ERROR'] = TRUE; $module->module_task($task, $id); $_SESSION['ERROR'] = FALSE; } else if($module->result == "DONE") { $module->module_task("LIST"); } } } else { require("message.php"); ?> <!-- Default Text when no module is selected --> <br> Welcome to Your Website Management System. To get started use the menu to the right. <?PHP } ?> <?PHP require("footer.php"); ?> <?PHP var_dump($_SESSION); } ?> Header.php <?PHP // -header.php //Get the date and time $now = date('l F j, Y g:i A'); //Look for superuser if($_SESSION['superuser'] == 1) { $superuser = true; } else { $superuser = false; } $displayname = $_SESSION['displayname']; $last_login = $_SESSION['last_login']; if(isset($page) && is_array($page)) { $pageTitle = CFG_PROGRAM_NAME." - ".$page["NAME"]; } else { $pageTitle = CFG_PROGRAM_NAME; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="https://www.w3.org/1999/xhtml"> <head> <script type="text/javascript"> var path = '<?PHP echo CFG_SITE_URL.ADMIN_DIR."/"; ?>'; </script> <title><?PHP echo $pageTitle; ?></title> <link rel="stylesheet" type="text/css" href="<?PHP echo CFG_PROGRAM_URL; ?>/css/style.css"> <link rel="stylesheet" type="text/css" href="css/style.css"> <style> /****************/ /* List Styles */ /**************/ .list_containter { } .list_title { padding:10px 10px 10px 10px; } .list_search { padding:5px 5px 5px 5px; } .list_filter { padding:5px 5px 5px 5px; } .list_results { padding:5px 5px 5px 5px; } .list_result_item { border:#666666 thin groove; padding:10px 10px 10px 10px; } .add_table { margin-top: 0px; border: medium solid #CCCCCC; } #locations { margin-top:20px; display: none; } #files { display: none; } #workshops { display: none; } #speakers { display: none; } select { list-style-type: circle; list-style-position: inside; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; background-color: #333333; font-family: Georgia, "Times New Roman", Times, serif; font-size: 12px; font-weight: bold; color: #FFFFFF; padding-top: 5px; } .sub_add_button { float:left; margin-top:10px; margin-left:10px; font-size:10px; text-align:center; cursor:pointer; } .error_box { clear:both; background-color:#CCCCCC; margin-top: 10px; padding-top: 5px; padding-left:10px; padding-right:10px; padding-bottom: 5px; } .errorMsg { color: #eb612b; } input.button { background: #DDDDDD url(<?PHP echo CFG_PROGRAM_URL; ?>/images/gradient.jpg) repeat-x top; font-family: tahoma; font-size: 12px; border: 1px solid #999; cursor: pointer; } td.header { background: #eee url(<?PHP echo CFG_PROGRAM_URL; ?>/images/header_bg.jpg) repeat-x; height: 65px; padding: 0; border-bottom: 1px #aaa solid; } td.footer { background: #eee url(<?PHP echo CFG_PROGRAM_URL; ?>/images/footer_bg.jpg) repeat-x; height: 65px; padding: 0; border-top: 1px #aaa solid; } </style> <link rel="stylesheet" href="<?PHP echo CFG_PROGRAM_URL; ?>/css/lightbox.css" type="text/css" media="screen" /> <script type="text/javascript" src="<?PHP echo CFG_PROGRAM_URL; ?>/js/prototype.js"></script> <?PHP /*<script type="text/javascript" src="<?PHP echo CFG_PROGRAM_URL; ?>/js/FileUploader.js"></script> <script type="text/javascript" src="<?PHP echo CFG_PROGRAM_URL; ?>/js/events.js"></script> <script type="text/javascript" src="<?PHP echo CFG_PROGRAM_URL; ?>/js/upload.js"></script>*/ ?> <script type="text/javascript"> var openSubItem = false; var path = '<?PHP echo CFG_PROGRAM_URL; ?>'; <?PHP if(isset($_REQUEST['MODULE'])) { $my_table = $_REQUEST['MODULE']; } else { $my_table = ''; } ?> var table = '<?PHP echo $my_table; ?>'; </script> <script type="text/javascript" src="<?PHP echo CFG_PROGRAM_URL; ?>/js/calendarDateInput.js"></script> <script type="text/javascript" src="<?PHP echo CFG_PROGRAM_URL; ?>/js/tiny_mce/tiny_mce.js"></script> <script type="text/javascript" src="<?PHP echo CFG_PROGRAM_URL; ?>/js/display.js"></script> <script type="text/javascript" src="<?PHP echo CFG_PROGRAM_URL; ?>/js/cms.js"></script> <script type="text/javascript" src="<?PHP echo CFG_PROGRAM_URL; ?>/js/scriptaculous.js?load=effects,builder"></script> <script type="text/javascript" src="<?PHP echo CFG_PROGRAM_URL; ?>/js/lightbox.js"></script> <script type="text/javascript"> var openAdd = false; var XMLHttpRequestObject = false; var ie = false; // Set up the XMLRequest Obj if (window.ActiveXObject) { ie = true; XMLHttpRequestObject = new ActiveXObject("Microsoft.XMLHTTP"); } else if (window.XMLHttpRequest) { XMLHttpRequestObject = new XMLHttpRequest(); } // Get data function function getData(dataSource, divID) { document.getElementById(divID).innerHTML = "<img src='<?PHP echo CFG_PROGRAM_URL; ?>/images/loading.gif'>"; var requestObj = XMLHttpRequestObject; if(requestObj) { var obj = document.getElementById(divID); requestObj.open("GET", dataSource); requestObj.onreadystatechange = function() { if (requestObj.readyState == 4 && requestObj.status == 200) { obj.innerHTML = requestObj.responseText; } } requestObj.send(null); } } // set vars var showing_error_details = false; </script> </head> <body> <table width="100%" style="border-collapse:collapse;background-color: #eee;"> <tr><td width="10" style="background: #777 url(<?PHP echo CFG_PROGRAM_URL; ?>/images/ls_top.gif) no-repeat bottom; height:10px"></td> <td colspan="2" style="background: #777 url(<?PHP echo CFG_PROGRAM_URL; ?>/images/top.gif) repeat-x bottom; height: 10px"></td> <td width="10" style="background: #777 url(<?PHP echo CFG_PROGRAM_URL; ?>/images/rs_top.gif) no-repeat bottom; height: 10px;"></td> </tr> <tr> <td rowspan="3" style="width: 10px; background: #777 url(<?PHP echo CFG_PROGRAM_URL; ?>/images/ls_drop.gif) repeat-y right;"> <td class="header" style="width:500px; text-align:left; padding-left:10px;"> <a href="<?PHP echo $_SERVER['PHP_SELF']; ?>"> <!-- <img src="<?PHP echo CFG_PROGRAM_URL; ?>images/logo.png" width="420" height="65" border="0"> --> <h3><img src="../images/tag_logo.jpg" alt="TAG Logo" /></h3> </a> </td> <td class="header" align="right" style="padding-right: 11px;"> <?php echo "<b>Logged in as:</b> $displayname<br> <a href='logout.php'><img src='images/logout.gif' align='top' /> Logout</a>"; ?> </td> <td width="10" rowspan="3" style="width: 10px; background: #777 url(<?PHP echo CFG_PROGRAM_URL; ?>/images/rs_drop.gif) repeat-y left;"> </tr> <tr> <td colspan="2" valign="top"> <br style="line-height: 11px;"> <table style="width:100%"><tr><td valign="top" style="width:150px;"> <?PHP if(isset($page)) { ?> <div><h4><?PHP echo $page['NAME']; ?></h4><hr /><br /></div> <div> <form action="<?PHP $_SERVER['PHP_SELF']; ?>" method="post"> <?PHP for($i=0; $i<count($page['SUB_NAV']); $i++) { echo $page['SUB_NAV'][$i]."<BR><BR>"; } ?> </form> </div><hr /> <?PHP } ?> <?php //Menu section if ($superuser) { ?> <div style="padding-top:10px; color:#333333;"> <h4>User Menu</h4> <HR style="margin-top:0px; margin-bottom:0px;" /> </div> <a href="<?PHP echo $_SERVER['PHP_SELF']; ?>?USER<?PHP echo session_id(); ?>"> <div class="menuItem" id="menu_users" onmouseover="menu_over(this.id);" onmouseout="menu_out(this.id);"> <img src="<?PHP echo CFG_PROGRAM_URL; ?>/images/user.gif" align="top" /> User Manager </div> </a> <?php } // get all tables w/ the cat_ ?> <a href='password.php'><div class="menuItem" id="menu_password" onmouseover="menu_over(this.id);" onmouseout="menu_out(this.id);"> <img src="<?PHP echo CFG_PROGRAM_URL; ?>/images/password.gif" width="16" height="16" align="top" /> Change Password</div></a> <hr /> <div style="padding-top:10px; color:#333333;"><h4>Module Menu</h4><hr style="margin-top:0px; margin-bottom:0px;" /></div> <?PHP $conn = new DbConn(); $menu = $conn->dbSelectData('modules', NULL, "ORDER BY order_num ASC"); if(!$conn->error) { for($i=0; $i<count($menu); $i++) { $img = CFG_PROGRAM_URL."/".$menu[$i]['icon']; ?> <a href="<?PHP echo $_SERVER['PHP_SELF']; ?>?TASK=LIST&MODULE=<?PHP echo $menu[$i]['name']; ?>"> <div class="menuItem" id="menu_<?PHP echo $menu[$i]['id']; ?>" onmouseover="menu_over(this.id);" onmouseout="menu_out(this.id);"> <div style="float:left; margin-top:auto;"> <img src="<?PHP echo $img; ?>" alt="<?PHP echo ucwords(str_replace("_", " ", stripslashes($menu[$i]['name']))); ?>" align="top" /> <?PHP echo ucwords(str_replace("_", " ", stripslashes($menu[$i]['name']))); ?> </div> <div style="clear:both;"></div> </div> </a> <?PHP }//end for }//end if ?> <!-- Multi List Menu --> <!-- List Menu --> <hr /> <!-- <div style="padding-top:10px; color:#333333;"><h4>List Menu</h4><hr style="margin-top:0px; margin-bottom:0px;" /></div> --> <?PHP // LOADED LISTs $lists = $conn ->dbSelectData('select_lists', NULL, "ORDER BY order_num ASC"); if(!$conn->error) { for($i=0; $i < count($lists); $i++) { ?> <a href='<?PHP echo $lists[$i]['description']; ?>'> <div class='menuItem' id="menu_list_<?PHP echo $i; ?>" onmouseover="menu_over(this.id);" onmouseout="menu_out(this.id);"> <div style='float:left; margin-top:auto;'><img src='<?PHP echo CFG_PROGRAM_URL."/".$lists[$i]['icon']; ?>' align='top' /></div> <div align='center'><?PHP echo $lists[$i]['name']; ?></div></div></a> <?PHP }//end for }//end if ?> </div> </td><td valign="top" align="left" style="padding:0 20px 0 20px;border-left: 1px #aaa solid"> <div id='mainDisplay'> <br /> Link to comment https://forums.phpfreaks.com/topic/113301-having-troube-with-sessions-on-some-servers/ Share on other sites More sharing options...
ocpaul20 Posted July 5, 2008 Share Posted July 5, 2008 I dont know if this helps at all, but I had a similar thing occuring in opera(I think) and basically it needed the links in the <A tags to have ./ before them. I maybe barking up the wrong tree completely. Link to comment https://forums.phpfreaks.com/topic/113301-having-troube-with-sessions-on-some-servers/#findComment-582128 Share on other sites More sharing options...
ron8000 Posted July 5, 2008 Author Share Posted July 5, 2008 i'm not sure if i follow the links need to be <a href='./control;er.php'>Controller</a> [\code] ? Link to comment https://forums.phpfreaks.com/topic/113301-having-troube-with-sessions-on-some-servers/#findComment-582135 Share on other sites More sharing options...
ron8000 Posted July 5, 2008 Author Share Posted July 5, 2008 I have narrowed down the problem to IE i only have 7 to test with but it's NOT working in IE7 on this server.... FF2 is wokring fine. going to do more research now! Link to comment https://forums.phpfreaks.com/topic/113301-having-troube-with-sessions-on-some-servers/#findComment-582154 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.