5kyy8lu3 Posted January 30, 2009 Share Posted January 30, 2009 Ok well I use session variables all the time, and for some reason i can't get one to work for my new login page. If the login was incorrect, it sets a value to the session variable $_SESSION['invalid_login'] then uses header() to send the person back and that page displays "Invalid Login" then unset()'s that session variable if it's not null. The problem is, I can't, for the life of me, get that variable over to that page. Both pages have session_start(); as the second line. The login script(s) on my site are fairly simple and straightforward and I don't see anywhere there might be a session destroy. I've tried echo'ing that session variable then typing in a wrong login and it kicks me back to the login page but I'm not getting anything from echo'ing it, and it isn't saying invalid login. Code for the page that checks and rejects bad logins: <?php if ( $password == $row['password'] ) { //stuff for correct login } else { //_____( login was incorrect, set session var and send them back )_____\\ include("badlog.php"); //updates 'last_visit' timestamp in ip log table\\ $_SESSION['invalid_login'] = 'yes'; header("Location: http://www.mysite.org"); } ?> and this is the code for the login page: <?php if ( $_SESSION['invalid_login'] == 'yes' ) { echo 'Invalid Login'; unset($_SESSION['invalid_login']); } ?> I double checked all of my include() function files to see that they don't have anything in them that would affect that variable. Any ideas what I'm doing wrong? Thanks ahead of time. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 30, 2009 Share Posted January 30, 2009 try using a relative path instead of an absolute one: header("Location: /"); Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted January 30, 2009 Author Share Posted January 30, 2009 try using a relative path instead of an absolute one: header("Location: /"); just tried that and it still didn't work, i've scoured all my code and just can't figure this out Quote Link to comment Share on other sites More sharing options...
Prismatic Posted January 30, 2009 Share Posted January 30, 2009 print_r($_SESSION); See what it dumps Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted January 30, 2009 Author Share Posted January 30, 2009 print_r($_SESSION); See what it dumps Array ( ) is all I'm getting Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 30, 2009 Share Posted January 30, 2009 put this on both pages: print session_id(); and see if they are different sessions Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted January 30, 2009 Author Share Posted January 30, 2009 put this on both pages: print session_id(); and see if they are different sessions they were both the same: ead660ceccf21d660aea58975b1e6ad1 I went ahead and switched to $_GET for now, I just hate that I can't unset it so when I page refresh it still says invalid login. Not a huge deal but it's definitely annoying. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 30, 2009 Share Posted January 30, 2009 what happens with this: <?php if ( $password == $row['password'] ) { //stuff for correct login } else { //_____( login was incorrect, set session var and send them back )_____\\ // include("badlog.php"); //updates 'last_visit' timestamp in ip log table\\ $_SESSION['invalid_login'] = 'yes'; print "Session ID: ".session_id()."<br><pre>"; print_r($_SESSION); print '</pre><a href="/">Continue</a>'; exit; // header("Location: http://www.mysite.org"); } ?> and <?php print "Session ID: ".session_id()."<br><pre>"; print_r($_SESSION); print '</pre>'; if ( $_SESSION['invalid_login'] == 'yes' ) { echo 'Invalid Login'; exit; unset($_SESSION['invalid_login']); } ?> Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted January 30, 2009 Author Share Posted January 30, 2009 what happens with this: <?php if ( $password == $row['password'] ) { //stuff for correct login } else { //_____( login was incorrect, set session var and send them back )_____\\ // include("badlog.php"); //updates 'last_visit' timestamp in ip log table\\ $_SESSION['invalid_login'] = 'yes'; print "Session ID: ".session_id()."<br><pre>"; print_r($_SESSION); print '</pre><a href="/">Continue</a>'; exit; // header("Location: http://www.mysite.org"); } ?> and <?php print "Session ID: ".session_id()."<br><pre>"; print_r($_SESSION); print '</pre>'; if ( $_SESSION['invalid_login'] == 'yes' ) { echo 'Invalid Login'; exit; unset($_SESSION['invalid_login']); } ?> heya, just plugged that stuff in and this is what I got: when i first hit my site: Session ID: 09e46b92f66f22c4a438606aadddeae8 Array ( ) on the page that checks the login info: Session ID: 09e46b92f66f22c4a438606aadddeae8 Array ( [invalid_login] => yes ) Continue and finally back to the login page: Session ID: 09e46b92f66f22c4a438606aadddeae8 Array ( ) update: and i made sure to click your 'continue' link to get back to the first page i do need to add that my domain name is pointing to a subdomain on my webhost, i'm not sure if this screws anything up with session variables or not, i wouldn't think so because i can use the login and the rest of my pages recognize my $_SESSION['auth'] = 'yes'; session variable. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 30, 2009 Share Posted January 30, 2009 ok...then something before this code is messing with it...what is the code above it? Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted January 30, 2009 Author Share Posted January 30, 2009 ok...then something before this code is messing with it...what is the code above it? <?php session_start(); echo '<html><head>.......html crap, mostly tables with the input forms but no php at all'; print "Session ID: ".session_id()."<br><pre>"; print_r($_SESSION); print '</pre>'; if ( $_SESSION['invalid_login'] == 'yes' ) { echo 'Invalid Login'; exit; unset($_SESSION['invalid_login']); } echo ' </center> </body> </html>'; ?> and code for the login page: <?php session_start(); include("../../l_i_f2.php"); $cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server."); //____________( includes my scrubber function to clean, detag, and escape the login data )___________\\ include("../filter.php"); $loginn = scrubber($_POST['name'], $cxn); $pword = scrubber($_POST['password'], $cxn); include("../../saltine.php"); include("../../cracker.php"); $pass2 = md5($pword); $password2 = sha1($saltine.$pass2.$cracker); //____________( loads all data from the row that matches the username from Member table in the db )___________\\ $query = "SELECT password, permissions FROM Member WHERE loginname='$loginn'"; $result = mysqli_query($cxn, $query); $row = mysqli_fetch_assoc($result); //____________( if block that checks the user info vs what's in the database )___________\\ if ( $password2 == $row['password'] ) { //____________( if login check OK, it sets "logged in" variable ['auth'] to "yes", saves loginname and permissions to session variables for later use )___________\\ $_SESSION['auth']="yes"; $_SESSION['logname']= $loginn; $_SESSION['permissions']= $row['permissions']; $_SESSION['firstname'] = $row['firstname']; //____________( this sends the client to the "main" page )___________\\ header("Location: display.php"); } else { //____________( login was incorrect, set session var and send them back )___________\\ //include("badlog.php"); //updates 'last_visit' timestamp in ip log table// $_SESSION['invalid_login'] = 'yes'; print "Session ID: ".session_id()."<br><pre>"; print_r($_SESSION); print '</pre><a href="/">Continue</a>'; exit; } ?> Quote Link to comment Share on other sites More sharing options...
premiso Posted January 30, 2009 Share Posted January 30, 2009 Run a phpinfo on your site. Check this portion: session Session Support enabled Registered save handlers files user Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 100 100 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /tmp /tmp session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid Off On And report back what the values are. Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted January 30, 2009 Author Share Posted January 30, 2009 Run a phpinfo on your site. Check this portion: session Session Support enabled Registered save handlers files user Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 100 100 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /tmp /tmp session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid Off On And report back what the values are. Session Support enabled Registered save handlers files user sqlite Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 100 100 session.gc_maxlifetime 3600 3600 session.gc_probability 1 1 session.hash_bits_per_character 4 4 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path no value no value session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid 0 0 Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 30, 2009 Share Posted January 30, 2009 the only thing i can think of is one one those includes...on your login page...at the top....add some stuff so it looks like this: <?php session_start(); $_SESSION['invalid_login'] = 'yes'; print "Session ID: ".session_id()."<br><pre>"; print_r($_SESSION); print '</pre><a href="/">Continue</a>'; exit; include("../../l_i_f2.php"); $cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Unable to establish a connection with the MySQL Server."); //____________( includes my scrubber function to clean, detag, and escape the login data )___________\\ include("../filter.php"); $loginn = scrubber($_POST['name'], $cxn); $pword = scrubber($_POST['password'], $cxn); include("../../saltine.php"); include("../../cracker.php"); $pass2 = md5($pword); $password2 = sha1($saltine.$pass2.$cracker); //____________( loads all data from the row that matches the username from Member table in the db )___________\\ $query = "SELECT password, permissions FROM Member WHERE loginname='$loginn'"; $result = mysqli_query($cxn, $query); $row = mysqli_fetch_assoc($result); //____________( if block that checks the user info vs what's in the database )___________\\ if ( $password2 == $row['password'] ) { //____________( if login check OK, it sets "logged in" variable ['auth'] to "yes", saves loginname and permissions to session variables for later use )___________\\ $_SESSION['auth']="yes"; $_SESSION['logname']= $loginn; $_SESSION['permissions']= $row['permissions']; $_SESSION['firstname'] = $row['firstname']; //____________( this sends the client to the "main" page )___________\\ header("Location: display.php"); } else { //____________( login was incorrect, set session var and send them back )___________\\ //include("badlog.php"); //updates 'last_visit' timestamp in ip log table// $_SESSION['invalid_login'] = 'yes'; print "Session ID: ".session_id()."<br><pre>"; print_r($_SESSION); print '</pre><a href="/">Continue</a>'; exit; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.