Jump to content

[SOLVED] Session variables lost on redirect

crouzilles

By crouzilles
in PHP Coding Help

Recommended Posts

crouzilles Newbie

crouzilles

Posted
Posted

Hi all,

 

I have a problem with a script which gets called from a link in an email. This script confirms new members to the site.

 

In this script called confirm.php, which is pasted below, I set a session variable called $_SESSION['feedback'] or one called $_SESSION['success']. Once the confirm.php script has finished doing its stuff, it redirects to index.php. index.php uses the feedback or success session variables to determine what to output, unfortunately, it seems the session variables do not exist.

 

I have got session_start(); at the top of index.php as well as in confirm.php, I am at a loss as to what could be wrong. I have spent hours reading forums and browsing, to no avail.

 

<?php
session_start();

# Source utility functions
require_once("func/utils.php");

# Source db functionality
require_once("func/db.php");

function user_conf_exists($email, $uid) {
global $logger, $DB;
$logger->log("-->confirm.php--user_conf_exists: ".$email." ".$uid,PEAR_LOG_INFO);

$sql = "select
			username
		from
			tcustomer
		where
			email = $1 and
			uid = $2 and
			confirmed = 'N'";

$result = pg_query_params($DB, $sql, array($email, $uid));
if (!$result) {
	$logger->log("-->confirm.php--user_conf_exists - ".pg_last_error(), PEAR_LOG_ERR);
	$logger->log("-->confirm.php--user_conf_exists - Got unknown result from the DB", PEAR_LOG_WARNING);
	return -1;
} else {
	# ok, we have successfuly run the query, do we have a row?
	$logger->log("-->confirm.php - Got result from the DB", PEAR_LOG_INFO);
	$rows = pg_num_rows($result);
	if($rows == 1) {
		# ok, we have found the user
		$logger->log("-->confirm.php--user_conf_exists - Result has 1 row, return 1", PEAR_LOG_INFO);
		while ($row = pg_fetch_object($result)) {
			$_SESSION['user'] = $row->username;
		}
		return 1;
	} else {
		$logger->log("-->confirm.php--user_conf_exists -Not exactly 1 row returned", PEAR_LOG_INFO);
		return 0;
	}
}
}

function update_confirmed($conf, $email, $uid) {
global $logger, $DB;
$logger->log("-->confirm.php--update_confirmed: ".$conf,PEAR_LOG_INFO);

$sql = "update
			tcustomer
		set
			confirmed = $1
		where
			email = $2 and
			uid = $3";

$result = pg_query_params($DB, $sql, array($conf, $email, $uid));
if (!$result) {
	$logger->log("-->confirm.php--update_confirmed - ".pg_last_error(), PEAR_LOG_ERR);
	$logger->log("-->confirm.php--update_confirmed - Got unknown result from the DB", PEAR_LOG_WARNING);
	return -1;
} else {
	# ok, we have successfuly run the query, do we have a row?
	$logger->log("-->confirm.php--update_confirmed - Got result from the DB", PEAR_LOG_INFO);
	$rows = pg_affected_rows($result);
	if($rows == 1) {
		# ok, we have found the user
		$logger->log("-->confirm.php--update_confirmed - Result has 1 row, return 1", PEAR_LOG_INFO);
		return 1;
	} else {
		$logger->log("-->confirm.php--update_confirmed -Not exactly 1 row returned", PEAR_LOG_INFO);
		return 0;
	}
}
}

if ($_SERVER['REQUEST_METHOD'] == 'GET') {
$logger->log("-->confirm.php- Handling GET request...", PEAR_LOG_INFO);
$email = safe($_GET['email']);
$uid   = safe($_GET['uid']);

$user_exists = user_conf_exists($email, $uid);

if ($user_exists == -1) {
	$_SESSION["feedback"] == "db_unknown_result";
	db_close();
	header("Location: index.php");
	return;
}

if ($user_exists == 0) {
	$_SESSION["feedback"] == "unknown_conf_user";
	db_close();
	header("Location: index.php");
	return;
}

$conf = update_confirmed("Y", $email, $uid);

if ($conf == -1) {
	unset($_SESSION['user']);
	$_SESSION["feedback"] == "db_unknown_result";
	db_close();
	header("Location: index.php");
	return;
}

if ($conf == 0) {
	unset($_SESSION['user']);
	$_SESSION["feedback"] == "conf_user_no_update";
	db_close();
	header("Location: index.php");
	return;
}

$_SESSION["success"] == "conf_success";
} else {
$_SESSION["feedback"] == "unknown_conf_args";
}
header("Location: index.php");
?>

 

I have tried to put the full url instead of just index.php, to no avail.

 

Thank you

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Cookies (session and regular) can be specific to a host name/subdomain, like www. or no www. and the path in the URL.

 

If you are switching between www.yourdomain.com and yourdomain.com or moving between different paths in the URL, you must set the session cookie parameters so that the cookie will match and will be sent by the browser when you switch.

 

ref: http://us.php.net/manual/en/function.session-set-cookie-params.php

crouzilles Newbie

crouzilles

Posted
  • Author
Posted

The domain does not change, the path remains the same at all time. These two files are on the server root as all the other files for that matter. So still at a loss to explain why this is happening.

 

If anyone has anymore ideas, please let me know.

 

Is there something in php.ini that could be set wrong?

 

Thank you

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Are sessions working at all? What does adding the following two lines of code immediately after the first opening <?php tag in both files show -

 

ini_set("display_errors", "1");
error_reporting(E_ALL);

 

Edit: (I was going to ask if you had actually checked in confirm.php if the variables had the value you expected, but apparently not.)  Upon closer review of your code, the following is not setting the session variables to a value -

 

  $_SESSION["success"] == "conf_success";

} else {

  $_SESSION["feedback"] == "unknown_conf_args";

 

You use one = sign for an assignment operator. Two == signs is a comparison operator.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.