Login/session destroy problem

[iLuke]

Hi guys!

 

My login/register script works fine, no problems!

 

The odd thing is with this code:

<?php 
session_start();
ob_start();
ini_set('display_errors','On');
error_reporting(E_ALL | E_STRICT);
date_default_timezone_set("Europe/London");
$errorMessage = '';
$successfulPost = 0;
$host = 'localhost';
$username = 'USER'; 
$password = 'PASS';
$database = 'DB';
$siteName = "Luke's KoC Scripts";
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title><?php echo $siteName; ?> » Sab Logger</title>
</head>
<body style="font-family: Verdana;"  onload="document.sabPost.sabData.focus();">
<?php 
if (!isset($_SESSION['LS_KoC_user']) || !isset($_SESSION['LS_KoC_sessionID'])) {
	$errorMessage = "You are not logged in!";
} else {
	$connect = mysql_connect($host,$username,$password) or die('Unable to connect to the database server at this time.');
	mysql_select_db($database,$connect) or die('Unable to connect to the database at this time.');
	$kocUser = $_SESSION['LS_KoC_user'];
	$sessionID = mysql_query("SELECT sessionID FROM users WHERE username='".$kocUser."' LIMIT 1");
	$sessionID = mysql_fetch_assoc($sessionID);
	$sessionID = $sessionID['sessionID'];
	if ($sessionID != $_SESSION['LS_KoC_sessionID']) {
		$errorMessage = "Your session ID does not match that which is held in the database.";
	} else {						
		if (isset($_POST['sabData'])) {
			$sabData = $_POST['sabData'];
		}
		if (isset($_POST['submitX1']) || isset($_POST['submitX2'])) {
				$sabData = stripslashes($sabData);
				echo $sabData;
				$data = "/.*? dispatches ([0-9]+) .*? sabotage ([0-9]+) of ([a-zA-Z-0-9\_\-]+)'s .*" ;
				$data .="([A-Z]{1}[a-zA-Z0-9]+) ([A-Z]{1}[a-zA-Z0-9]*)\.";
				$data .= ".* enter ([a-zA-Z-0-9\_\-]+)'s .*";
				$data .= "destroy ([0-9]+) of the enemy's ([A-Z]{1}[a-zA-Z0-9]+)/s";
				preg_match($data,$sabData,$intel);		

				echo '
				<form name="counter" style="font-size: 9px;">You will be taken back to the input screen in <input style="border: 0px; font-size: 14px; font-weight: bold; width: 11px; margin-left: 2px;" type="text" size="8" name="d2"> seconds.</form> 

				<script> 
				 var milisec=0 
				 var seconds=7
				 document.counter.d2.value="6"

				function display(){ 
				 if (milisec<=0){ 
					milisec=9 
					seconds=seconds-1 
				 } 
				 if (seconds<=-1){ 
					milisec=0 
					seconds+=1 
				 } 
				 else 
					if (seconds==0) {
						window.location = "http://www.lmbd.co.uk/koc/sabScript.php"
					} else {
						milisec-=1 
						document.counter.d2.value=seconds
						setTimeout("display()",100) 
					}
				} 
				display() 
				</script> 
				';					
			if (isset($_POST['submitX1'])) {
				$totalSabbed = (1000000 * $intel[7]);
				echo "<h1> Sabbotage Successfully Logged!</h1>";
				echo "<h3> View sab report below: </h3>";
				echo "<b>Target:</b> " . $intel[3]; 
				echo "<br />";
				echo "<b>Weapon Sabbed:</b> " . $intel[4] . " " . $intel[5];
				echo "<br />";
				echo "<b>Amount Sabbed:</b> " . $intel[7];
				echo "<br />";
				echo "<b>Total Sab Value:</b> " . $totalSabbed;
			} 
			if (isset($_POST['submitX2'])) {
				$totalSabbed = (1000000 * $intel[7]) * 2;
				echo "<h1> Sabbotage Successfully Logged!</h1>";
				echo "<h3> View sab report below: </h3>";
				echo "<b>Sabbotage Target:</b> " . $intel[3]; 
				echo "<br />";
				echo "<b>Weapon Targeted:</b> " . $intel[4] . " " . $intel[5];
				echo "<br />";
				echo "<b>Number Targeted:</b> " . $intel[7];
				echo "<br />";
				echo "<b>Total Gold Sabbed:</b> " . $totalSabbed . " <i>(" . $totalSabbed/2 . " gold per sabbotage)</i>";
			}

		} else {
			echo "
				<fieldset><form action='" . $_SERVER['PHP_SELF'] . "' method='post' name='sabPost' id='sabPost'>
				<h3>Paste sab data below:</h3>
				<textarea cols='75' rows='5' name='sabData' id='sabData' onKeyup='document.sabPost.submitX2.focus()'></textarea><br />
				<span style='font-size: 10px;'><b>E.g.</b> <i>Your Chief of Intelligence dispatches 1 spies to attempt to sabotage 16 of Remco-MOD's weapons of type Lookout Tower.<br />
				Your spies successfully enter Remco-MOD's armory undetected, and destroy 16 of the enemy's Lookout Tower stockpile. Your spies all return safely to your camp. </i></span><br />
				<br />
				<input type='submit' name='submitX2' value='Submit -- X2' />
				<input type='submit' name='submitX1' value='Submit -- X1' />
				</form></fieldset>		
			";
		}
	}

}
?>

<?php 
if (strlen($errorMessage) != 0) {
	echo "<h1>".$errorMessage."</h1>";
} elseif ($successfulPost == 1) {
	echo "<h1>Sab logged successfully!</h1>";
} 
?>
</body>
</html>

 

Now, let's assume you enter this string:

Your Chief of Intelligence dispatches 1 spies to attempt to sabotage 16 of Remco-MOD's weapons of type Lookout Tower.

Your spies successfully enter Remco-MOD's armory undetected, and destroy 16 of the enemy's Lookout Tower stockpile. Your spies all return safely to your camp.

 

The regex works, everything is displayed just fine, and after the JS has done it's thing it takes you back to the form again.

 

But.. on the first time it runs, it tells you that you're not logged in :S So it seems to be destroying the session somehow.

 

Once you log in again, though, you can run the script over and over, and it works just fine.

 

Just wondering how this could be the case and how to fix.

 

Thanks,

Luke.

[meltingpoint]

Have you tried running it on another computer?  Another browser?  Interestingly, I have a similar problem with sessions that occurs only on one computer at my work.  Every other computer or browser works fine.  It too will log me in, but upon opening another page will revert me back to a non-logged in status.  Once I log in again- bingo, sessions works fine.

[spfoonnewb]

I haven't really read through the code all the way, and I'm not sure if this has anything to do with it. But, try putting ob_start() before session_start(), because that's the correct way to set those up.

[oni-kun]

I haven't really read through the code all the way, and I'm not sure if this has anything to do with it. But, try putting ob_start() before session_start(), because that's the correct way to set those up.

 

Session_start() will create a cookie, so it'd be advisable.

 

--

Now why is ob_start there in the first place? I see no headers being called.

[iLuke]

Well, it seems to have the error on two browsers, but I haven't tried other computers.

 

I do the ob_start() thing out of habit.. If I'm perfectly honest I don't even know what it does lol! A friend just told me I needed it once, so I have added it ever since.

 

I've removed that ob_start() now and it is still busted... dunno if this makes a difference, but, oddly, when I come to log in the first time, the fields are indented (like some default styling for text fields), and has the username "anonymous" and some password. I've never logged in with those details, so I dunno how it's managed to do that, but I change those details to my own and then log in, but then it breaks as it did before.

 

When I come to log in the second time (after which everything works just fine) those details (anonymous etc) aren't already in there.

 

Wondering whether that's the problem? I can't see it, as I'm not actually logging in with the details that are in there by default, but you never know.

 

Thanks anyway for your help thus far!

[iLuke]

Issue sorted!

 

Somehow it was that problem I described above. No clue how that works considering the data that was there by default was never posted.

 

In any case, it was a browser issue, and that's now sorted =]

 

Thanks again guys!