Jump to content

Archived

This topic is now archived and is closed to further replies.

DaVuLf

Sessions?

Recommended Posts

Hey there. I'm wondering how to make my sessions work properly. Currently, it will only work for the 'Admin' user (for no apparent reason as there isn't much of a difference) yet the others will get signed out.

Example:

User goes to site, is prompted for password.
Field filled in and submitted. User can now view private area.
User clicks on link to another private area and is prompted for password.

He shouldn't be prompted for password again. This is really bothersome and time consuming. Here is the code:

(sorry about length)
[code]
<?php // accesscontrol.php
include_once 'common.php';
include_once 'db.php';

session_start();

$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

if(!isset($uid)) {
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
<link href="niveau.css" rel="stylesheet" type="text/css" />
    <title> Please Log In for Access </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
<div id="container">
<div id="main">
<div id="tight">
<center>
<br />
  <h1> Login Required </h1>
  <p>You must log in to access this area of the site. If you are
    not a registered user, <a href="signup.php">click here</a>
    to sign up for instant access!</p>
  <p><form method="post" action="<? =$_SERVER['PHP_SELF']?>">
  <table>
  <tr><td>
    User ID:</td><td> <input type="text" name="uid" size="8"></td></tr>
<tr><td>
    Password:</td><td> <input type="password" name="pwd" SIZE="8"></td></tr>
    <tr><td></td><td><input type="submit" value="Log in"></td></tr>
</table>
  </form></p>
</center>
</div>
</div>
</div>
</body>
</html>
  <?php
  exit;
}



$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;

dbConnect("niveau");
$sql = "SELECT * FROM users WHERE
        userid = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact bcomeau@uwo.ca.');
}

if (mysql_num_rows($result) == 0) {
  unset($_SESSION['uid']);
  unset($_SESSION['pwd']);
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Access Denied </title>
<link href="niveau.css" rel="stylesheet" type="text/css" />
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
<div id="container">
<div id="main">
<div id="tight">
<center>
<br />
  <h1> Access Denied </h1>
  <p>Your user ID or password is incorrect, or you are not a
    registered user on this site. To try logging in again, click
    <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
    access, click <a href="signup.php">here</a>.</p>
</center>
</div>
</div>
</div>
</body>
</html>
  <?php
  exit;
}

$username = mysql_result($result,0,'fullname');
$uid = mysql_result($result,0,'userid');
?>
[/code]

I have this as an include from all of my files in the private area. I have no idea why this isn't working. I'm assuming it might be the session length, but I don't know how to modify that.

Thanks,
DaVuLf

Share this post


Link to post
Share on other sites
I was thinking... Testing this on my own server (localhost) I didn't run into this problem. Maybe my provider (GoDaddy) has an issue with sessions.

Does anyone know how to do this same type of thing but with cookies?

Share this post


Link to post
Share on other sites
put this here

try to delete all white spaces

<? session_start();<<<<<<<< this here

include_once 'common.php'; <<<<<here and try ok
include_once 'db.php'; <<<<<<<<<<<<<<ok try

Share this post


Link to post
Share on other sites
You can try to use:
[code]$HTTP_SESSION_VARS[] instead of $_SESSION[] [/code]
or
[code]
session_register('s_var');
$s_var = 'loged in';
[/code]
and can you see what version of PHP is running on your server ?

Share this post


Link to post
Share on other sites
if there any html in those include files it will error try what i said.

Share this post


Link to post
Share on other sites
There is HTML in the 'accesscontrol' include, but there is none in common.php or db.php. I will try to eliminate the whitespace.

My server I know is using mySQL 4, and the latest version of PHPmyAdmin. According to phpinfo(); I'm using PHP Version 4.3.11.

Does that make a difference?

Share this post


Link to post
Share on other sites
Okay, I've sort of traced this issue down. Here is the new problem:

So I log in with MrDead. I run this at the top of accesscontrol.php:
[code]
session_start();
print_r($uid.'<br />');
print_r($_SESSION);
[/code]

At the top of the first page I access after logging in, it prints:

[code]
MrDead
uid=>MrDead pwd=>abc123
[/code]

Now, the second page I click outputs this:
[code]
Admin
uid=>Admin pwd=>abc123
[/code]

Somehow the uid is getting changed to 'Admin' which is messing up my session.

All of the code is still posted above for accesscontrol.php. Does anyone see anything wanky?

Thanks,
DaVuLF

Share this post


Link to post
Share on other sites
Fixed that. Now I'm wondering about something that I started this thread with. Here are my declarations:

[code]
unset_SESSION['uid']
unset_SESSION['pwd']
[/code]

I know those aren't the proper command, but I don't have my ftp available on this PC. Basically, that is what I am doing to unset, but I'm still staying logged in. How do I log out properly using $_SESSION to set my sessions?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.