Jump to content


Photo

Sessions?


  • Please log in to reply
8 replies to this topic

#1 DaVuLf

DaVuLf
  • Members
  • PipPipPip
  • Advanced Member
  • 124 posts

Posted 31 August 2006 - 10:03 PM

Hey there. I'm wondering how to make my sessions work properly. Currently, it will only work for the 'Admin' user (for no apparent reason as there isn't much of a difference) yet the others will get signed out.

Example:

User goes to site, is prompted for password.
Field filled in and submitted. User can now view private area.
User clicks on link to another private area and is prompted for password.

He shouldn't be prompted for password again. This is really bothersome and time consuming. Here is the code:

(sorry about length)
<?php // accesscontrol.php
include_once 'common.php';
include_once 'db.php';

session_start();

$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

if(!isset($uid)) {
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
	<link href="niveau.css" rel="stylesheet" type="text/css" />
    <title> Please Log In for Access </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
	<div id="container">
<div id="main">
<div id="tight">
	<center>
	<br />
  <h1> Login Required </h1>
  <p>You must log in to access this area of the site. If you are
     not a registered user, <a href="signup.php">click here</a>
     to sign up for instant access!</p>
  <p><form method="post" action="<? =$_SERVER['PHP_SELF']?>">
  <table>
  <tr><td>
    User ID:</td><td> <input type="text" name="uid" size="8"></td></tr>
	<tr><td>
    Password:</td><td> <input type="password" name="pwd" SIZE="8"></td></tr>
    <tr><td></td><td><input type="submit" value="Log in"></td></tr>
	</table>
  </form></p>
</center>
</div>
</div>
</div>
</body>
</html>
  <?php
  exit;
}



$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;

dbConnect("niveau");
$sql = "SELECT * FROM users WHERE
        userid = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact bcomeau@uwo.ca.');
}

if (mysql_num_rows($result) == 0) {
  unset($_SESSION['uid']);
  unset($_SESSION['pwd']);
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Access Denied </title>
		<link href="niveau.css" rel="stylesheet" type="text/css" />
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
	<div id="container">
<div id="main">
<div id="tight">
<center>
<br />
  <h1> Access Denied </h1>
  <p>Your user ID or password is incorrect, or you are not a
     registered user on this site. To try logging in again, click
     <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
     access, click <a href="signup.php">here</a>.</p>
</center>
</div>
</div>
</div>
</body>
</html>
  <?php
  exit;
}

$username = mysql_result($result,0,'fullname');
$uid = mysql_result($result,0,'userid');
?>

I have this as an include from all of my files in the private area. I have no idea why this isn't working. I'm assuming it might be the session length, but I don't know how to modify that.

Thanks,
DaVuLf

#2 DaVuLf

DaVuLf
  • Members
  • PipPipPip
  • Advanced Member
  • 124 posts

Posted 31 August 2006 - 10:32 PM

I was thinking... Testing this on my own server (localhost) I didn't run into this problem. Maybe my provider (GoDaddy) has an issue with sessions.

Does anyone know how to do this same type of thing but with cookies?

#3 DaVuLf

DaVuLf
  • Members
  • PipPipPip
  • Advanced Member
  • 124 posts

Posted 01 September 2006 - 03:55 AM

Has anyone heard of this type of issue before?

#4 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 01 September 2006 - 04:17 AM

put this here

try to delete all white spaces

<? session_start();<<<<<<<< this here

include_once 'common.php'; <<<<<here and try ok
include_once 'db.php'; <<<<<<<<<<<<<<ok try
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#5 joking

joking
  • Members
  • PipPip
  • Member
  • 29 posts
  • LocationLebanon

Posted 01 September 2006 - 06:01 AM

You can try to use:
$HTTP_SESSION_VARS[] instead of $_SESSION[]
or
session_register('s_var');
$s_var = 'loged in';
and can you see what version of PHP is running on your server ?

Just JoKinG

#6 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 01 September 2006 - 06:06 AM

if there any html in those include files it will error try what i said.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#7 DaVuLf

DaVuLf
  • Members
  • PipPipPip
  • Advanced Member
  • 124 posts

Posted 01 September 2006 - 01:27 PM

There is HTML in the 'accesscontrol' include, but there is none in common.php or db.php. I will try to eliminate the whitespace.

My server I know is using mySQL 4, and the latest version of PHPmyAdmin. According to phpinfo(); I'm using PHP Version 4.3.11.

Does that make a difference?

#8 DaVuLf

DaVuLf
  • Members
  • PipPipPip
  • Advanced Member
  • 124 posts

Posted 03 September 2006 - 04:26 PM

Okay, I've sort of traced this issue down. Here is the new problem:

So I log in with MrDead. I run this at the top of accesscontrol.php:
session_start();
print_r($uid.'<br />');
print_r($_SESSION);

At the top of the first page I access after logging in, it prints:

MrDead
uid=>MrDead pwd=>abc123

Now, the second page I click outputs this:
Admin
uid=>Admin pwd=>abc123

Somehow the uid is getting changed to 'Admin' which is messing up my session.

All of the code is still posted above for accesscontrol.php. Does anyone see anything wanky?

Thanks,
DaVuLF

#9 DaVuLf

DaVuLf
  • Members
  • PipPipPip
  • Advanced Member
  • 124 posts

Posted 03 September 2006 - 07:31 PM

Fixed that. Now I'm wondering about something that I started this thread with. Here are my declarations:

unset_SESSION['uid']
unset_SESSION['pwd']

I know those aren't the proper command, but I don't have my ftp available on this PC. Basically, that is what I am doing to unset, but I'm still staying logged in. How do I log out properly using $_SESSION to set my sessions?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users