Jump to content

Sessions?


DaVuLf

Recommended Posts

Hey there. I'm wondering how to make my sessions work properly. Currently, it will only work for the 'Admin' user (for no apparent reason as there isn't much of a difference) yet the others will get signed out.

Example:

User goes to site, is prompted for password.
Field filled in and submitted. User can now view private area.
User clicks on link to another private area and is prompted for password.

He shouldn't be prompted for password again. This is really bothersome and time consuming. Here is the code:

(sorry about length)
[code]
<?php // accesscontrol.php
include_once 'common.php';
include_once 'db.php';

session_start();

$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

if(!isset($uid)) {
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
<link href="niveau.css" rel="stylesheet" type="text/css" />
    <title> Please Log In for Access </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
<div id="container">
<div id="main">
<div id="tight">
<center>
<br />
  <h1> Login Required </h1>
  <p>You must log in to access this area of the site. If you are
    not a registered user, <a href="signup.php">click here</a>
    to sign up for instant access!</p>
  <p><form method="post" action="<? =$_SERVER['PHP_SELF']?>">
  <table>
  <tr><td>
    User ID:</td><td> <input type="text" name="uid" size="8"></td></tr>
<tr><td>
    Password:</td><td> <input type="password" name="pwd" SIZE="8"></td></tr>
    <tr><td></td><td><input type="submit" value="Log in"></td></tr>
</table>
  </form></p>
</center>
</div>
</div>
</div>
</body>
</html>
  <?php
  exit;
}



$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;

dbConnect("niveau");
$sql = "SELECT * FROM users WHERE
        userid = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact bcomeau@uwo.ca.');
}

if (mysql_num_rows($result) == 0) {
  unset($_SESSION['uid']);
  unset($_SESSION['pwd']);
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Access Denied </title>
<link href="niveau.css" rel="stylesheet" type="text/css" />
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
<div id="container">
<div id="main">
<div id="tight">
<center>
<br />
  <h1> Access Denied </h1>
  <p>Your user ID or password is incorrect, or you are not a
    registered user on this site. To try logging in again, click
    <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
    access, click <a href="signup.php">here</a>.</p>
</center>
</div>
</div>
</div>
</body>
</html>
  <?php
  exit;
}

$username = mysql_result($result,0,'fullname');
$uid = mysql_result($result,0,'userid');
?>
[/code]

I have this as an include from all of my files in the private area. I have no idea why this isn't working. I'm assuming it might be the session length, but I don't know how to modify that.

Thanks,
DaVuLf
Link to comment
Share on other sites

There is HTML in the 'accesscontrol' include, but there is none in common.php or db.php. I will try to eliminate the whitespace.

My server I know is using mySQL 4, and the latest version of PHPmyAdmin. According to phpinfo(); I'm using PHP Version 4.3.11.

Does that make a difference?
Link to comment
Share on other sites

Okay, I've sort of traced this issue down. Here is the new problem:

So I log in with MrDead. I run this at the top of accesscontrol.php:
[code]
session_start();
print_r($uid.'<br />');
print_r($_SESSION);
[/code]

At the top of the first page I access after logging in, it prints:

[code]
MrDead
uid=>MrDead pwd=>abc123
[/code]

Now, the second page I click outputs this:
[code]
Admin
uid=>Admin pwd=>abc123
[/code]

Somehow the uid is getting changed to 'Admin' which is messing up my session.

All of the code is still posted above for accesscontrol.php. Does anyone see anything wanky?

Thanks,
DaVuLF
Link to comment
Share on other sites

Fixed that. Now I'm wondering about something that I started this thread with. Here are my declarations:

[code]
unset_SESSION['uid']
unset_SESSION['pwd']
[/code]

I know those aren't the proper command, but I don't have my ftp available on this PC. Basically, that is what I am doing to unset, but I'm still staying logged in. How do I log out properly using $_SESSION to set my sessions?
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.