DaVuLf Posted August 31, 2006 Share Posted August 31, 2006 Hey there. I'm wondering how to make my sessions work properly. Currently, it will only work for the 'Admin' user (for no apparent reason as there isn't much of a difference) yet the others will get signed out.Example:User goes to site, is prompted for password.Field filled in and submitted. User can now view private area.User clicks on link to another private area and is prompted for password.He shouldn't be prompted for password again. This is really bothersome and time consuming. Here is the code:(sorry about length)[code]<?php // accesscontrol.phpinclude_once 'common.php';include_once 'db.php';session_start();$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];if(!isset($uid)) { ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link href="niveau.css" rel="stylesheet" type="text/css" /> <title> Please Log In for Access </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <div id="container"><div id="main"><div id="tight"> <center> <br /> <h1> Login Required </h1> <p>You must log in to access this area of the site. If you are not a registered user, <a href="signup.php">click here</a> to sign up for instant access!</p> <p><form method="post" action="<? =$_SERVER['PHP_SELF']?>"> <table> <tr><td> User ID:</td><td> <input type="text" name="uid" size="8"></td></tr> <tr><td> Password:</td><td> <input type="password" name="pwd" SIZE="8"></td></tr> <tr><td></td><td><input type="submit" value="Log in"></td></tr> </table> </form></p></center></div></div></div></body></html> <?php exit;}$_SESSION['uid'] = $uid;$_SESSION['pwd'] = $pwd;dbConnect("niveau");$sql = "SELECT * FROM users WHERE userid = '$uid' AND password = PASSWORD('$pwd')";$result = mysql_query($sql);if (!$result) { error('A database error occurred while checking your '. 'login details.\\nIf this error persists, please '. 'contact bcomeau@uwo.ca.');}if (mysql_num_rows($result) == 0) { unset($_SESSION['uid']); unset($_SESSION['pwd']); ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Access Denied </title> <link href="niveau.css" rel="stylesheet" type="text/css" /> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <div id="container"><div id="main"><div id="tight"><center><br /> <h1> Access Denied </h1> <p>Your user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant access, click <a href="signup.php">here</a>.</p></center></div></div></div></body></html> <?php exit;}$username = mysql_result($result,0,'fullname');$uid = mysql_result($result,0,'userid');?>[/code]I have this as an include from all of my files in the private area. I have no idea why this isn't working. I'm assuming it might be the session length, but I don't know how to modify that.Thanks,DaVuLf Quote Link to comment Share on other sites More sharing options...
DaVuLf Posted August 31, 2006 Author Share Posted August 31, 2006 I was thinking... Testing this on my own server (localhost) I didn't run into this problem. Maybe my provider (GoDaddy) has an issue with sessions.Does anyone know how to do this same type of thing but with cookies? Quote Link to comment Share on other sites More sharing options...
DaVuLf Posted September 1, 2006 Author Share Posted September 1, 2006 Has anyone heard of this type of issue before? Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 1, 2006 Share Posted September 1, 2006 put this here try to delete all white spaces <? session_start();<<<<<<<< this here include_once 'common.php'; <<<<<here and try okinclude_once 'db.php'; <<<<<<<<<<<<<<ok try Quote Link to comment Share on other sites More sharing options...
joking Posted September 1, 2006 Share Posted September 1, 2006 You can try to use: [code]$HTTP_SESSION_VARS[] instead of $_SESSION[] [/code]or[code]session_register('s_var');$s_var = 'loged in';[/code]and can you see what version of PHP is running on your server ? Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 1, 2006 Share Posted September 1, 2006 if there any html in those include files it will error try what i said. Quote Link to comment Share on other sites More sharing options...
DaVuLf Posted September 1, 2006 Author Share Posted September 1, 2006 There is HTML in the 'accesscontrol' include, but there is none in common.php or db.php. I will try to eliminate the whitespace. My server I know is using mySQL 4, and the latest version of PHPmyAdmin. According to phpinfo(); I'm using PHP Version 4.3.11. Does that make a difference? Quote Link to comment Share on other sites More sharing options...
DaVuLf Posted September 3, 2006 Author Share Posted September 3, 2006 Okay, I've sort of traced this issue down. Here is the new problem:So I log in with MrDead. I run this at the top of accesscontrol.php:[code]session_start();print_r($uid.'<br />');print_r($_SESSION);[/code]At the top of the first page I access after logging in, it prints:[code]MrDeaduid=>MrDead pwd=>abc123[/code]Now, the second page I click outputs this:[code]Adminuid=>Admin pwd=>abc123[/code]Somehow the uid is getting changed to 'Admin' which is messing up my session.All of the code is still posted above for accesscontrol.php. Does anyone see anything wanky?Thanks,DaVuLF Quote Link to comment Share on other sites More sharing options...
DaVuLf Posted September 3, 2006 Author Share Posted September 3, 2006 Fixed that. Now I'm wondering about something that I started this thread with. Here are my declarations:[code]unset_SESSION['uid']unset_SESSION['pwd'][/code]I know those aren't the proper command, but I don't have my ftp available on this PC. Basically, that is what I am doing to unset, but I'm still staying logged in. How do I log out properly using $_SESSION to set my sessions? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.