Issue With Session Variables

pfowlie · February 7, 2011

About to pull my hair out. Looks simple, I think it's simple, but something is not behaving. I have a simple login page (loginpage.php) which checks a database for the FamilyID and Password, if it is a match, then it redirects them to userspage.php. I eventually want to use the FamilyID as a filter for my database so I only show the stuff relative to that FamilyID. Using CS5 and the built in functions, and it looks to me that the session variable 'MM_Username' should contain the FamilyID which is "adminid" in my database. It appears to work since it sends me to my userspage.php when I enter a valid FamilyID and Password, but it will not show me my session variable on the that page!!! PLEASE PLEASE HELP...Slap me in the face if it's a stupid question, but I have spent WAY too much time trying to figure what is wrong. I have included my code:

CODE FOR LOGINPAGE.PHP

<?php require_once('Connections/MyTest.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

if (PHP_VERSION < 6) {

$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {

case "text":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "long":

case "int":

$theValue = ($theValue != "") ? intval($theValue) : "NULL";

break;

case "double":

$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

break;

case "date":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "defined":

$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

break;

}

return $theValue;

}

?>

<?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

session_start();

}

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

$_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

if (isset($_POST['familyid'])) {

$loginUsername=$_POST['familyid'];

$password=$_POST['password'];

$MM_fldUserAuthorization = "";

$MM_redirectLoginSuccess = "userspage.php";

$MM_redirectLoginFailed = "loginpage.php";

$MM_redirecttoReferrer = false;

mysql_select_db($database_MyTest, $MyTest);

$LoginRS__query=sprintf("SELECT adminid, password FROM `admin` WHERE adminid=%s AND password=%s",

GetSQLValueString($loginUsername, "int"), GetSQLValueString($password, "text"));

$LoginRS = mysql_query($LoginRS__query, $MyTest) or die(mysql_error());

$loginFoundUser = mysql_num_rows($LoginRS);

if ($loginFoundUser) {

$loginStrGroup = "";

if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>Untitled Document</title>

</head>

<body>

<p>

<label for="familyid">FamilyID:</label>

</p>

<p>

<label for="password">Password:</label>

</p>

<p>

</p>

</form>

</body>

</html>

CODE FOR USERSPAGE.PHP

<?php

if (!isset($_SESSION)) {

session_start();

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>Untitled Document</title>

</head>

<body>

<strong>YOU MADE IT!

</strong>

<?php echo $_SESSION['MM_Username']; ?>

</body>

</html>

THANKS IN ADVANCED!!!

btherl · February 8, 2011

Does a straightforward test of sessions work? This script will let you do a basic test:

<?php
session_start();
print "Stored: " . $_SESSION['val'] . "<br>";
$_SESSION['val'] = mt_rand();
print "New value: " . $_SESSION['val'] . "<br>";
?>

I'm a bit suspicious of the tricky session stuff you are doing, such as calling session_regenerate_id(), and checking if $_SESSION is set before calling session_start() (this isn't necessary). You might want to start simple and then add those things step by step.

pfowlie · February 8, 2011

I have been fighting this for DAYS...I will admit that I used Dreamweaver CS5 to write the code. I usually learn from this autogenerating type things and then eventually build off of it. I just couldn't figure it out, but at 1:30AM I tried something and POW it works! I commented out the following line of code:

if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}

I will tell the truth, I am not sure what the session_regenerate_id is, but I would guess that it generated a new session ID which screwed up my session variables. I know my webserver is using 4.3? and plan to switch to 5.0 or better this year. Is this code necessary? Will it mess things up if it's not there?

I really like this forum and I really appreciate those who look and answer my dumb questions. Hopefully this helps someone else out with the same issue.

Thanks!!!

btherl · February 8, 2011

I doubt session_regenerate_id() is necessary. And if you do use it, you'll definitely need to understand why. I've been using php for 5 years now and even I don't know what it does, and that's because sessions work fine for me without it

KevinM1 · February 8, 2011

session_regenerate_id

Sign In

Issue With Session Variables

Recommended Posts

pfowlie

Link to comment

Share on other sites

btherl

Link to comment

Share on other sites

pfowlie

Link to comment

Share on other sites

btherl

Link to comment

Share on other sites

KevinM1

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information