Jump to content


Photo

session not working


  • Please log in to reply
6 replies to this topic

#1 jeds

jeds
  • Members
  • PipPip
  • Member
  • 14 posts
  • LocationCentral NYS Finger Lakes

Posted 06 October 2006 - 02:05 AM

Hi,

I have six files all in the same directory. The first file contains a function.
file1.php, in its entirety:
<?php         	
if ($uac == 'tony') {
$dom = "jedsweb";
$new = "more";
$new_2 = "yes";
} elseif ($uac == 'bob'){
$dom = "cvag";
$new = "less";
$new_2 = "no";
} else
echo "<!DOCTYPE HTML PUBLIC '-//IETF//DTD HTML 2.0//EN'><HTML><HEAD><TITLE>403 Forbidden</TITLE></HEAD><BODY><H1>Forbidden</H1>\nYou don't have permission to access this file.</BODY></HTML>";
?>

All the other pages are html, and include the file with the function, except the login and logout files
(
<?php include("file1.php"); ?>
)

login file contains:
<FORM ACTION="file2.php" METHOD="POST">

Authorization Code: <INPUT TYPE="PASSWORD" NAME="uac" /><BR />

<INPUT TYPE="submit" />
</FORM>

This works as I can echo the 3 variables on file2.php, but I need to use sessions to access the variables on the other files (and file2.php when going back to it)

I have googled and browsed, including this board and still it does not work. Here is where I am at:

At the very top of the login page:
<?php
$_SESSION['uac'] = $uac;
?>


On the top of the other files, except logout:
<?php
session_start();
echo $_SESSION['uac'];
?>

And on the logout file:
<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
session_destroy('uac');
session_write_close('uac');
?>

As a matter of disclosure, the logout code is not tested, I'm still trying to get the session to work.
Right now, the 2nd page past logging in gives my error message in file1.php, meaning that the visitor is no longer passing the test.

Thanks in advance

Steve
Its not whether the code works, but if you are persistent enough to get the code to work.

#2 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 06 October 2006 - 02:44 AM

Ok, the login page submits to file2.php...

what's this for, on login page!

<?php
$_SESSION['uac'] = $uac;
?>

You can't use a session variable $_SESSION, if you have not started a session! So session_start(); must be on the login page if your including the above session variable. But what is that variable $_SESSION['uac'] for? It serves no purpose.

I don't see file2.php, so I can't tell what your doing there, but you need to take the $_POST variable $_POST['uac'] being sent by the login form to file2.php, and assign it's value to the session variable $_SESSION['uac'] on the file2.php page.

Then I don't see what file1.php is doing, because your not stopping the script process, so it doesn't matter if you have a valid user or not!

You have to understand, you assign a session so that you use it to validate requests throughout your service. But your not doing that, so it's telling me your not understanding what sessions really does. Don't worry, that's not bad thing, it can become bad if you don't fix the problems.

So let me help you, zip up your (6) files, post on the forum, I will go through each script fixing the problems and write all kinds of comments so you can learn from them. That's the best help I can give you. If you want it, do like I said...

me!

#3 jeds

jeds
  • Members
  • PipPip
  • Member
  • 14 posts
  • LocationCentral NYS Finger Lakes

Posted 06 October 2006 - 10:29 PM

printf,

The code came from http://www.phpfreaks...c,103383.0.html
Reply #4

Here's the files. I was outa town for a while then my post was going 500. Hope its up now.

Steve

Well, preview is not working, just comes back to here (better than 500 server error)
So here goes...

[attachment deleted by admin]
Its not whether the code works, but if you are persistent enough to get the code to work.

#4 jeds

jeds
  • Members
  • PipPip
  • Member
  • 14 posts
  • LocationCentral NYS Finger Lakes

Posted 06 October 2006 - 10:33 PM

nope, dns error now.
Its not whether the code works, but if you are persistent enough to get the code to work.

#5 jeds

jeds
  • Members
  • PipPip
  • Member
  • 14 posts
  • LocationCentral NYS Finger Lakes

Posted 10 October 2006 - 01:23 AM

For anyone searching: check out
http://www.tutoriali...-examples/13443

the only thing I didn't get from the above url is logout, use:
<?php
session_start();
session_unset(uac);
session_destroy();
?>

Its not whether the code works, but if you are persistent enough to get the code to work.

#6 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 10 October 2006 - 01:59 AM

For anyone searching: check out
http://www.tutoriali...-examples/13443

the only thing I didn't get from the above url is logout, use:

<?php
session_start();
session_unset(uac);
session_destroy();
?>


If you want to kill a PHP session the you need to clear the session array before call session_destroy(); and don't call session_write_close (); after calling session_destroy ();

session_start ();
$_SESSION = array ();
session_destroy ();


me!

#7 jeds

jeds
  • Members
  • PipPip
  • Member
  • 14 posts
  • LocationCentral NYS Finger Lakes

Posted 10 October 2006 - 09:46 PM

OK, your code works, as does mine. At least, clicking on the logout link keeps the visitor out unless they login again, so which is better?

Your logout code
<?php
session_start ();
$_SESSION = array ();
session_destroy ();
?>

my code
<?php
session_start();
session_unset(permission);
session_unset(uac);
session_destroy();
?>
(works with code from http://www.tutoriali...-examples/13443 )
Its not whether the code works, but if you are persistent enough to get the code to work.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users