Jump to content

Archived

This topic is now archived and is closed to further replies.

jeds

session not working

Recommended Posts

Hi,

I have six files all in the same directory. The first file contains a function.
file1.php, in its entirety:
[code]<?php       
if ($uac == 'tony') {
$dom = "jedsweb";
$new = "more";
$new_2 = "yes";
} elseif ($uac == 'bob'){
$dom = "cvag";
$new = "less";
$new_2 = "no";
} else
echo "<!DOCTYPE HTML PUBLIC '-//IETF//DTD HTML 2.0//EN'><HTML><HEAD><TITLE>403 Forbidden</TITLE></HEAD><BODY><H1>Forbidden</H1>\nYou don't have permission to access this file.</BODY></HTML>";
?>
[/code]

All the other pages are html, and include the file with the function, except the login and logout files
([code]<?php include("file1.php"); ?>[/code])

login file contains:
[code]<FORM ACTION="file2.php" METHOD="POST">

Authorization Code: <INPUT TYPE="PASSWORD" NAME="uac" /><BR />

<INPUT TYPE="submit" />
</FORM>[/code]

This works as I can echo the 3 variables on file2.php, but I need to use sessions to access the variables on the other files (and file2.php when going back to it)

I have googled and browsed, including this board and still it does not work. Here is where I am at:

At the very top of the login page:
[code]<?php
$_SESSION['uac'] = $uac;
?>[/code]

On the top of the other files, except logout:
[code]<?php
session_start();
echo $_SESSION['uac'];
?>[/code]

And on the logout file:
[code]<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
session_destroy('uac');
session_write_close('uac');
?> [/code]

As a matter of disclosure, the logout code is not tested, I'm still trying to get the session to work.
Right now, the 2nd page past logging in gives my error message in file1.php, meaning that the visitor is no longer passing the test.

Thanks in advance

Steve

Share this post


Link to post
Share on other sites
Ok, the login page submits to file2.php...

what's this for, on login page!

<?php
$_SESSION['uac'] = $uac;
?>

You can't use a session variable [b]$_SESSION[/b], if you have not started a session! So session_start(); must be on the login page if your including the above session variable. But what is that variable [b]$_SESSION['uac'][/b] for? It serves no purpose.

I don't see [b]file2.php[/b], so I can't tell what your doing there, but you need to take the $_POST variable [b]$_POST['uac'][/b] being sent by the login form to file2.php, and assign it's value to the session variable [b]$_SESSION['uac'][/b] on the file2.php page.

Then I don't see what [b]file1.php[/b] is doing, because your not stopping the script process, so it doesn't matter if you have a valid user or not!

You have to understand, you assign a session so that you use it to validate requests throughout your service. But your not doing that, so it's telling me your not understanding what sessions really does. Don't worry, that's not bad thing, it can become bad if you don't fix the problems.

So let me help you, zip up your (6) files, post on the forum, I will go through each script fixing the problems and write all kinds of comments so you can learn from them. That's the best help I can give you. If you want it, do like I said...

me!

Share this post


Link to post
Share on other sites
printf,

The code came from http://www.phpfreaks.com/forums/index.php/topic,103383.0.html
Reply #4

Here's the files. I was outa town for a while then my post was going 500. Hope its up now.

Steve

Well, preview is not working, just comes back to here (better than 500 server error)
So here goes...

[attachment deleted by admin]

Share this post


Link to post
Share on other sites
For anyone searching: check out
http://www.tutorialized.com/tutorial/Learning-session-with-examples/13443

the only thing I didn't get from the above url is logout, use:
[code]<?php
session_start();
session_unset(uac);
session_destroy();
?>[/code]

Share this post


Link to post
Share on other sites
[quote author=jeds link=topic=110652.msg449594#msg449594 date=1160443402]
For anyone searching: check out
http://www.tutorialized.com/tutorial/Learning-session-with-examples/13443

the only thing I didn't get from the above url is logout, use:
[code]<?php
session_start();
session_unset(uac);
session_destroy();
?>[/code]
[/quote]

If you want to kill a PHP session the you need to clear the session array before call session_destroy(); and don't call session_write_close (); after calling session_destroy ();

[code]session_start ();
$_SESSION = array ();
session_destroy ();[/code]


me!

Share this post


Link to post
Share on other sites
OK, your code works, as does mine. At least, clicking on the logout link keeps the visitor out unless they login again, so which is better?

Your logout code
[code]<?php
session_start ();
$_SESSION = array ();
session_destroy ();
?>[/code]

my code
[code]<?php
session_start();
session_unset(permission);
session_unset(uac);
session_destroy();
?>[/code]
(works with code from http://www.tutorialized.com/tutorial/Learning-session-with-examples/13443 )

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.