Sessions - Can someone explain this?

[Moron]

Never mind! This board is inserting "code" tags where they shouldn't be and I can't post this properly.

I'll just go away now.

[kenrbnsn]

The forum software will insert [nobbc][code][/nobbc] tags if it sees a [nobbc][/code] tag without a corresponding [code] tag[/nobbc] which is what happened in your case. Instead of deleting the whole post, you should have fixed the mis-matched tags.

One thing I noticed before you deleted the post was that you're using  the session_register() function. That function is obsolete and shouldn't be used as it can cause problems.

Ken

[Moron]

Let me try this again. I thought I had thoroughly inspected the tags. Anyway....

Okay, I sincerely apologize for bringing this up every other day, but my project is at a total standstill until this gets resolved.

A snippet from the first page where employees enter their username [b](empcode)[/b] and password [b](password)[/b], with HTML tags and other formatting removed:

[code]
<form action="employeeinformationmenu.php" name="leave" method="post" onSubmit="return validateForm(leave);">

Employee Number:
<input name="empcode" type="text" onSubmit="return validateForm(leave);"/>

Password:
<input name="password" type="password" / onSubmit="return validateForm(leave);">

<?php
session_register("empcode");
session_register("password");
?>[/code]

This part works great. They enter employee number and password.

[b]Page 2[/b]

At the top:

[code]
<?php
session_start();
$_SESSION['empcode'] = $_POST['empcode'];
$_SESSION['middle'] = $_POST['middle'];
$_SESSION['firstname'] = $_POST['firstname'];
$_SESSION['lastname'] = $_POST['lastname'];
$_SESSION['leavehours'] = $_POST['leavehours'];
$_SESSION['password'] = $_POST['password'];
header('Content-Type: image/jpeg');
?>[/code]

This works fine, as well. It pulls the info it's supposed to pull.

I want to take the username and password already *allegedly* in the session, and send them to the next page using:

[code]
<form action="paystubresults.php" name="paystubs" method="post">
<input type="submit"/ value="Paystubs">
</form>
[/code]

[b]Page 3[/b]

At the top:

[code]<?php
session_start();
$empcode = $_SESSION['empcode'];
$middle = $_SESSION['middle'];
$firstname = $_SESSION['firstname'];
$lastname = $_SESSION['lastname'];
$leavehours = $_SESSION['leavehours'];
$password = $_SESSION['password'];
?>
<?php
echo '<pre>' . print_r($_SESSION,true) . '</pre>';
echo $password;
?>[/code]

The above echo statements give me:

[quote]Array
(
    [empcode] =>
    [password] => 123456789 (changed, was my real SSN)
    [middle] =>
    [firstname] =>
    [lastname] =>
    [leavehours] =>
)

123456789 (changed, was my real SSN)[/quote]

So it carries the password over, but not the employee number (empcode).

Anybody?

[kenrbnsn]

At the begining of page 2 (which I assume is employeeinformationmenu.php), put
[code]<?php
echo '<pre>' . print_r($_POST,true) . '</pre>';
?>[/code]

This will dump what ever data is being sent from the form.

Remove the session_register() calls from Page 1

Ken

[craygo]

As I said in another post. You have a user put in their username and password, you should set the session values when you authenticate them with the database. If your form only has form fields for empcode and password, then all the other session value do not exist because they are not in your form.

here is how would register them all on the same page
name it whatever you like. I use md5 hash for my passwords so you can take it out if you like.
[code]<?php
session_start();
// connect to you database here


if(isset($_POST['submit'])){
$password = md5($_POST['password']);
$sql = "SELECT * FROM users WHERE empcode = '".$_POST['empcode']."' AND password = '".$password."'";
 $res = mysql_query($sql) or die (mysql_error());
 $num_rows = mysql_num_rows($res);
 $row = mysql_fetch_assoc($res);
 if($num_rows < 1){
 echo "Your Empcode/password is incorrect";
 } else {
 $_SESSION['empcode'] = $row['empcode'];
 $_SESSION['password'] = $row['password'];
 $_SESSION['middle'] = $row['middle'];
 $_SESSION['firstname'] = $row['firstname'];
 $_SESSION['lastname'] = $row['lastname'];
 $_SESSION['leavehours'] = $row['leavehours'];
 }
echo '<pre>' . print_r($_SESSION,true) . '</pre>';
} else {
?>
<form action="" name="leave" method="post" onSubmit="return validateForm(leave);">

Employee Number:
<input name="empcode" type="text" onSubmit="return validateForm(leave);"/>

Password:
<input name="password" type="password" / onSubmit="return validateForm(leave);"><br />

<input type=submit name=submit value=Submit />
<?php
}

?>[/code]

Ray

[roopurt18]

If page 2 is really employeeinformationmenu.php, I'm wondering why you're changing the content type to a jpeg
[code]<?php
session_start();
$_SESSION['empcode'] = $_POST['empcode'];
$_SESSION['middle'] = $_POST['middle'];
$_SESSION['firstname'] = $_POST['firstname'];
$_SESSION['lastname'] = $_POST['lastname'];
$_SESSION['leavehours'] = $_POST['leavehours'];
$_SESSION['password'] = $_POST['password'];
header('Content-Type: image/jpeg'); // ???
?>[/code]

[Moron]

[quote author=roopurt18 link=topic=117746.msg480623#msg480623 date=1165513664]
If page 2 is really employeeinformationmenu.php, I'm wondering why you're changing the content type to a jpeg
[code]<?php
session_start();
$_SESSION['empcode'] = $_POST['empcode'];
$_SESSION['middle'] = $_POST['middle'];
$_SESSION['firstname'] = $_POST['firstname'];
$_SESSION['lastname'] = $_POST['lastname'];
$_SESSION['leavehours'] = $_POST['leavehours'];
$_SESSION['password'] = $_POST['password'];
header('Content-Type: image/jpeg'); // ???
?>[/code]
[/quote]

That was for compatibility with the GD (Graphic Draw) Library.

[Moron]

[quote author=kenrbnsn link=topic=117746.msg480617#msg480617 date=1165512937]
At the begining of page 2 (which I assume is employeeinformationmenu.php), put
[code]<?php
echo '<pre>' . print_r($_POST,true) . '</pre>';
?>[/code]

This will dump what ever data is being sent from the form.

Remove the session_register() calls from Page 1

Ken
[/quote]

Now maybe we're getting somewhere. This gives me:

[quote]
Array
(
    [empcode] => 3954
    [password] => 123456789 (changed from my real SSN)
)
[/quote]

Of course, I knew that they had to be making it as far as Page 2, otherwise the query wouldn't have been working.

So how do I pass them on to Page 3 (paystubresults.php) without making the employee enter them again on Page 2 (employeeinformationmenu.php)? Currently, I'm trying...

[code]WHERE M2.[EMPNO] = '".$_SESSION['empcode']."' and
M2.[MSSNO] = '".$_SESSION['password']."'[/code]

...in the query on Page 3 (paystubresults.php). But like the line at the top of the page displays:

[code]echo '<pre>' . print_r($_SESSION,true) . '</pre>';[/code]

...it's only carrying the password over, not the empcode.


I also removed those session_register variables.

[Moron]

[quote author=craygo link=topic=117746.msg480622#msg480622 date=1165513528]
As I said in another post. You have a user put in their username and password, you should set the session values when you authenticate them with the database. If your form only has form fields for empcode and password, then all the other session value do not exist because they are not in your form.[/quote]

I understand what you're saying, and thanks, but here's the kicker: for the query on Page 3, I [b]only[/b] need "empcode" and "password" to carry over. Those other session variables were copied and pasted (firstname, lastname, etc...). I could remove them and it wouldn't matter.

[craygo]

So only call the $_SESSION['empcode'] and $_SESSION['password'] at the top of the page when needed.
[code]$username = $_SESSION['empcode'];
$password = $_SESSION['password'];[/code]
You do not lose session values just because you don't call them from page to page. Only way to lose them is you over write them on some page along the way.
If you set the empcode, password or whatever, it wouldn't matter what page you are on the values are stored. You can be on page 600 and the values will still be there. You really only need the empcode to be stored, everything else can be queried as needed on each page. The password doesn't need to be stored either cause once they authenticate, they are in a session till they leave the site. So there is no need to query the database with the password all you need is the empcode.

Ray

[Moron]

[quote author=craygo link=topic=117746.msg480643#msg480643 date=1165515674]
So only call the $_SESSION['empcode'] and $_SESSION['password'] at the top of the page when needed.
[code]$username = $_SESSION['empcode'];
$password = $_SESSION['password'];[/code]
You do not lose session values just because you don't call them from page to page. Only way to lose them is you over write them on some page along the way.
If you set the empcode, password or whatever, it wouldn't matter what page you are on the values are stored. You can be on page 600 and the values will still be there. You really only need the empcode to be stored, everything else can be queried as needed on each page. The password doesn't need to be stored either cause once they authenticate, they are in a session till they leave the site. So there is no need to query the database with the password all you need is the empcode.

Ray
[/quote]

THANK YOU, THANK YOU, THANK YOU!!!!!! I removed the empcode from the query and left just password. It worked!!

:)

[roopurt18]

So what happens if two users some how pick the same password?