metkor Posted March 2, 2007 Share Posted March 2, 2007 hii. i try to make a member authentication system. I did but i have some problems about member pages. i mean i logged in successfully but in the new page though i do session control ,my session seems empty. codes are below. please help . P.S: Sorry for not good english. giris.php(log in page) <?php ob_start(); session_start(); require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php'); if(isset($_SESSION['username']) && isset($_SESSION['password'])) { //REDIRECT TO USERS PROFILE... header("Location: http://localhost/ssa/sayfa.php"); } //end if logged in //IF SUBMIT BUTTON PRESSED if(isset($HTTP_POST_VARS['submit'])) { if(!$HTTP_POST_VARS['username']) die("Hata: Kullanýcý adýnýzý girmelisiniz."); if(!$HTTP_POST_VARS['password']) die("Hata: Þifrenizi girmelisiniz."); //set cookie if checked if(!empty($HTTP_POST_VARS['stay_in'])) { $joined =''.$HTTP_POST_VARS['username'].'[]'.md5($HTTP_POST_VARS['password']).''; setcookie("login_cookie", $joined, time()+3600, "/secure/", "localhost" ); } //end if //verify user... $get_user = mysql_query("SELECT * FROM `members` WHERE username = '".$HTTP_POST_VARS['username']."' AND user_password = '".md5($HTTP_POST_VARS['password'])."'"); $q = mysql_fetch_object($get_user); if(!$q) die("Giriþ Hatasý: Yanlis kullanici adi veya sifre!"); //set session variables $_SESSION['logged_in'] = 1; $_SESSION['username'] = $HTTP_POST_VARS['username']; $_SESSION['password'] = $HTTP_POST_VARS['password']; session_write_close(); header("Location: http://localhost/ssa/sayfa.php"); ob_end_flush();} else { //show login form ?> <form name="login" method="post" action="<? $_SERVER['PHP_SELF']; ?>"> <table> <tr> <td>Kullanýcý Adý:</td> <td><input type="text" id="username" name="username"></td> </tr> <tr> <td>Þifre:</td> <td><input type="password" id="password" name="password"></td> </tr> <tr> <td>Giriþ:</td> <td><input type="submit" value="Giriþ" name="submit" id="submit"></td> </tr> <tr> <td>Hatýrla?</td> <td><input type="checkbox" name="stay_in[]" checked="yes"></td> </tr> </table> </form> <? }//end else ?> sayfa.php(member page) <?php ob_start(); require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php'); session_start(); //check cookie if ($_SESSION['logged_in'] != 1 && isset($_COOKIE['login_cookie'])) { list($user, $pass) = explode('[]', $_COOKIE['login_cookie']); $qu = mysql_query("SELECT `user_password` FROM `members` WHERE `username` = '".addslashes($user)."'"); if (mysql_num_rows($qu) == 1) { $passw = mysql_fetch_object($qu); if ($passw->user_password = $pass) { $_SESSION['logged_in'] = 1; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; } } } if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) { $_SESSION['logged_in'] = 0; $user = "Guest"; } */ ?> <?php if(isset($_SESSION['logged_in'])) { if ($_SESSION['logged_in'] == 1) {echo "welcome to seaside";} if ($_SESSION['logged_in'] == 0) {echo "not member";}} else echo "no session variable"; ob_end_flush();?> register page <?php require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php'); if($_SESSION['logged_in'] == 1) { //REDIRECT TO HOMEPAGE header('Location: http://' . $_SERVER['HTTP_HOST'] . ''); } else { if(isset($HTTP_POST_VARS['submit'])) { //BEGIN CHECKING USERNAME... if(!$HTTP_POST_VARS['username']) die('Uyari: Kullanici adi alani bos.'); //array of invalid characters # noktali virgül ve ters slas yok $junk = array('.' , ',' , '/' , '`' , '[' , ']' , '-', '_', '*', '&', '^', '%', '$', '#', '@', '!', '~', '+', '(', ')', '|', '{', '}', '<', '>', '?', ':', '"', '='); //starting lenght of username $len = strlen($HTTP_POST_VARS['username']); //replace invalid characters $HTTP_POST_VARS['username'] = str_replace($junk, '', $HTTP_POST_VARS['username']); $test = $HTTP_POST_VARS['username']; //if lenghts are different ($len smaller), invalid characters found, so prompt error. if(strlen($test) != $len) { die('Kullanici Adi Hatasi: Kullanici adi geçersiz karakter içermektedir. Sadece A-Z, 0-9 ve alt çizgi (_) kullanabilirsiniz.'); } //Check if username already exists... $q2 = mysql_query("SELECT * FROM `members` WHERE `username` = '".$HTTP_POST_VARS['username']."'"); $q3 = mysql_fetch_object($q2); if($q3->username == $HTTP_POST_VARS['username']) { die('<BR><BR>Üzgünüm, kullanici adi: "'.$q3->username.'" daha önce alinmistir, lütfen baska bir tane seçin.'); } if(!$HTTP_POST_VARS['password']) { die('Hata: Sifre alani bos.'); } if(!$HTTP_POST_VARS['verify_password']) { die('Hata: Sifre Tekrar alani bos'); } if($HTTP_POST_VARS['password'] != $HTTP_POST_VARS['verify_password']) { die('Hata: Sifreler eslestirilemedi.'); } if(strlen($HTTP_POST_VARS['password']) < 6 ) { die('Hata: Sifreniz çok kisa. En az 6 karakter uzunlugunda olmali.'); } $insert ="INSERT INTO `members` (username, user_password, user_email) VALUES ('".$HTTP_POST_VARS['username']."', '".md5($HTTP_POST_VARS['password'])."', '".$HTTP_POST_VARS['email']."')"; $insert2 = mysql_query($insert); if(!$insert2) die(mysql_error()); echo('Kayit tamamlandi, hosgeldiniz! Hesabinizla giris yapabilirsiniz.'); } else { ?> <table> <form name="signup" action="<? $_SERVER['PHP_SELF']; ?>" method="POST"> <tr> <td>Kullanici Adi: <BR> (sadece A-Z, 0-9 ve _ kullanin.)<BR></td> <td><input type="text" id ="username" name="username" value="" maxlength="30"> <BR></td> </tr> <tr> <td>Sifre:</td> <td><input type="password" id="password" name="password" value="" maxlength="30"><BR> (En az 6 karakter)</td> </tr> <tr> <td>Sifre Tekrar:</td> <td><input type="password" id="verify_password" name="verify_password" value="" maxlength="30"><BR> </td> </tr> <tr> <td>Email:</td> <td><input type="text" id="email" name="email" value="" size="30"><br></td> </tr> <tr> <td>Kaydi tamamlamak için tiklayin:</td> <td><input type="submit" id="submit" name="submit" value="Gönder"></td> </tr> </form> </table> <?php } //end not logged in } //end submit not pressed ?> Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/ Share on other sites More sharing options...
wildteen88 Posted March 2, 2007 Share Posted March 2, 2007 On the register page you use sessions but you don't have session_start(); at the top of the script. All the other pages seem fine. Also I see you use $HTTP_POST_VARS to get your POST'd data. You should use the newer super global which is $_POST instead. Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-198006 Share on other sites More sharing options...
metkor Posted March 3, 2007 Author Share Posted March 3, 2007 thnks for reply. but i add session_start() to register page and there is no change. there may be a bug or sth else? could you try it on your system? cos i spend too much time, and i go mad. Everything seems ok. but i cant pass the session value from login page to member page. in login page i print session value and its ok. but in member page. it seems there is no session. Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-198459 Share on other sites More sharing options...
metkor Posted March 3, 2007 Author Share Posted March 3, 2007 and another problem is when i change $HTTP_POST_VARS to $_POST . it doesnt register.i am really confused. Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-198460 Share on other sites More sharing options...
wildteen88 Posted March 3, 2007 Share Posted March 3, 2007 What version of PHP are you using? If you say $_POST doesn't work then $_SESSION wont either. As $_SESSION is part of the newer super globals. Run a script with this in it to get the version if you are unsure: <?php echo 'Your PHP version is: ' . phpversion(); ?> Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-198481 Share on other sites More sharing options...
metkor Posted March 4, 2007 Author Share Posted March 4, 2007 thank you. my old version was 4.0.5. now i install 4.1.1 and everything is ok except one thing. when i click logout from the member page. it says i am loggod out. but when i click member page it turns to member page. not warn me to log in. Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-198995 Share on other sites More sharing options...
metkor Posted March 4, 2007 Author Share Posted March 4, 2007 and my logout code cikis.php <?php ob_start(); $_SESSION['logged_in'] = 0; setcookie("login_cookie", $joined, time()-3600, "/secure/", "localhost" ); session_destroy(); header("Location: http://localhost/ssa/index.php"); ob_end_flush(); ?> Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-198996 Share on other sites More sharing options...
Orio Posted March 4, 2007 Share Posted March 4, 2007 Try adding to your logout page these lines: <?php unset($_SESSION['username']); unset($_SESSION['password']); ?> Orio. Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-199000 Share on other sites More sharing options...
metkor Posted March 4, 2007 Author Share Posted March 4, 2007 thanks orio and wildteen88. i finally solve all problems i forget in logout page start session and and i unset session wrongly . Thanks alot again. Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-199001 Share on other sites More sharing options...
wildteen88 Posted March 4, 2007 Share Posted March 4, 2007 Glad you got it sorted however I think it would best if you upgrade PHP to the latest version which PHP4.4.5 if you can. There has been of a lot of security and bug fixes since your version of PHP to the newest. Yours is outdated Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-199041 Share on other sites More sharing options...
Orio Posted March 4, 2007 Share Posted March 4, 2007 Glad you got it sorted however I think it would best if you upgrade PHP to the latest version which PHP4.4.5 if you can. There has been of a lot of security and bug fixes since your version of PHP to the newest. Yours is outdated 3 days ago PHP 4.4.6 was released (Minor changes were made with 4.4.5) Orio. Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-199044 Share on other sites More sharing options...
wildteen88 Posted March 4, 2007 Share Posted March 4, 2007 Glad you got it sorted however I think it would best if you upgrade PHP to the latest version which PHP4.4.5 if you can. There has been of a lot of security and bug fixes since your version of PHP to the newest. Yours is outdated 3 days ago PHP 4.4.6 was released (Minor changes were made with 4.4.5) Orio. Umm didn't know PHP4.4.6 was released. Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-199064 Share on other sites More sharing options...
metkor Posted March 4, 2007 Author Share Posted March 4, 2007 thnks i'll upgrade it. Link to comment https://forums.phpfreaks.com/topic/40860-solved-session-problem/#findComment-199135 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.