Jump to content

Question about sessions

infernon

By infernon
in PHP Coding Help

 Share

Recommended Posts

infernon Newbie

infernon

Posted
Posted

I am currently attempting to pull a value from a server variable across three pages, but I'm having a problem. 

 

On my login page, I am using the following code:

 

<?php

session_unset();

?>

 

<html>

<head>

<title>Please log in.</title>

</head>

<body>

<form method="post" action="test1.php">

<p>Enter your username:

<input type="text" name="user">

</p>

<p>Enter your password:

<input type="password" name="pass">

</p>

<p>

<input type="submit" name="Submit" value="Submit")

</p>

</form>

</body>

</html>

 

On test1.php, I am using the following code to check that the login information is correct:

 

<?php

session_start();

$_SESSION['username'] = $_POST['user'];

$_SESSION['userpass'] = $_POST['pass'];

$_SESSION['authuser'] = 0;

 

if (($_SESSION['username'] == 'Joe') and

($_SESSION['userpass'] == '12345')) {

$_SESSION['authuser'] == 1;} else {

echo "Sorry, but you don't have permission to view this page.";

exit();

}

?>

 

On this page, there is also a link to another page that also checks for a properly authenticated user with the previous credentials.  The problem that I'm having is that when someone clicks on the link, they receive an error message telling them that they do not have permission to view the page. 

 

Here is the code from the page at the end of the link:

<?php

session_start();

 

if ($_SESSION['authuser'] !=1) {

echo "Sorry, but you don't have permission to view this page.";

exit();

}

?>

 

I am thinking that this problem is related to a server configuration issue, but I can't seem to put my finger on it.  I don't know why the information in the session variable will be held for only one page.

Link to comment
Share on other sites
AV1611 Advanced Member

AV1611

Posted
Posted

try this and post the results:

 

<?php
session_start();
echo 'SESSION IS SET TO: ".$_SESSION['authuser']l."<br/><br/>";
if ($_SESSION['authuser'] ==1){} else {
   echo "Sorry, but you don't have permission to view this page.";
   exit();
}
?>

I know it seems silly but I'm trying to see what's actually happening...

Link to comment
Share on other sites
virtuexru Regular Member

virtuexru

Posted
Posted

Why not just do this:

 

$user = mysql_real_escape_string($_POST['user']);

$pass = mysql_real_escape_string($_POST['pass']);

 

if ($user == "x" && $pass == "x")

  {

    $_SESSION['auth'] = 1;

    $_SESSION['user'] = $user;

    $_SESSION['pass'] = $pass;

  }

else

  {

 

etc

 

Link to comment
Share on other sites
virtuexru Regular Member

virtuexru

Posted
Posted

 

if (($_SESSION['username'] == 'Joe') and

  ($_SESSION['userpass'] == '12345'))

 

I'm pretty sure thats incorrect, don't know why, but thats not how I do it.

 

Plus, its a lot more efficient to store things into variables ($) until you want to create sessions, makes the code a lot cleaner.

 

It should probably be

 

if ($_SESSION['username'] == 'Joe' && $_SESSION['userpass'] == '12345')

 

not sure, that could be wrong too :\

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.