Jump to content

PHP5 and passing session values


ghgarcia

Recommended Posts

Hi,

I have an login script the collects user name and password also if they are present it executes my index application. Within the index application it requires a protection program that checks to see if the user name is present in the variables and if not it calls the login application.

 

The protection application looks like the following:

 

  session_start();
  session_register("user");

//Buffer output in case of redirection.
ob_start();
//If not logged in, redirect to the login page.
if ($_SESSION['user']=="")
{
  header("Location: login.php");
}

 

The login app uses a form to collect the user and password. This process works perfectly in PHP4 and in most cases with PHP5 however there are some cases that for some reason the session values are not available after the login application. The login app uses:

 

$username=$_POST['username'];
$password=$_POST['password'];

 

to read the values.

 

Any help would be greatly appreciated.

 

George

Link to comment
https://forums.phpfreaks.com/topic/68291-php5-and-passing-session-values/
Share on other sites

session_register() has long been depricated in both php4 and php5. Your check should simply look like...

 

<?php

 session_start();

 ob_start();

 if ( ! isset($_SESSION['user'])) {
   header("Location: login.php");
 }

?>

 

We need to see where you set your session vars within the login script.

Here is a copy of my login script:

 

<?
  session_start();
  session_register("user");
  session_register("uname");
$subtitle="Login";
ob_start();
require("header.php");
//Get any form data.
$football->WhoOnlineDelete;

$username=$_POST['username'];
$password=$_POST['password'];

if ($_POST)
{
//Make sure cookies are enabled.
// if ($_COOKIE["football"]=="")
//  {

//      $football->ErrorMessage("You must use a browser that supports cookies and<br> have them enabled in order to access this site.");
//  }
//    else
//  {
//Check input.
    if ($username=="")
    {
                $football->ErrorMessage("Please enter a username.");
    }
        elseif ($password=="")
    {
                $football->ErrorMessage("Please enter your password.");
    }
      else
    {
//Verify the password and redirect to default page if correct.
     $sql="select * from ".$football->prefix."users where user = '".$username."'";
         $rs = $football->dbQuery($sql,$football->database);
         $row = mysql_fetch_object($rs);
         $rows = mysql_num_rows($rs);
      if($rows == 0)
      {
                $football->ErrorMessage("User '".$username."' not found.");
      }
      elseif (md5($password) != $row->password)
      {
                $football->ErrorMessage("Incorrect password, please reenter.");
      }
       else
      {

        $user=$row->user;
        if ($row->name =="") {
        $uname=$row->user;
        } else {
        $uname=$row->name;
        }
        header("Location: index.php");
      }

    }


  }


//}
  else
{
//Set test cookie.
  setcookie("football","peanutbutter",0,"/",$football->domain,0);
}
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
<table class="main" cellpadding="0" cellspacing="0">
<tr>
  <th align="left">User Login</th>
</tr>
<tr>
<td>
<div class="freeForm">
<table border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td><strong>Username:</strong></td>
    <td><input name="username" value="" size="12" /></td>
  </tr>
  <tr>
    <td><strong>Password:</strong></td>
    <td><input name="password" type="password" value="" size="12" /></td>
  </tr>
</table>

<p>Enter your username and password and press 'Login'.</p>

</div>
</td></tr>
</table>
<p><input class="button" type="submit" value="Login" />
<input class="button" type="reset" value="Clear" onclick="this.form.elements['username'].selectedIndex = 0; this.form.elements['password'].value = ''; return false;" /></p>
</form>

<?php require("footer.php"); ?>

 

Thanks,

G

I'm not going to dig right through that code but I can tell you, you never actually set any session vars. You might want to look for a decent tutorial on writting a login system but I'll post a small example.

 

<?php

  if (isset($_POST['submit'])) {
    $uname = mysql_real_escape_string($_POST['uname']);
    $upass = mysql_real_escape_string($_POST['upass']);
    $sql = "SELECT uname FROM users WHERE uname = '$uname' && upass = '$upass';";
    if ($result = mysql_query($sql)) {
      if (mysql_num_rows($result)) {
        // we have a valid user.
        session_start();
        $_SESSION['logged'] = true;
        $_SESSION['uname'] = $uname;
        // redirect to memebers only page.
        header("Location members.php");
      } else {
        // invalid user. redirect to login form.
        header("Location login.php");
      }
    }
  }

?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.