PHP5 and passing session values

[ghgarcia]

Hi,

I have an login script the collects user name and password also if they are present it executes my index application. Within the index application it requires a protection program that checks to see if the user name is present in the variables and if not it calls the login application.

 

The protection application looks like the following:

 

  session_start();
  session_register("user");

//Buffer output in case of redirection.
ob_start();
//If not logged in, redirect to the login page.
if ($_SESSION['user']=="")
{
  header("Location: login.php");
}

 

The login app uses a form to collect the user and password. This process works perfectly in PHP4 and in most cases with PHP5 however there are some cases that for some reason the session values are not available after the login application. The login app uses:

 

$username=$_POST['username'];
$password=$_POST['password'];

 

to read the values.

 

Any help would be greatly appreciated.

 

George

[ToonMariner]

why are you using session_register in PHP 5?

[darkfreaks]

This code is so not needed:

 

session_register("user");

[trq]

session_register() has long been depricated in both php4 and php5. Your check should simply look like...

 

<?php

 session_start();

 ob_start();

 if ( ! isset($_SESSION['user'])) {
   header("Location: login.php");
 }

?>

 

We need to see where you set your session vars within the login script.

[ghgarcia]

Thanks for the suggestion I made the changes and still no joy. Is there something I could check that might give me a clue. Again I really appreciate the help.

 

George

[trq]

Once again... we need to see where you set your session vars within the login script.

[ghgarcia]

Here is a copy of my login script:

 

<?
  session_start();
  session_register("user");
  session_register("uname");
$subtitle="Login";
ob_start();
require("header.php");
//Get any form data.
$football->WhoOnlineDelete;

$username=$_POST['username'];
$password=$_POST['password'];

if ($_POST)
{
//Make sure cookies are enabled.
// if ($_COOKIE["football"]=="")
//  {

//      $football->ErrorMessage("You must use a browser that supports cookies and<br> have them enabled in order to access this site.");
//  }
//    else
//  {
//Check input.
    if ($username=="")
    {
                $football->ErrorMessage("Please enter a username.");
    }
        elseif ($password=="")
    {
                $football->ErrorMessage("Please enter your password.");
    }
      else
    {
//Verify the password and redirect to default page if correct.
     $sql="select * from ".$football->prefix."users where user = '".$username."'";
         $rs = $football->dbQuery($sql,$football->database);
         $row = mysql_fetch_object($rs);
         $rows = mysql_num_rows($rs);
      if($rows == 0)
      {
                $football->ErrorMessage("User '".$username."' not found.");
      }
      elseif (md5($password) != $row->password)
      {
                $football->ErrorMessage("Incorrect password, please reenter.");
      }
       else
      {

        $user=$row->user;
        if ($row->name =="") {
        $uname=$row->user;
        } else {
        $uname=$row->name;
        }
        header("Location: index.php");
      }

    }


  }


//}
  else
{
//Set test cookie.
  setcookie("football","peanutbutter",0,"/",$football->domain,0);
}
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
<table class="main" cellpadding="0" cellspacing="0">
<tr>
  <th align="left">User Login</th>
</tr>
<tr>
<td>
<div class="freeForm">
<table border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td><strong>Username:</strong></td>
    <td><input name="username" value="" size="12" /></td>
  </tr>
  <tr>
    <td><strong>Password:</strong></td>
    <td><input name="password" type="password" value="" size="12" /></td>
  </tr>
</table>

<p>Enter your username and password and press 'Login'.</p>

</div>
</td></tr>
</table>
<p><input class="button" type="submit" value="Login" />
<input class="button" type="reset" value="Clear" onclick="this.form.elements['username'].selectedIndex = 0; this.form.elements['password'].value = ''; return false;" /></p>
</form>

<?php require("footer.php"); ?>

 

Thanks,

G

[trq]

I'm not going to dig right through that code but I can tell you, you never actually set any session vars. You might want to look for a decent tutorial on writting a login system but I'll post a small example.

 

<?php

  if (isset($_POST['submit'])) {
    $uname = mysql_real_escape_string($_POST['uname']);
    $upass = mysql_real_escape_string($_POST['upass']);
    $sql = "SELECT uname FROM users WHERE uname = '$uname' && upass = '$upass';";
    if ($result = mysql_query($sql)) {
      if (mysql_num_rows($result)) {
        // we have a valid user.
        session_start();
        $_SESSION['logged'] = true;
        $_SESSION['uname'] = $uname;
        // redirect to memebers only page.
        header("Location members.php");
      } else {
        // invalid user. redirect to login form.
        header("Location login.php");
      }
    }
  }

?>

[ghgarcia]

Really appreciate the help that did it. 

 

You guys are great.

 

George