dennismonsewicz Posted March 18, 2008 Share Posted March 18, 2008 When I upload a file, I loose a session variable within one of my PHP scripts: Code: Upload.php: <?php include "includes/header.php"; include "includes/sidebar.php"; $_SESSION['username'] = $_GET['username']; ?> <div class="maincontent"> <div class="maincontentheader"> <h2><?php echo ucwords($_SESSION['username']); ?>, use the form below to upload an image!</h2> </div> <!-- The data encoding type, enctype, MUST be specified as below --> <form enctype="multipart/form-data" action="uploadfile.php" method="POST"> <!-- MAX_FILE_SIZE must precede the file input field --> <input type="hidden" name="MAX_FILE_SIZE" value="9999999" /> <input type="hidden" name="username" value="<?php echo $_SESSION['username']; ?>" /> <!-- Name of input element determines name in $_FILES array --> <p>Upload this file: <input name="userfile" type="file" /> <input type="submit" value="Upload File" /></p> </form> <div class="maincontentfooter"> </div> </div> <?php include "includes/footer.php"; ?> uploadfile.php: <?php include "includes/header.php"; include "includes/sidebar.php"; ?> <div class="maincontent"> <div class="maincontentheader"> <h2><?php echo ucwords($_POST['username']); ?>, thank you for your upload!</h2> </div> <?php // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead // of $_FILES. $uploaddir = 'C:/intranet_healthresources_net/hrstock/imageuploads/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); $url = 'http://intranet.healthresources.net/hrstock/imageuploads/' . $_FILES['userfile']['name']; $filename = $_FILES['userfile']['name']; $filesize = $_FILES['userfile']['size']; $filetype = $_FILES['userfile']['type']; $uploaded_by = $_POST['username']; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "<p>File is valid, and was successfully uploaded.\n</p>"; } else { echo "<p>Possible file upload attack!\n</p>"; } echo '<p>Below is the information of the file you uploaded:</p>'; echo '<p> Name of File: ' . $filename . '</p>'; echo '<p> Type of File: ' . $filetype . '</p>'; echo '<p> Size of File: ' . $filesize . '</p>'; if(move_uploaded_file) { include "sql.php"; $query = "insert into uploads (username, name, size, type, url) " . "values ('$uploaded_by', '$filename', '$filesize', '$filetype', '$url')"; mysql_query($query) or die("ERROR: " . mysql_error()); echo '<p>File loaded into Database successfully!</p>'; } else { echo '<p>There was a problem with inserting the file into the database! Please try again!</p>'; } ?> <div class="maincontentfooter"> </div> </div> <?php include "includes/footer.php"; ?> Now when this is executed for some reason in an include called sidebar.php (which loads on the left hand side of the users screen, displaying user options (such as view profile, logout, upload an image, etc...) the session is lost and the wrong username and password is displayed. sidebar.php: <?php session_start(); if($_POST) { //If the form has been submitted include "sql.php"; $_SESSION['username'] = stripslashes($_POST['username']); $_SESSION['password'] = stripslashes($_POST['password']); $sql = "select * from users where username = '" . $_SESSION['username'] . "' and password = '" . $_SESSION['password'] . "'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if($count == 1) { session_register("username"); session_register("password"); header("location: " . SITE_URL . "?username=" . $_SESSION['username'] . ""); } else { echo '<div class="login"> <p>Wrong username and password!</p> <form action="index.php" method="post" name="loginform"> <p style="text-align: left; padding-left: 11px;">Username:</p> <input type="text" id="username" name="username" /> <p style="text-align: left; padding-left: 11px;">Password:</p> <input type="password" id="password" name="password" style="clear: right;" /> <input type="image" src="images/loginbutton.jpg" style="width: 66px; height: 33px; float: right; margin-right: 7px;" /> </form> <div class="loginfooter" style="clear: both;"> </div> </div>'; } } else { //Else, no post data. Form hasn't been submitted if($_SESSION) { //Is the user logged in? YES! Checks to make sure there is a SESSION before echoing User Options echo '<div class="login"> <p>Welcome, ' . ucwords($_SESSION['username']) . '</p> <p style="text-align: left; padding-left: 10px;"><a href="includes/logout.php">Logout?</a></p> <p style="text-align: left; padding-left: 10px;"><a href="profile.php?username=' . $_SESSION['username'] . '">View Profile</a></p> <p style="text-align: left; padding-left: 10px;">My Photos</p> <p style="text-align: left; padding-left: 10px;"><a href="upload.php?username=' . $_SESSION['username'] . '">Upload An Image</a></p> <div class="loginfooter" style="clear: both;"> </div> </div>'; } else { //User isn't logged in and therefore User must login before proceding echo '<div class="login"> <p>Please Login to Utilize Your Account</p> <form action="index.php" method="post" name="loginform"> <p style="text-align: left; padding-left: 11px;">Username:</p> <input type="text" id="username" name="username" /> <p style="text-align: left; padding-left: 11px;">Password:</p> <input type="password" id="password" name="password" style="clear: right;" /> <input type="image" src="images/loginbutton.jpg" style="width: 66px; height: 33px; float: right; margin-right: 7px;" /> </form> <div class="loginfooter" style="clear: both;"> </div> </div>'; } } ?> Quote Link to comment Share on other sites More sharing options...
psychowolvesbane Posted March 18, 2008 Share Posted March 18, 2008 Are you sure you have session_start() function on every page? Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 18, 2008 Author Share Posted March 18, 2008 yes Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 18, 2008 Author Share Posted March 18, 2008 The session takes place everywhere else but with that sidebar include for some reason. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 18, 2008 Share Posted March 18, 2008 don't know if it makes a diff, but do you use session_start() in includes/header.php also? Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 18, 2008 Author Share Posted March 18, 2008 yes Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 18, 2008 Author Share Posted March 18, 2008 Ok, I just took session_start() completely off every single page except for the header.php file and I am still having the same problem. Could it be something overwriting the started session in the sidebar.php file? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 18, 2008 Share Posted March 18, 2008 i don't see anything, but these are redundant as $_SESSION['username'] and $_SESSION['password'] are already defined. session_register("username"); session_register("password"); Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 18, 2008 Author Share Posted March 18, 2008 So what might you suggest to solve my problem? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 18, 2008 Share Posted March 18, 2008 what do you mean by 'the session is lost and the wrong username and password is displayed'. are you seeing output from the session, but the information isn't what you expected? maybe try print_r($_SESSION) to see what you've got in different places, before inside and after sidebar.php. Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 18, 2008 Author Share Posted March 18, 2008 inside sidebar.php within the if($_POST) statement at the else it looks like this: if($_POST) { //If the form has been submitted include "sql.php"; $_SESSION['username'] = stripslashes($_POST['username']); $_SESSION['password'] = stripslashes($_POST['password']); $sql = "select * from users where username = '" . $_SESSION['username'] . "' and password = '" . $_SESSION['password'] . "'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if($count == 1) { session_register("username"); session_register("password"); header("location: " . SITE_URL . "?username=" . $_SESSION['username'] . ""); } else { echo '<div class="login"> <p>Wrong username and password!</p> <form action="index.php" method="post" name="loginform"> <p style="text-align: left; padding-left: 11px;">Username:</p> <input type="text" id="username" name="username" /> <p style="text-align: left; padding-left: 11px;">Password:</p> <input type="password" id="password" name="password" style="clear: right;" /> <input type="image" src="images/loginbutton.jpg" style="width: 66px; height: 33px; float: right; margin-right: 7px;" /> </form> <div class="loginfooter" style="clear: both;"> </div> </div>'; } It is displaying the else instead of keeping the session alive. The session_start(); is above the else statement. I will try what you suggested! Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 18, 2008 Author Share Posted March 18, 2008 Sorry I meant the session_start() is above the if($_POST) statement I tried what you suggested and this is what was printed on the screen: Array ( [username] => [password] => ) Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted March 18, 2008 Author Share Posted March 18, 2008 OK OK I think I figured out what is going on. In my sidebar.php include file there is an if statement that goes like this: if($_POST) { ... } well in my upload.php file there is an if($_POST) as well so there is a conflict. Any idea on how to fix this? Quote Link to comment Share on other sites More sharing options...
psychowolvesbane Posted April 16, 2008 Share Posted April 16, 2008 use the Submit Button value, so the name of the submit button is checked with the value you gave it or by using the isset() function if it has a value when submitted: if(isset($_POST['SubmitB'])) { ... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.