Jump to content

Windows Server Sessions Problems - Any Suggestions?

Coreye

By Coreye
in PHP Coding Help

Recommended Posts

Coreye Member

Coreye

Posted
Posted

Hey guys,

 

Below is a login page. For someone reason when users try to login into it on a windows server, it doesn't redirect, and instead just goes back to the login page. No errors in the error_log or anything. All errors are turned on, they get nothing. This works fine on a linux server.

 

I've been told it's because the redirect is breaking the sessions on windows servers.

 

I've added:

session_write_close();
@header("Location: $dest");

 

and they get the same thing.

 

Any suggestions or ideas?

 

<?php
require_once('../main.inc.php');
if(!defined('INCLUDE_DIR')) die('Fatal Error.');

require_once(INCLUDE_DIR.'class.staff.php');

$msg=$msg?$msg:'Authentication Required';
if($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))){
    //$_SESSION['_staff']=array();
    $msg='Invalid login';
    if($_SESSION['_staff']['laststrike'] && (time()-$_SESSION['_staff']['laststrike']<3*60)) {
        $msg='Max failed login Reached';
        $errors['err']='You\'ve reached maximum failed login attempts allowed.';
    }
    if(!$errors && ($user=new StaffSession($_POST['username'])) && $user->getId() && $user->check_passwd($_POST['passwd'])){
        db_query('UPDATE '.STAFF_TABLE.' SET lastlogin=NOW() WHERE staff_id='.db_input($user->getId()));
        //We got a matching user and the password matched!! Nice.
        
        //Now set session crap and lets roll baby!
        $_SESSION['_staff']=array(); //clear.
        $_SESSION['_staff']['userID']=$_POST['username'];
        $user->refreshSession(); //set the hash.
        $_SESSION['TZ_OFFSET']=$user->getTZoffset();
        $_SESSION['daylight']=$cfg->observeDaylightSaving();

        //Redirect to the original destination. (make sure it is not redirecting to login page.)
        $dest=($_POST['dest'] && !strstr($_POST['dest'],'login.php'))?$_POST['dest']:'index.php';
        @header("Location: $dest");
        require('index.php'); //Just incase header is messed up.
        exit;
    }
    //If we get to this point we know the login failed.
    $msg='Invalid login';
    $_SESSION['_staff']['strikes']+=1;
    if(!$errors && $_SESSION['_staff']['strikes']>3) {
        $msg='Access Denied';
        $errors['err']='Forgot your login info? Contact IT Dept.';
        $_SESSION['_staff']['laststrike']=time();
        //Send alerts
        if($cfg->alertONLoginError()) {
            $alert='Excessive login attempts by a staff member?'."\n".
                'Username: '.$_POST['username']."\n".'IP: '.$_SERVER['REMOTE_ADDR']."\n".'TIME: '.date('M j, Y, g:i a T')."\n\n".
                'Attempts #'.$_SESSION['_staff']['strikes'];
            Misc::alertAdmin('Excessive login attempts (staff)',$alert);
        }
    }
}
define("OSTSCPINC",TRUE); //Make includes happy!
$login_err=($_POST)?true:false; //error displayed only on post
include_once(INCLUDE_DIR.'staff/login.tpl.php');
?>

 

Thanks,

Corey

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.