Session acknowledgement help.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tymlls05
Forum Commoner
Posts: 30
Joined: Tue Nov 01, 2005 1:30 pm

Session acknowledgement help.

Post by tymlls05 »

THE PHP BELOW IS LOGIN.PHP

Code: Select all

<?php
if(!$_SESSION['uid'])
{
include "style/style.css";
echo '<form action="actions.php" method="post">
E-mail:<input type="text" name="email" size="30"><br>
Password:<input type="password" name="password" size="30">
<input type="submit" name="mode" value="Log In" />
</form>';
}
else {
header('Location: index.php');
} ?>

After login I have a script that checks for the session:

Code: Select all

<? if (!$_SESSION['uid']) header('Location: login.php'); ?>

For some reason, the !$_SESSION['uid'] forces the php to believe that the user is not logged in. If the beginning of login.php is changed to $_SESSION['uid'] then it redirects to index.php, which begins as $_SESSION['uid'] (but it does it's job and recognizes the user as logged in.
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: Session acknowledgement help.

Post by cpetercarter »

Try if(empty($_SESSION['uid']))
tymlls05
Forum Commoner
Posts: 30
Joined: Tue Nov 01, 2005 1:30 pm

Re: Session acknowledgement help.

Post by tymlls05 »

Thank you for the reply!

It still is doing the same thing though. I don't know if it will offer anymore helpful information, but here is the whole process.


Visit Index.php, display:

Code: Select all

<?php
include "includes/start.php";
 
if($_SESSION['uid']){ /*IF LOGGED IN SHOW PROFILE.PHP*/
 
include "profile.php";
 
} else { /* SHOW LOGIN */
 
header('Location: login.php');
 
}
?>
login.php:

Code: Select all

<?php
if(!$_SESSION['uid'])
{
include "style/style.css";
echo '<form action="actions.php" method="post">
E-mail:<input type="text" name="email" size="30"><br>
Password:<input type="password" name="password" size="30">
<input type="submit" name="mode" value="Log In" />
</form>';
}
else {
header('Location: index.php');
} ?>
The start.php mentioned in the index.php file has this as part of its content:

Code: Select all

 
<?
$expireTime = 60*60*2; // 2 hours
session_set_cookie_params($expireTime);
session_start();
$sess_id = session_id(); 
header("Cache-control: private");
if (!$_SESSION['uid']) header('Location: login.php'); ?>
 
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: Session acknowledgement help.

Post by cpetercarter »

Where is the bit of code which sets the session variables? I would expect to see something like

Code: Select all

$_SESSION['uid'] = $login_id;
I guess it is in the script actions.php which processes the output of the login form.
tymlls05
Forum Commoner
Posts: 30
Joined: Tue Nov 01, 2005 1:30 pm

Re: Session acknowledgement help.

Post by tymlls05 »

This is actions.php

Code: Select all

<?php
/*
Supercali Event Calendar
 
Copyright 2006 Dana C. Hutchins
 
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
 
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
 
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
For further information visit:
http://supercali.inforest.com/
*/
 
include "includes/start.php";
function check_login() {
    global $table_prefix, $link, $common_get;
    if(get_magic_quotes_gpc()) {
        $saemail = mysql_real_escape_string(stripslashes($_POST["email"]));
        $password = mysql_real_escape_string(stripslashes($_POST["password"]));
        
     } else {
        $saemail = mysql_real_escape_string($_POST["email"]);
        $password = mysql_real_escape_string($_POST["password"]);
     }
    
    
    $md5_pass = md5($password);
    
    $query = mysql_query("Select uid, saemail, temp_password from agents where saemail='".$saemail."' and password='$md5_pass' OR saemail='".$saemail."' and temp_password='$md5_pass'");
    
    $total_row = mysql_numrows($query);
    if($total_row>0){
        $row = mysql_fetch_array($query);
        $_SESSION['uid'] = $row['uid'];
        $_SESSION['email'] = $row['email'];
        if ($row['temp_password'] == $md5_pass) {
            mysql_query("UPDATE agents set password = '".$row['temp_password']."', temp_password = NULL WHERE uid ='".$row['uid']."'");
            mysql_close($link);
            sleep(2);
            header("Location: index.php");
        } else {
            mysql_close($link);
            if ($_POST["return_to"]) {
                sleep(2);
                header("Location: ".$_POST["return_to"]);
            } else {
                sleep(2);
                header("Location: index.php");
            }
        }
    } else {
        mysql_close($link);
        sleep(2);
        header("Location: index.php");
    }
}
 
function send_new_password() {
    global $table_prefix, $calendar_title, $calendar_email, $common_get,$link,$lang;
    if(get_magic_quotes_gpc()) {
        $saemail = mysql_real_escape_string(stripslashes($_POST["email"]));
        
     } else {
        $saemail = mysql_real_escape_string($_POST["email"]);
     }
    $query = mysql_query("Select * from agents where saemail='$saemail'");
    $total = mysql_numrows($query);
    if($total>0){
        $row = mysql_fetch_array($query);
        $newpass=substr(md5($saemail.microtime()), 0, 8);
        $crypt_pass=md5($newpass);
        mysql_query("UPDATE agents set temp_password = '".$crypt_pass."' where saemail ='".$saemail."'");
        $message = $lang["password_msg"].$calendar_title.":\n\n$newpass\n\n";
        mail($saemail, $lang["password_subject_start"].$calendar_title.$lang["password_subject_end"], "$message", "From: \"".$calendar_title."\" <".$calendar_email.">");
        
        $msg=$lang["password_sent"];
        
        
    } else {
        $msg=$lang["password_no_email"];
    }
    mysql_close($link);
    sleep(2);
    header("Location: index.php");
}
 
function log_out () {
    global $common_get;
    session_start(); 
    session_unset();
    session_regenerate_id();
    sleep(2);
    header("Location: index.php?");
}
 
function approve($code) {
    global $table_prefix, $lang, $link;
    if(get_magic_quotes_gpc()) {
        $code = mysql_real_escape_string(stripslashes($code));
     } else {
        $code = mysql_real_escape_string($code);
        
     }
    $q = "select event_id from ".$table_prefix."events where quick_approve = '".$code."'";
    $query = mysql_query($q);
    if (mysql_num_rows($query) > 0) {
        $sq = "update ".$table_prefix."events set status_id = 4, quick_approve = NULL where quick_approve = '".$code."'";
        $squery = mysql_query($sq);
        if ($squery) {
            $msg = $lang["event_updated"];
            $event_id = mysql_result($query,0,0);
            include "includes/notify.php";
            notify_group($event_id);
        }
    } else {
        $msg = $lang["event_not_found"];
    }
    sleep(2);
    header("Location: index.php");
 
}
 
 
switch ($_REQUEST["mode"]) {
case $lang["send_new_password"];
    
    send_new_password();
    break;
 
case "q";
    approve($_REQUEST["qa"]);
    break;
case "logout";
    log_out();
    break;
    
case "Log In"; 
    check_login();
    break;
 
default; 
 
    sleep(2);
    header("Location: index.php");
    break;
}
 
mysql_close($link);
?>
Post Reply