$_SESSION sanity check
Posted: Wed Nov 11, 2009 11:40 pm
Ok ladies and gents, I've been battling with this login/session code for a few days now and I'm beginning to think there's a short circuit... somewhere in my head. No matter what I've tried I can't maintain persistent session across pages.
Can someone please give me a second/third/fourth set of eyes and let me know where it's broken? I have a simple 2-page example working so I know my browser and environment are ok, but that means my code is broken!
Here's the login page:
login script:
Here's a sample page (that isn't recognizing session info):
And last, here's the header with some (failing) checks against the $_SESSION['auth'] variable:
Sorry for the long post but I wanted to make sure you guys had all the pieces. Any help would be MUCH appreciated!!!
As an aside, when I try to access admin.php without logging in it's even letting me do that so somewhere my $_SESSION tests are just failing all over the place...
Can someone please give me a second/third/fourth set of eyes and let me know where it's broken? I have a simple 2-page example working so I know my browser and environment are ok, but that means my code is broken!
Here's the login page:
Code: Select all
<?php
session_start();
echo '<?xml version="1.0" encoding="utf-8"?>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title></title>
<body>
<div id="container">
<div id="header">
<?php
include('header.php');
?>
</div>
<div id="content">
<div class='topleft'></div>
<div class='topright'></div>
<div class='bottomleft'></div>
<div class='bottomright'></div>
<br/>
<h3>DHP Administrative Login</h3>
<p>(Must have cookies enabled)</p>
<div id="loginform">
<?php
if (isset($message))
{
echo "$message";
}
?>
<form action="processlogin.php" method="POST">
<table border="0">
<tr>
<td><label for="fusername">Username</label></td>
<td><input type="text" name="fusername" size="20" maxsize="20"></td>
</tr>
<tr>
<td><label for="fpassword">Password</label></td>
<td><input type="text" name="fpassword" size="20" maxsize="20"></td>
</tr>
<input type="hidden" name="do" value="login">
</table>
<input type="submit" name="log" value="Submit">
</form>
</div>
</div>
<div id="footer">
<?php
include('footer.php');
?>
</div>
</div>
</body>
</html>
Code: Select all
<?php
/* Program: processlogin.php
* Desc: Processes input from login.php and will either
* 1) Validate the login and set appropriate session
* variables, or
* 2) Re-display the page.
*/
switch (@$_POST['do'])
{
case 'login':
$cxn = mysql_connect($host, $user, $password);
if (!cxn)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db($database, $cxn);
$sql = "SELECT loginName FROM Member WHERE loginName='philtest'";
$result = mysql_query($sql)
or die("Could not execute query 1.");
$num = mysql_num_rows($result);
if ($num > 0) //login found
{
$sql = "SELECT loginName FROM Member WHERE
loginName='$_POST[fusername]'
AND password=md5('$_POST[fpassword]')";
$result2 = mysql_query($sql)
or die("Could not execute query 2.");
$num2 = mysql_num_rows($result2);
}
if ($num2 > 0) //password matched
{
$_SESSION['auth'] = 'admin';
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname;
$today = date("Y-m-d h:i:s");
$sql = "INSERT INTO Login (loginName,loginTime)
VALUES ('$logname','$today')";
$result = mysql_query($sql)
or die("Can't execute insert query.");
session_write_close();
header("Location: admin.php");
}
else
{
$message = "Incorrect login credentials. Please try again!";
include("login.php");
}
break;
default:
{
include("login.php");
}
}
?>
Code: Select all
<?php
session_start();
/* if ( $_SESSION('auth') != 'admin' )
{
header("Location: login.php");
} */
echo '<?xml version="1.0" encoding="utf-8"?>';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title></title>
</head>
<body>
<div id="container">
<div id="header">
<?php
include('header.php');
?>
</div>
<div id="content">
<div class='topleft'></div>
<div class='topright'></div>
<div class='bottomleft'></div>
<div class='bottomright'></div>
<br/>
<h3>DHP Administrative Page</h3>
<p>Under construction.</p>
<?php
echo $_SESSION['auth'];
?>
<p></p>
</div>
<div id="footer">
<?php
include('footer.php');
?>
</div>
</div>
</body>
</html>
Code: Select all
<?php
/* Program name: header.php
* Description: Provides the header content (title, navigation) to each of the DHP pages.
*/
echo
"
<div class='topleft'></div>
<div class='topright'></div>
<div class='bottomleft'></div>
<div class='bottomright'></div>
<div id='DHPTitle'>
<img src='images/dhp_logo.jpg' alt='DHP Logo' />
</div>
<div id='DHPSubtitle'>
<img src='images/dhp_sublogo.jpg' alt='DHP Sublogo' />
</div>
<div id='DHPMascot'>
";
if ( empty( $_SESSION['auth'] ) )
{
echo "<a href='login.php'>";
}
else
{
echo "<a href='admin.php'>";
}
echo
"
<img src='images/dhp_mascot.jpg' alt='DHP Mascot' />
</a>
</div>
<div id='navigation'>
<ul>
<li>
<a href='index.php' title='Dutch Home Painting - The Best Painters in Town - Cincinnati, OH'>Home</a></li>
<li><a href='samples.php' title='Dutch Home Painting - Sample Pictures'>Sample Work</a></li>
<li><a href='about.php' title='Dutch Home Painting - About Us'>About Us</a></li>
<li><a href='estimate.php' title='Dutch Home Painting - Free Estimate'>Free Estimate</a></li>
";
if ( empty( $_SESSION['auth'] ) )
{
echo "<li>513-555-1212</li>";
}
else
{
echo "<a href='logout.php'><li>Logout</a></li>";
}
echo "auth variable is ".$_SESSION['auth'];
"
</ul>
</div>
";
?>
Sorry for the long post but I wanted to make sure you guys had all the pieces. Any help would be MUCH appreciated!!!
As an aside, when I try to access admin.php without logging in it's even letting me do that so somewhere my $_SESSION tests are just failing all over the place...