A problem with $_SESSION

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Firehawk777
Forum Newbie
Posts: 6
Joined: Mon Dec 06, 2010 1:37 am

A problem with $_SESSION

Post by Firehawk777 »

Hi there
I have been working on a login PHP script and had it working until I made so change late at night and forgot to back it up.
The script uses PHP and Javascript as well as a Mysql database.
The problem I am having is with the session closing unexpectedly when I go to enter the profile (or any other button placed after the login). It is rather hard to explain so here is the code

Code: Select all

<?php //login php script	
include_once 'rnfunctions.php';
$theaction='index14.php';
function destroySession()
{
$_SESSION=array();
if ((session_id() != '') || isset($_COOKIE[session_name()])){
setcookie(session_name(),'', time()-2592000,'/');
[color=#FFBF40]session_destroy();[/color]
}
}
function startsessions($user,$pass,$theaction)
{
session_start();
session_name($user);
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
$theuser =($_SESSION['user']);
echo "You are now logged in as $theuser";
}

function loggedin($theaction)
{
echo <<<_END
<table>
<tr>
<td>
<form name="myform" method='post' action='$theaction'>
<input type='hidden' name='logout'value='logout' />
<a href="#" onMouseDown="submitform(0);">logout</a> |
</form>
</td>
<td>
<form name="myform2" method='post' action='$theaction'>
<input type='hidden' name='profile'value='profile' />
<a href="#" onMouseDown="submitform(2);">profile</a> |
</form>
</td>
<td>
<form name="myform3" method='post' action='$theaction'>
<input type='hidden' name='unregister'value='unregister' />
<a href="#" onMouseDown="submitform(3);">unregister</a>
</form>
</td>
</tr>
</table>
_END;
}
function loginform($theaction)
{
echo <<<_END
<table border="0">
<tr>
<form name="myform" method='post' action='$theaction'>
<td>Username->    </td><td> <input type='text' STYLE="color: #FFFFFF; font-family: Verdana; font-size: 12px; background-color: #1BCE11;" id ='password' id='username' size='12' maxlength='16' name='user'
value='user' /></td>
</tr>
<tr>
<td>Password->    </td><td> <input type='text' STYLE="color: #FFFFFF; font-family: Verdana; font-size: 12px; background-color: #1BCE11;" id ='password' size='12' maxlength='16' name='pass'
value='pass' /></td>
</tr>
<tr>

<td colspan="2"><a href="#" onMouseDown="submitform(0);">login</a></td>
</form>
</tr><tr><td colspan="2">
<form name="myform2" method='post' action='$theaction'>
<input type='hidden' name='register'value='register' />
<a href="#" onMouseDown="submitform(2);">register</a>
</form></td></tr>
<tr><td colspan="2">
<form name="myform3" method='post' action='$theaction'>
<input type='hidden' name='reset'value='reset' />
<a href="#" onMouseDown="submitform(3);">reset password</a></td>
</tr>
</table>
_END;
}
function regform($theaction)
{
echo <<<_END
<table border="0">
<tr>
<form name="myform" method='post' action='$theaction'>
<td>Username->    </td><td> <input type='text'STYLE="color: #FFFFFF; font-family: Verdana;  font-size: 12px; background-color: #1BCE11;" size='12' maxlength='16' name='username'
value='username' onBlur='checkUser(this)'/></td>
</tr>
<tr>
<td>Password->    </td><td> <input type='password' STYLE="color: #FFFFFF; font-family: Verdana;  font-size: 12px; background-color: #1BCE11;" size='12' maxlength='16' name='password'
value='password' onBlur='checkpass(this)'/></td>
</tr>
<tr>
<td>Email->    </td><td> <input type='text' STYLE="color: #FFFFFF; font-family: Verdana; font-size: 12px; background-color: #1BCE11;"size='12' maxlength='30' name='email'
value='email' onBlur='checkEmail(this)'/></td>
</tr>
<tr>
<td colspan="2"><a href="#" onMouseDown="submitform(0);">register</a>
</form></td></tr><tr>
<td colspan="2">
<form name="myform2" method='post' action='$theaction'>
<input type='hidden' name='login'value='login' />
<a href="#" onMouseDown="submitform(2);">login</a>
</form>
</td>
</tr>
</table>
<span id='logtext'></span>
_END;
}
function retlogin($theaction)
{
echo <<<_END
<form name="myform" method='post' action='$theaction'>
<input type='hidden' name='login'value='login' />
<a href="#" onMouseDown="submitform(0);">back to login</a>
</form>
_END;
}
function resetform($theaction)
{
echo <<<_END
<table border="0">
<tr>
<form name="myform" method='post' action='$theaction'>
<td>Enter New Password->    </td><td> <input type='password' STYLE="color: #FFFFFF; font-family: Verdana; font-size: 12px; background-color: #1BCE11;"size='12' maxlength='16' name='password1'
value='password1' onBlur='checkpass(this)'/></td>
</tr>
<tr>
<td>Email->    </td><td> <input type='text' STYLE="color: #FFFFFF; font-family: Verdana; font-size: 12px; background-color: #1BCE11;" id ='password' size='12' maxlength='30' name='email'
value='email'onBlur='checkreset(this)'/></td>
</tr>
<tr>
<td colspan="2"><a href="#" onMouseDown="submitform(0);">reset password</a>
</form></td></tr><tr>
<td colspan="2">
<form name="myform2" method='post' action='$theaction'>
<input type='hidden' name='login'value='login' />
<a href="#" onMouseDown="submitform(2);">back to login</a>
</form>
</td>
</tr>
</table>
<span id='logtext'></span>
_END;
}

if (isset($_POST['login']))
{
loginform($theaction);
}
elseif (isset($_POST['logout']))
{
echo "you have logged out";
[color=#FFBF40]destroySession();[/color]
loginform($theaction);
}
//recieve reset password call
elseif (isset($_POST['reset']))
{
resetform($theaction);
}
//recieve reset password info
elseif (isset($_POST['password1']))
{
$theemail =	$_POST['email'];
$newpass =	$_POST['password1'];
//salt hash password for replacement
$newpass = encriptpass($newpass);
$query = "SELECT * FROM users WHERE email='$theemail'";
if (mysql_num_rows(queryMysql($query)) == 0)
{
echo "Email invalid please register<br />";
regform($theaction);
}
else
{
		$message = validate_password($newpass);
		if ($message =="")
		{
		$regaddress = "http://www.imandanband.com.resetpass.php?newpass=".$newpass."&email=".$theemail; 
		 	$to = $theemail;
 			$subject = "Reset password at Imandan";
 			$body = "Hi there,\n\nYou have requested to reset your password to $newpass.\n\nPlease click the following link to validate your new password\n\n$regaddress or ignore this message if it has been sent in error";
 			if (mail($to, $subject, $body)) {
   				echo("Message successfully sent! Go to your email to validate your new password");
			retlogin($theaction);
  			} else {
  			echo("Message delivery failed...You must enter a valid email address");
			}
		}

        }
}
elseif (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
$pass = encriptpass($pass);
if ($user == "" || $pass == "")
{
$error = "Not all fields were entered<br />";
}
else
{
$query = "SELECT user, pass FROM users WHERE user='$user' AND pass ='$pass'";

if (mysql_num_rows(queryMysql($query)) == 0)
{
	echo "Username/Password invalid<br />";
	loginform($theaction);
}
else
{
startsessions($user,$pass,$theaction);
showprofile();

}
}
}
else{
loginform($theaction);
}
The code that is in red is where I have the problem. It calls javascript to submit the form
The javascript is as follows

Code: Select all

function submitform(num)
{
if (num == 2)
{
document.myform2.submit();
return 1;
}
if (num == 3)
{
document.myform3.submit();
return 1;
}
if (num == 4)
{
document.myform4.submit();
return 1;
}
if (num == 5)
{
document.myform5.submit();
return 1;
}
if (num == 6)
{
document.myform6.submit();
return 1;
}
else
{
document.myform.submit();
return 1;
}
}
I can log in though when I go to enter the profile the $_SESSION['user'] is gone and I am logged out. I just can't seem to track down the problem and it is frustrating the heck out of me.
If anyone has any ideas PLEASE help!
rodger21
Forum Newbie
Posts: 2
Joined: Mon Feb 07, 2011 3:22 am

Re: A problem with $_SESSION

Post by rodger21 »

May be this is something happen due to the arrangement of codes, according to me Session_start() function will work only at the begining of the codes.

ROD
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: A problem with $_SESSION

Post by Mordred »

session_name before session_start
Also, do you use session_start (must be your startsessions() really) in the following pages as well?

You have a SQL injection in the password reset code.
User avatar
Zyxist
Forum Contributor
Posts: 104
Joined: Sun Jan 14, 2007 10:44 am
Location: Cracow, Poland

Re: A problem with $_SESSION

Post by Zyxist »

Code: Select all

function startsessions($user,$pass,$theaction)
{
session_start();
session_name($user);
$_SESSION['user'] = $user;
// ...
}
And how do you think PHP could find this session if you change its name to the username which is passed in that session? It's like closing the car keys in the car.
Post Reply