Session Issue

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kurasoe
Forum Newbie
Posts: 3
Joined: Mon Jan 26, 2004 8:48 pm

Session Issue

Post by kurasoe »

Alright, then. I've been staring at this thing for a while, and it is beyond me. For some reason, a particular session variable or two is getting thrown away (but some other session variables stay, so the session isn't getting destroyed). It only is happening on one particular page, yet I cannot see anywhere that I'm making some kind of stupid error. I'll list three php files, since I require() a header/footer page. Okay, here we go:

pageBegin.php -

Code: Select all

<?php

session_start();

//Expiry, or time set for expiration of session, is in login.php.
if($_SESSION&#1111;'sessionLength'])//If this exists, so should username, et al.
&#123;
	if( ( ($_SESSION&#1111;'sessionLength']) - time() ) <= 0 )
	&#123;
		session_destroy();
		echo "<script>window.location = "/index.php?syslogout=1"</script>\n\n";
	&#125;
	else
	&#123;
		$_SESSION&#1111;'sessionLength'] = time() + $_SESSION&#1111;'expiry'];
	&#125;
&#125;

header("Cache-control: private"); //IE 6 Fix
header("Content-Type: text/html; charset=ISO-8859-4");

if( !($_SESSION&#1111;'alerted']) )
&#123;
	$_SESSION&#1111;'alerted'] = 1;
	echo "<script>alert("****************.")</script>\n\n";
&#125;


?>

<?php

require("includes/functions.php");

?>

<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>

<title>***************************</title>

<link rel="stylesheet" href="css/default.css" type="text/css">

</head>

<body>

<p>

<table cellspacing="1" cellpadding="7" border="0">

	<tr>

		<!--Date & Time-->
		<td class="datetime" colspan="3" align="right">

		<?php
		echo date ("h:i:s A T");
		echo "<br>\n\n";
		echo date ("l dS of F Y");
		?>

		</td>

	</tr>

	<tr>

		<!--1 Cor. 14:26-->
		<td class="verse">***********************</td>

		<!--*************-->
		<td class="header" valign="top">
		<p><h4>*********</h4></p>
		<p><h6>**********************</h6></p>
		<hr>
		<p class="lil">****************************</p>
		</td>

	</tr>

	<tr>

		<!--Nav & News-->
		<td class="navnews" valign="top">

			<?php

			if($_SESSION&#1111;'username'])
			&#123;

			?>

			<!--Nav-->
			<a class="loginoutlink" href="/login.php?mode=logout">Logout</a><br><br>
			<a class="menulink" href="/index.php">Home</a><br>
			<a class="menulink" href="/articles.php?mode=list&sort=0">Articles</a><br>
			<a class="menulink" href="javascript:void(0)" onclick="window.open('****************')">Message Boards</a><br>
			<a class="menulink" href="/profile.php?mode=list">Profile</a><br>
			<a class="menulink" href="/links.php">Links</a><br>
			<a class="menulink" href="/tou.php">Terms of Use</a>

			<?php
			if($_SESSION&#1111;'admin'] == "admin")
			&#123;
			?>

			<br><a class="menulink" href="/admin.php?mode=index">Administration</a>

			<?php

			&#125;

			&#125;
			else
			&#123;
			?>

			<a class="loginoutlink" href="/login.php?mode=loginReq">Login</a> / <a class="loginoutlink" href="/login.php?mode=register">Register</a><br><br>
			<a class="menulink" href="/index.php">Home</a><br>

			<?php
			&#125;
			?>

			<hr>

			<!--News-->
			<p class="bold"><a class="menulink" href="/news.php">News</a></p>

			<p>
			January 22, 2004<br><br>
			***********************
			</p>

		</td>

		<!--Content-->
		<td class="content" valign="top">

		<?php

		if($_SESSION&#1111;'username'])
		&#123;
			$uname = $_SESSION&#1111;'username'];

			if($_SESSION&#1111;'admin'])
			&#123;
				echo "Welcome, Administrator " . $_SESSION&#1111;'username'] . ".<hr>\n\n";
			&#125;
			else
			&#123;
				echo "Welcome, " . $_SESSION&#1111;'username'] . ".<hr>\n\n";
			&#125;

			//Do DB connect, check for actRemind in user_info

			$mysqlLinkCheckActivated = mysql_connect("localhost","****************","**********")
				or die("Could not connect: " . mysql_error());

			mysql_select_db("****************")
				or die("Could not select database: " . mysql_error());

			$mysqlQueryCheckActivated = "SELECT actRemind FROM user_info WHERE username='$uname'";

			$mysqlResultCheckActivated = mysql_query($mysqlQueryCheckActivated);

			while( list($actRemind) = mysql_fetch_row($mysqlResultCheckActivated) )
			&#123;
				if($actRemind == 1)
				&#123;
					echo "<h6 class="alert">Your Edified.org Forums account has recently been activated.<hr></h6>";
					$mysqlQueryMarkActivated = "UPDATE user_auth SET actRemind=0 WHERE username='$uname'";
					mysql_query($mysqlQueryMarkActivated)
						or die("Failed query: " . mysql_error());
				&#125;
			&#125;

			mysql_free_result($mysqlResultCheckActivated);

			mysql_close($mysqlLinkCheckActivated);
		&#125;

		?>
profile.php -

Code: Select all

<?php

require("includes/pageBegin.php");

?>

<?php

if(!($_SESSION&#1111;'username']))
&#123;
	echo "No trespassing!\n\n";
&#125;
else
&#123;
	$mode = $_GET&#1111;'mode'];
	$uname = $_SESSION&#1111;'username'];

	if($mode == "list")
	&#123;
		$mysqlLinkGetProfile = mysql_connect('localhost','*********','***********')
			or die("Could not connect: " . mysql_error());
		mysql_select_db('dentariz_edified_reg')
			or die("Could not select database: " . mysql_error());
		$mysqlQueryGetProfile = "SELECT * FROM user_info WHERE username='$uname'";
		$mysqlResultGetProfile = mysql_query($mysqlQueryGetProfile)
			or die("Query failed : " . mysql_error());

		while(
			   list($username,
					$email,
					$gender,
					$maritalstatus,
					$birthdate,
					$age,
					$fname,
					$minitial,
					$lname,
					$location,
					$aim,
					$icq,
					$msnmess,
					$yahoomess,
					$churchlocation,
					$churchname,
					$admin,
					$forumstat,
					$actRemind,
					$parent)

					= mysql_fetch_row($mysqlResultGetProfile)
			 )

		&#123;

			echo "<p><a class="contentlink" href="/profile.php?mode=change">Change Somethin</a></p>\n\n";
		?>



			<table cellspacing="3" cellpadding="3" border="0">

				<tr>
					<td>
						Username:
					</td>
					<td>
						<?php echo "$username\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						Full Name:
					</td>
					<td>
						<?php echo "$fname $minitial $lname\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						E-Mail Address:
					</td>
					<td>
						<?php echo "$email\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						Gender:
					</td>
					<td>
						<?php ($gender == "M" ? $gender = "Male" : $gender="Female") ?>
						<?php echo "$gender\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						Marital Status:
					</td>
					<td>
						<?php if($maritalstatus == "S") $maritalstatus = "Single" ?>
						<?php if($maritalstatus == "C") $maritalstatus = "Courting" ?>
						<?php if($maritalstatus == "M") $maritalstatus = "Married" ?>
						<?php if($maritalstatus == "DW") $maritalstatus = "Divorced or Widowed" ?>
						<?php echo "$maritalstatus\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						Parent:
					</td>
					<td>
						<?php if($parent == "Y") $parent = "Yes" ?>
						<?php if($parent == "N") $parent = "No" ?>
						<?php echo "$parent\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						Church:
					</td>
					<td>
						<?php echo "$churchname in $churchlocation\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						Location:
					</td>
					<td>
						<?php echo "$location\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						Birthdate:
					</td>
					<td>
						<?php echo "$birthdate\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						Age:
					</td>
					<td>
						<?php echo "$age\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						AIM:
					</td>
					<td>
						<?php echo "$aim\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						ICQ:
					</td>
					<td>
						<?php echo "$icq\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						MSN Messenger:
					</td>
					<td>
						<?php echo "$msnmess\n" ?>
					</td>
				</tr>

				<tr>
					<td>
						Yahoo Messenger:
					</td>
					<td>
						<?php echo "$yahoomess\n" ?>
					</td>
				</tr>

			</table>

		<?php

		&#125;//while

		mysql_free_result($mysqlResultGetProfile);
		mysql_close($mysqlLinkGetProfile);

	&#125;//if
	else if($mode == "change")
	&#123;
		echo "Change.";
	&#125;
&#125;//else

?>

<?php

require("includes/pageEnd.php");

?>
pageEnd.php -

Code: Select all

<?php

echo "<hr>\n\n";

print_r($_SESSION);

?>

		</td>

	</tr>

	<tr>
		<!--Copyright-->
		<td colspan="2" class="copyright" align="right">Copyright © 2002-2004 <a class="copylink" href="mailto:webmaster@*******">***********</a>.  All Rights Reserved.</td>

	</tr>

	<tr>
		<!--Powered-->
		<td class="powered" colspan="2">

			<table class="powered" cellspacing="0" cellpadding="0" border="0">

				<tr>

					<td>
						<img style="border:0;width:88px;height:31px" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML!">
						<img style="border:0;width:88px;height:31px" src="http://www.w3.org/Icons/valid-css" alt="Valid CSS!">
						<img style="border:0;width:88px;height:31px" src="http://www.w3.org/Icons/valid-xml10" alt="Valid XML!">
						<img style="border:0;width:88px;height:31px" src="/img/php.gif" alt="Powered by PHP!">
						<img style="border:0;width:88px;height:31px" src="/img/mysql.gif" alt="Powered by MySQL!">
					</td>

					<td align="right" valign="top">
						<a class="poweredlink" href="mailto:webmaster@*******">Tell it to the Webmaster</a>
					</td>

				</tr>

			</table>

		</td>

	</tr>

</table>

</body>

</html>
Once logged in it works. You can go to any other link but the profile.php?mode=list one. Click on that, and it destroys the $_SESSION['username'] and $_SESSION['admin'] variables. expiry, sessionLength stay. alert is expected to stay. It's not destroying the session but those two get unregistered for some reason. If I manually enter /profile.php?mode=change it doesn't happen.

I just don't know. Anyone give it a gander?

-Kurasoe
ilovetoast
Forum Contributor
Posts: 142
Joined: Thu Jan 15, 2004 7:34 pm

Post by ilovetoast »

I don't see any problems in that script at first glance.

I didn't set up the db, so I had to comment out the mysql block at the end of pageBegin.php and the block in the list section of profile.php. But there's nothing in those lines regarding the session...

Not having the login.php file, I added:

Code: Select all

if ($_GET&#1111;'mode'] == "change") &#123;
	$_SESSION&#1111;'sessionLength'] = time() + 25000;
	$_SESSION&#1111;'expiry'] = 25000;
	$_SESSION&#1111;'username'] = "bob";
	$_SESSION&#1111;'admin'] = NULL;
&#125;
after session_start() the start in pageBegin.php. Without those lines, the code won't run.

Making those changes, I load the page as "profile.php?mode=change" and it prints the session vars on the page as just you stated. It prints:
Array ( [alerted] => 1 [sessionLength] => 1075198882 [expiry] => 25000 [username] => bob [admin] => )
I clicked on the profile link, and it loads the list version of the page. And the session vars are still there and correct. It prints:
Array ( [alerted] => 1 [sessionLength] => 1075198926 [expiry] => 25000 [username] => bob [admin] => )
Now the block I added is skipped for the list page, so it's relying on your code and the session for that page. Since I can see the session vars I guessing the problem is on the login.php page. My 2 cents.

peace
kurasoe
Forum Newbie
Posts: 3
Joined: Mon Jan 26, 2004 8:48 pm

Post by kurasoe »

Fixed!

What you posted, ilovetoast, didn't seem to make sense to me. Of course if you reset the SESSION variables it'll work fine. But it wasn't. And the login.php page was working fine, because every other page on the site worked. I found out that in the following code there were two things I had to change, or right after the end of the while loop, the two session variables were lost:

Code: Select all

while(
			   list($_username,			//if $username, kills the session var called username
					$email,
					$gender,
					$maritalstatus,
					$birthdate,
					$age,
					$fname,
					$minitial,
					$lname,
					$location,
					$aim,
					$icq,
					$msnmess,
					$yahoomess,
					$churchlocation,
					$churchname,
					$_admin,			//if $admin, kills the session var called admin
					$forumstat,
					$actRemind,
					$parent)

					= mysql_fetch_row($mysqlResultGetProfile)
			 )

		&#123;

                             //formating page

                   &#125;

I had to change those two variables names from $username and $admin to $_username and $_admin. Otherwise the $_SESSION['username'] and $_SESSION['admin'] got lost, destroyed, or unset somehow. Weird, but it works now. Can someone explain why/how this is so? I'm fairly new to php, so ........

Thanks,
Kurasoe
jaxn
Forum Commoner
Posts: 55
Joined: Fri Jan 16, 2004 1:50 pm
Location: Nashville, TN

Post by jaxn »

In your php.ini you have register_globals = on

For security reasons alone that should be off. In addition to security it add prevents these types of namespace issues.

-Jackson
kurasoe
Forum Newbie
Posts: 3
Joined: Mon Jan 26, 2004 8:48 pm

Post by kurasoe »

Oh. Well, it is a virtual host... I'll see if we can rectify this. Thanks a bunch!

-Kurasoe
Post Reply