Session Question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Zeceer
Forum Contributor
Posts: 136
Joined: Fri Aug 02, 2002 5:10 am
Location: Norway

Session Question

Post by Zeceer »

Hey,

I have to pages. Both have a log in page before the actual page so that the actual page knows with user file to include. But what I'm trying to do is to have a script on top of the both log in pages, that tests if a session is set. If so it only redirects to the actual page. And the actual page uses the session information.

If no session is set the log in pages will be shown and i will have a script on top of the actual page that registers the variables sent from the log in page. Then the session is set an when a user choose another page the log in will not be shown because a session is set. And the actual pages will use the information saved.

Hope anyone understand what I mean.[/quote]
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

heres what i stick on the top of all my protected pages...

its not totally secure but it stops the casual hacker

Code: Select all

<?php
session_start();
if (empty($HTTP_SESSION_VARSї'user'])){
	header("Location: http://your.url.here");
	exit;}
?>
(the redirect is to the login page)
User avatar
Zeceer
Forum Contributor
Posts: 136
Joined: Fri Aug 02, 2002 5:10 am
Location: Norway

Post by Zeceer »

It's not to hackers or crackers so thats not no problem :D. What do you have on your log in page, the session_register stuff? By the way thanx!
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

i kinda embedded my auth and my login form into one script...
its not very small but here it is:

Code: Select all

<?php
session_start();

if(empty($HTTP_SESSION_VARSї'user'])){
if($HTTP_POST_VARSї'user']){
$db=mysql_connect(HOST, USER, PASS); 
if (!$db) 
	die ("I can't connect!"); 
$ok=mysql_select_db(DB); 
if (!$ok) 
	die ("I can't connect to the DB!"); 

$result = mysql_query("SELECT COUNT(*) AS numfound FROM Players WHERE user='{$HTTP_POST_VARSї'user']}' AND pass='{$HTTP_POST_VARSї'pass']}'");
$result1 = mysql_fetch_array($result);
mysql_close();
if($result1ї'numfound'] >= 1){
	$user = $HTTP_POST_VARSї'user'];
	session_register('user');
	header("Location: http://burtonroad.coolfreepages.com/index.php");
	exit;
	}
else
{	header("Location: http://burtonroad.coolfreepages.com/index.php");
	exit;
	}	
}//close if($POSTї'user'])
else
{
include ('top.php');?>


Please Login:
<table border=1 cellpadding=3 cellspacing=0><tr><td>
<form method=POST ACTION="<?= $PHP_SELF ?>">
<table border=0 cellpadding=3 cellspacing=0>
<tr><td align=left valign=top>Username:</td>
<td align=left><input type=text size=15 name=user></td></tr>
<tr><td align=left valign=top>Password:</td>
<td align=left><input type=password size=15 name=pass></td></tr>
<tr><td></td><td align=left valign=top><input type=submit name=submit value="Login"></td></tr></table>
</form></td></tr></table>
<a href="home.htm">Introduction</a>
<?php
include('bottom.php');
}}else{// close else(login form), close if(empty)
if($HTTP_SESSION_VARSї'user']!='admin')
	header("Location: http://burtonroad.coolfreepages.com/news.php");
include ('top2.php');
?>
the page itself is index.php so if the login form is submitted or the login is invalid it returns to itself...
the bottom part decides what to do as regards the user that logs in... here i have a redirect for everyone that isnt admin
User avatar
Zeceer
Forum Contributor
Posts: 136
Joined: Fri Aug 02, 2002 5:10 am
Location: Norway

Post by Zeceer »

OK, Thanx again!
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

well i wrote that one a while back... looking at it now its not 100% efficient, but it works...
i would say for certain that its just a basic script and needs some work on in the future
User avatar
Zeceer
Forum Contributor
Posts: 136
Joined: Fri Aug 02, 2002 5:10 am
Location: Norway

Post by Zeceer »

Why an error?

This is the script after the log in page. It's supposed to register the variables from the log in page, but all i get is an error.
<?php

session_start()

$username = $_POST['username'];
$password = $_POST['password'];

session_register($username);
session_register($password);

header("Location: thepage.php");

?>
The error:
Parse error: parse error, unexpected T_VARIABLE in hgh.php on line 5
ReDucTor
Forum Commoner
Posts: 90
Joined: Thu Aug 15, 2002 6:13 am

Post by ReDucTor »

session_start() <-- missing semi-colon
User avatar
Zeceer
Forum Contributor
Posts: 136
Joined: Fri Aug 02, 2002 5:10 am
Location: Norway

Post by Zeceer »

I wrote wrong, sorry.

I have the log in page that has to inputs. $username and $password. The log in for is sent to a file that registers the variables:
<?php

session_start();

$brukernavn = $_POST['brukernavn'];
$brukernavn = $_POST['passord'];

session_register($brukernavn);
session_register($passord);

header("Location: tilkassen2.php");

?>
When this script has registrated the session it send it to the page that is the one the user will get access to. This file has these strings on the top:
<?php

session_start();

if( empty( $HTTP_SESSION_VARS['brukernavn'] ) or empty( $HTTP_SESSION_VARS['passord'] ) )
{
header("Location: tilkassen1.php");
exit;
}

?>
For some reason it always send me back to the log in page "tilkassen1". Just like the session hasn't registrated any variables at all.
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

Why use session_register if you are using $HTTP_SESSION_VARS. Use this to register sessions.

Code: Select all

&lt;?php
$HTTP_POST_VARS&#1111;'$brukernavn'] = $brukernavn;
?&gt;
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

Code: Select all

&lt;?phpsession_register($brukernavn); 
session_register($passord); ?&gt;
should be

Code: Select all

&lt;?php
session_register('brukernavn'); 
session_register('passord'); ?&gt;
you are registering array variables so you use a string rather than a variable
User avatar
Zeceer
Forum Contributor
Posts: 136
Joined: Fri Aug 02, 2002 5:10 am
Location: Norway

Post by Zeceer »

It still doesn't work for some strange reason. The tilkassen1.php still redirects me back to the log in page. As it's supposed to if the variables isn't set.


Could there be anything wrong in the tilkassen1.php?
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

make sure you are using the right variables...
you are using HTTP_SESSION_VARS so i assume you should also use HTTP_POST_VARS too
if all else fails then print_r is your friend
User avatar
Zeceer
Forum Contributor
Posts: 136
Joined: Fri Aug 02, 2002 5:10 am
Location: Norway

Post by Zeceer »

Tried putting that in the file that is going to be entered:
<?php

session_start();

if( empty( $HTTP_POST_VARS['brukernavn'] ) or empty( $HTTP_POST_VARS['passord'] ) )
{
header("Location: tilkassen1.php");
exit;
}

?>
I belive it is here there are something wrong since i checked the session files on my computer, and in the session file I checked i found all the information.
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

yeah but they are post variables not session variables...
before you check for those you should check to see if the session variable is present...

session variable present = logged in
post variable present = login supplied, to auth
neither present = display login form
Post Reply