Page 1 of 1

Sessions sometimes work.

Posted: Fri Dec 23, 2005 11:11 am
by apg88
I'm making my own multi-user blog in PHP.
I had it all working on my local server (PHP5), using session_start(); and $_SESSION[] in all the pages.
I uploaded it to the SourceForge server for the website and it all went downhill.

Here's the login script:

Code: Select all

<?php
include_once "functions.php";

$user_info = getUserInfo($_POST['username']);

// Check if the username really exisits.
if(!($user_info) || ($user_info['active'] == 0) ){
	echo "Username does not exist.";	
} else {
	// Check the passwords
	if($user_info['password'] == crypt($_POST['password'],strrev($_POST['password']))) {
		// Now, let's start the session.
		session_name("ajaxofficeblog");
		session_start();
		
		$_SESSION['uid'] = $user_info['uid'];
		$_SESSION['username'] = $user_info['username'];
		$_SESSION['gid'] = $user_info['gid'];
				
		header("Location: ../blog.php");
		
	} else {
		echo "Enter the correct password.";
	}
}
?>
I login with no errors, but when It redirects me to the main blog page, it still thinks I haven't logged on.
If I refresh the page a couple of times, it logs on.
Anyone know what might be happening?

Here is the code of the main page:

Code: Select all

session_name("ajaxofficeblog");
session_start();
if($_SESSION['username']){
	echo"<h2>Blog</h2><p>
	<a href=\"blog/postnew.php\">Post New</a><br />
	<a href=\"blog/changeinfo.php\">Edit User Info</a>
	</p>";
	if($_SESSION['gid'] == 9 || $_SESSION['gid'] == 1){ 
	echo"<h2>Admin</h2><p>
	<a href=\"blog/adm1n.php\">Admin Panel</a>
	</p>";
	}
} else {
	echo '
	<h2>Login</h2> 
	<form action="blog/login.php" method="POST">
	<p>
	Username: <br />
	<input type="text" class="forms" name="username"/><br />
	Password: <br />
	<input type="password" class="forms" name="password"/><br /><br />
	<input type="submit" value="Login" class="forms" />
	</p>
	</form>
	';
}
Thanks in advance!

apg88

Posted: Fri Dec 23, 2005 11:57 am
by John Cartwright

Code: Select all

session_register('uid');
        session_register('username');
        session_register('gid');
        
        $_SESSION['uid'] = $user_info['uid'];
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['gid'] = $user_info['gid'];
I dont get what your doing, your registering the session twice (not to mention session_register() is deprecated). Try moving the instances of session_register().

Posted: Fri Dec 23, 2005 12:08 pm
by apg88
I removed the session_register() but it still doesn't log in untill many refreshes.

Posted: Thu Dec 29, 2005 8:39 am
by apg88
So there is no know fix for this problem?

Posted: Thu Dec 29, 2005 5:32 pm
by mickd
the last time i had that problem with a login i did, in the end i rewrote the whole thing and it worked. no idea what caused it.

Posted: Thu Dec 29, 2005 6:09 pm
by Buddha443556
Are you storing the sessions in the default location? Probably /tmp? Maybe /tmp is full. That might explain the refresh thing. The solution would be to change the session.save_path.

Posted: Thu Dec 29, 2005 7:06 pm
by apg88
Yes.
I don't have access to the php.ini
Do you think its is better to use a db table and change the sessions to save there?

Posted: Thu Dec 29, 2005 7:53 pm
by yum-jelly
I would just attach the session_id() to the redirect, because it seems like it's not carrying over on the first call. I had a server that would do that not matter what I did, then after the first redirect the cookie session_name() could be picked up on the next page after the second session_start() call. Anyways it always a could idea to support sessions when cookies are not on, as more and more people are doing that these days!

yj

Posted: Thu Dec 29, 2005 7:53 pm
by Buddha443556
You may not need access to the master php.ini file. You maybe able to use .htaccess or even create your own php.ini (under phpsuexec) on a per directory basis. There's also session_save_path() too.
Do you think its is better to use a db table and change the sessions to save there?
Been using DB (MySQL) sessions for awhile because of the /tmp problem on shared servers. I have no complaints.

Posted: Thu Dec 29, 2005 9:01 pm
by apg88
I tried the session_save_path but then remembered that I have no write access on the server.
Do you know of an easy way to do it with the database?

Thanks!