Page 1 of 1

$_SESSION variables do not work.

Posted: Thu May 04, 2006 11:25 am
by Tehquickness
Ok so I have been using a log in script for a while. It has been working fine. But for some reason, $_SESSION variables have stopped working and it has broken my login script. Maybe I have coded something wrong but it used to work just fine and I dont think i made any huge change that would break it like this.

Code: Select all

<?php
//open session
session_start();
session_regenerate_id();
$dbsid = session_id();
//check if the formid exhists and if it matches the one stored in the session
if (isset( $_POST['formid']) && $_POST['formid'] == $_SESSION['formid']){

//include crucial files
$conn = include($_SERVER['DOCUMENT_ROOT']."/webadmin/library/openconndb.php");
include ($_SERVER['DOCUMENT_ROOT']."/webadmin/header.inc");

//clean the username and password
$cleanusername = mysql_real_escape_string($_POST['username']);
$cleanpassword = mysql_real_escape_string($_POST['password']);

//get login information based on the username
$query = "SELECT * from userlogin WHERE username = '$cleanusername'";
$result = mysql_query($query, $conn);
$userinfo =  mysql_fetch_array($result);

//test if the password given matches the password in the database
if ($userinfo['password'] == $cleanpassword ){
//if the user is approved and not deleted proceed
	if ($userinfo['approved'] == 1 && $userinfo['deleted'] == 0){
//assign the session variable username, sid, and approved
		$_SESSION['username'] = $cleanusername;
		$_SESSION['sid'] = $dbsid;
		$query = "UPDATE userlogin SET sid = '$dbsid' where username = '$cleanusername'";
		$result = mysql_query($query, $conn);
		$_SESSION['formid'] = NULL;
		print "Authentification Accepted<br />";
		print "Proceed to <a href=\"http://www.millergirls.org/webadmin/index.php?pageid=index\">Administrator Home</a>";

	}elseif( $userinfo['approved'] == 0 && $userinfo['deleted'] != 1){
		print "Your account has not yet been validated by an Admin.<br /> \n You will recieve and email when this is done.";
		print "\n <br /> Feel free to contact the Webmaster for further information.";

	}elseif( $userinfo['deleted'] == 1){
		print "This account has been deleted";
		print "Please contact the webmaster if you feel this is erroneous";
	} 
}else{
$formid = sha1(md5(mt_rand(100000, 999999)));
$_SESSION['formid'] = $formid;
?>
Login in Failed<br />
Try Again <br />
<form action="login.php" method="POST">
	Username: <input type="text" name="username" /><br />
	Password: <input type="password" name="password" /><br />
	<input type="hidden" name="formid" value="<?php print $formid; ?>" />
	<input type="submit" />
</form>

<?php
}
}else{
$formid = sha1(md5(mt_rand(100000, 999999)));
$_SESSION['formid'] = $formid;
include ($_SERVER['DOCUMENT_ROOT']."/webadmin/header.inc");
?>
<form action="login.php" method="POST">
	Username: <input type="text" name="username" /><br />
	Password: <input type="password" name="password" /><br />
	<input type="hidden" name="formid" value="<?php print $formid; ?>" />
	<input type="submit" />
</form>
<?php
}
include ($_SERVER['DOCUMENT_ROOT']."/webadmin/footer.inc");
?>

Posted: Thu May 04, 2006 11:33 am
by Optimaximal
try removing the comment before session_start();... Has caused problems for me in the past...

Posted: Thu May 04, 2006 11:35 am
by Tehquickness
hmm nope I am still getting the same thing. This is really strange to me.

Posted: Thu May 04, 2006 7:15 pm
by AKA Panama Jack
Has your host or server been upgraded recently.

This usually happens when a host upgrades Apache and changes the group or user name for Apache while the tmp directory the session files are stored in stays the same. When this happens sessions will fail and NOT return any errors in PHP. I have seen it happen before. :)

Posted: Thu May 04, 2006 7:54 pm
by Tehquickness
I was thinking that was what was causing it. I sent a message to the hosting company. Ironically, this is the second time they have done something liek this to me. Be for the changed something and changed the address of the database so it shutdown all my php stuff for a day before I could get them to fix it. Very dissapointing. You think they would have the cortesy to warn me before they change something like that.