$_SESSION variables do not work.
Posted: Thu May 04, 2006 11:25 am
Ok so I have been using a log in script for a while. It has been working fine. But for some reason, $_SESSION variables have stopped working and it has broken my login script. Maybe I have coded something wrong but it used to work just fine and I dont think i made any huge change that would break it like this.
Code: Select all
<?php
//open session
session_start();
session_regenerate_id();
$dbsid = session_id();
//check if the formid exhists and if it matches the one stored in the session
if (isset( $_POST['formid']) && $_POST['formid'] == $_SESSION['formid']){
//include crucial files
$conn = include($_SERVER['DOCUMENT_ROOT']."/webadmin/library/openconndb.php");
include ($_SERVER['DOCUMENT_ROOT']."/webadmin/header.inc");
//clean the username and password
$cleanusername = mysql_real_escape_string($_POST['username']);
$cleanpassword = mysql_real_escape_string($_POST['password']);
//get login information based on the username
$query = "SELECT * from userlogin WHERE username = '$cleanusername'";
$result = mysql_query($query, $conn);
$userinfo = mysql_fetch_array($result);
//test if the password given matches the password in the database
if ($userinfo['password'] == $cleanpassword ){
//if the user is approved and not deleted proceed
if ($userinfo['approved'] == 1 && $userinfo['deleted'] == 0){
//assign the session variable username, sid, and approved
$_SESSION['username'] = $cleanusername;
$_SESSION['sid'] = $dbsid;
$query = "UPDATE userlogin SET sid = '$dbsid' where username = '$cleanusername'";
$result = mysql_query($query, $conn);
$_SESSION['formid'] = NULL;
print "Authentification Accepted<br />";
print "Proceed to <a href=\"http://www.millergirls.org/webadmin/index.php?pageid=index\">Administrator Home</a>";
}elseif( $userinfo['approved'] == 0 && $userinfo['deleted'] != 1){
print "Your account has not yet been validated by an Admin.<br /> \n You will recieve and email when this is done.";
print "\n <br /> Feel free to contact the Webmaster for further information.";
}elseif( $userinfo['deleted'] == 1){
print "This account has been deleted";
print "Please contact the webmaster if you feel this is erroneous";
}
}else{
$formid = sha1(md5(mt_rand(100000, 999999)));
$_SESSION['formid'] = $formid;
?>
Login in Failed<br />
Try Again <br />
<form action="login.php" method="POST">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="hidden" name="formid" value="<?php print $formid; ?>" />
<input type="submit" />
</form>
<?php
}
}else{
$formid = sha1(md5(mt_rand(100000, 999999)));
$_SESSION['formid'] = $formid;
include ($_SERVER['DOCUMENT_ROOT']."/webadmin/header.inc");
?>
<form action="login.php" method="POST">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="hidden" name="formid" value="<?php print $formid; ?>" />
<input type="submit" />
</form>
<?php
}
include ($_SERVER['DOCUMENT_ROOT']."/webadmin/footer.inc");
?>