what would kill session variables?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mblinch
Forum Newbie
Posts: 4
Joined: Mon Jun 05, 2006 1:15 pm

what would kill session variables?

Post by mblinch »

ok, i have session variables set up for when a user logs in, they stay logged in

however, as soon as I reach this page, it just will not work.

any ideas on why this particular page would kill session variables?

ps, im not very good at php, alot of this what cut and paste work

Code: Select all

<?php include("auth.php"); ?>
<?php include("header.php"); ?>
<body>
<table width="602" border="0" align="center">
  <tr>
    <td width="193"><a href="main.php"><img src="images/rtr.gif" alt="Reuters Logo"  border="0" /></a></td>
   <td width="393"><?php include("menu.php"); ?></td>
  </tr>
  <tr>
    <td valign="top"><?php include ("username.php"); ?></td>
    <td valign="top">
	<?php
require('db_connect.php');	// database connect script.
?>
<title>Register an Account</title>
<body>
<?php include ("auth_admin.php") ?>
<?php

if (isset($_POST['submit'])) { // if form has been submitted
	/* check they filled in what they supposed to, 
	passwords matched, username
	isn't already taken, etc. */

	if (!$_POST['uname'] | !$_POST['passwd'] | !$_POST['passwd_again'] | !$_POST['email']) {
		die('You did not fill in a required field.');
	}

	// check if username exists in database.

	if (!get_magic_quotes_gpc()) {
		$_POST['uname'] = addslashes($_POST['uname']);
	}



	$name_check = $db_object->query("SELECT rtrusername FROM users WHERE rtrusername = '".$_POST['uname']."'");

	if (DB::isError($name_check)) {
		die($name_check->getMessage());
	}

	$name_checkk = $name_check->numRows();

	if ($name_checkk != 0) {
		die('Sorry, the username: <strong>'.$_POST['uname'].'</strong> is already taken, please pick another one.');
	}

	// check passwords match

	if ($_POST['passwd'] != $_POST['passwd_again']) {
		die('Passwords did not match.');
	}

	// check e-mail format

	if (!preg_match("/.*@.*..*/", $_POST['email']) | preg_match("/(<|>)/", $_POST['email'])) {
		die('Invalid e-mail address.');
	}

	// no HTML tags in username, website, location, password

	$_POST['uname'] = strip_tags($_POST['uname']);
	$_POST['passwd'] = strip_tags($_POST['passwd']);




	// check show_email data

	if ($_POST['show_email'] != 0 & $_POST['show_email'] != 1) {
		die('Nope');
	}

	/* the rest of the information is optional, the only thing we need to 
	check is if they submitted a website, 
	and if so, check the format is ok. */


	// now we can add them to the database.
	// encrypt password

	$_POST['passwd'] = md5($_POST['passwd']);

	if (!get_magic_quotes_gpc()) {
		$_POST['passwd'] = addslashes($_POST['passwd']);
		$_POST['email'] = addslashes($_POST['email']);

	}



	$regdate = date('m d, Y');

	$insert = "Insert INTO users (
			rtrusername, 
			rtrpassword, 
			permissions,
			regdate, 
			email, 
			show_email, 
			last_login) 
			VALUES (
			'".$_POST['uname']."', 
			'".$_POST['passwd']."', 
			'".$_POST['permissions']."', 
			'$regdate', 
			'".$_POST['email']."', 
			'".$_POST['show_email']."', 
			'Never')"; 


	$add_member = $db_object->query($insert);

	if (DB::isError($add_member)) {
		die($add_member->getMessage());
	}

	$db_object->disconnect();
	
	if ($permissions == 2) {
		$path = "d:/pixstore/{$uname}";
		mkdir($path);}
	
	if ($permissions == 3) {
		$path = "d:/pixstore/{$uname}";
		mkdir("$dirname");}
	
?>
<span class="boldtextbig">Registered</span>


<br />
The user 
<?php  echo $_POST['uname'];?> 
has been added to the database <?php if ($permissions == 2) { echo "and a folder named {$uname}  has been created in PixStore";} if ($permissions == 3) { echo "and a folder named {$uname}  has been created in PixStore";}?>. <br />
<br />
<a href="admin_register.php">Add another user</a><?php

} else {	// if form hasn't been submitted

?>
<span class="boldtextbig">Register A New User</span>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" border="0" cellspacing="0" cellpadding="3" width="100%">
<tr><td>Username*:</td><td>
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td>Password*:</td><td>
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td>Confirm Password*:</td><td>
<input type="password" name="passwd_again" maxlength="50">
</td></tr>
<tr>
  <td>Permissions*:</td>
  <td><select name="permissions">
  <option value="1" selected="selected">Limited Access</option>
  <option value="2">Stringer Access</option>
  <option value="3">Admin Access</option>
  </select></td>
</tr>
<tr><td>E-Mail*:</td><td>
<input type="text" name="email" maxlength="100">
</td></tr>

<tr><td>Show E-Mail?</td><td>
<select name="show_email">
<option value="1" selected="selected">Yes</option>
<option value="0">No</option></select>
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Sign Up">
</td></tr>
</table>
</form>

<?php

}

?>	</td> 
  </tr>
  <tr>
    <td>&nbsp;</td>
   <td>&nbsp;</td>
  </tr>
</table>
</body>
</html>
Last edited by mblinch on Mon Jun 05, 2006 2:00 pm, edited 1 time in total.
User avatar
PrObLeM
Forum Contributor
Posts: 418
Joined: Sun Mar 07, 2004 2:30 pm
Location: Mesa, AZ
Contact:

Post by PrObLeM »

It looks like you dont have session_start() on that page ( http://www.php.net/session_start )
mblinch
Forum Newbie
Posts: 4
Joined: Mon Jun 05, 2006 1:15 pm

Post by mblinch »

i actually do.. in auth.php (which is inlcuded on top of the top of the original code i posted)

Code: Select all

<?php

//require the PEAR::DB classes.

require_once 'DB.php';


$db_engine = 'mysql';
$db_user = '**t';
$db_pass = '**';
$db_host = 'localhost';
$db_name = 'users';

$datasource = $db_engine.'://'.
			  $db_user.':'.
			  $db_pass.'@'.
		 	  $db_host.'/'.
	  		  $db_name;


$db_object = DB::connect($datasource, TRUE);

/* assign database object in $db_object, 

if the connection fails $db_object will contain

the error message. */

// If $db_object contains an error:

// error and exit.

if(DB::isError($db_object)) {
	die($db_object->getMessage());
}

$db_object->setFetchMode(DB_FETCHMODE_ASSOC);

// we write this later on, ignore for now.


session_start();
/* check login script, included in db_connect.php. */
if (!isset($_SESSION['rtrusername']) || !isset($_SESSION['rtrpassword'])) {
	$logged_in = 0;
	return;
} else {
// remember, $_SESSION['rtrpassword'] will be encrypted.
if(!get_magic_quotes_gpc()) {
		$_SESSION['rtrusername'] = addslashes($_SESSION['rtrusername']);
	}
// addslashes to session rtrusername before using in a query.
	$pass = $db_object->query("SELECT rtrpassword FROM users WHERE rtrusername = '".$_SESSION['rtrusername']."'");

	if(DB::isError($pass) || $pass->numRows() != 1) {
		$logged_in = 0;
		unset($_SESSION['rtrusername']);
		unset($_SESSION['rtrpassword']);
		// kill incorrect session variables.
	}

	$db_pass = $pass->fetchRow();

	// now we have encrypted pass from DB in 
	//$db_pass['rtrpassword'], stripslashes() just incase:

	$db_pass['rtrpassword'] = stripslashes($db_pass['rtrpassword']);
	$_SESSION['rtrpassword'] = stripslashes($_SESSION['rtrpassword']);



	//compare:



	if($_SESSION['rtrpassword'] == $db_pass['rtrpassword']) { 
		// valid rtrpassword for rtrusername
		$logged_in = 1; // they have correct info
					// in session variables.
	} else {
		$logged_in = 0;
		unset($_SESSION['rtrusername']);
		unset($_SESSION['rtrpassword']);
		// kill incorrect session variables.
	}
}


// clean up
unset($db_pass['rtrpassword']);

$_SESSION['rtrusername'] = stripslashes($_SESSION['rtrusername']);

if ($logged_in == 1) {
	
} else {
	
echo "you are not logged in";

}

?>
Last edited by mblinch on Mon Jun 05, 2006 2:00 pm, edited 1 time in total.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Quick suggestion... when posting PHP code, wrap the code in

Code: Select all

tags so it appears like PHP code.

[quote="mblinch"]ok, i have session variables set up for when a user logs in, they stay logged in

however, as soon as I reach this page, it just will not work.

any ideas on why this particular page would kill session variables?

ps, im not very good at php, alot of this what cut and paste work [/quote]

When you say "not work" and "kill session variables" what exactly do you mean?
mblinch
Forum Newbie
Posts: 4
Joined: Mon Jun 05, 2006 1:15 pm

Post by mblinch »

thanks for the quick response!

what I mean, is that as soon as the user gets to that page (posted at the top) it will no longer recognize any session variables. its as if they have disapeared out of thin air. i use the second post of mine to check authenticate users visiting every page on the website im building.

funny thing is, is that it works on every page but the one in my first post

thanks for any help in advance!
mblinch
Forum Newbie
Posts: 4
Joined: Mon Jun 05, 2006 1:15 pm

Post by mblinch »

hey guys..

it was my bonehead mistake..

the page lists a bunch of users in the database.. and i used the same variable name to list them as the session variable for someone who is logged in..

thanks your time anyways,,
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

mblinch wrote:it was my bonehead mistake..
We were just talking about the "my bonehead mistake" bug in another thread ... I have that bug all the time too ... ;)

Glad you found your problem, sometimes just asking allows you to find the answer.
(#10850)
Post Reply