Page 2 of 3

Posted: Sat Jun 10, 2006 4:15 pm
by a94060
the session gets passed on the page,but it does not get passed form page t page. the only way i have done so far is including the page i want ot show

Posted: Mon Jun 12, 2006 2:15 am
by RobertGonzalez
I had posted this simple test on another thread here (search for 'session AND test' with author 'everah'). Try this and see what comes of it.

Before you do anything else clear your broswer cache. Then create the following two files. Run page1.php and click the link and see what page2.php shows...

PAGE 1:

Code: Select all

<?php
session_start();
$_SESSION['test']="Page-1-test-var";
echo $_SESSION['test'] . ' is the value set for "test".<br />';
echo 'Our current session id is ' . session_id() . '<br />';
echo '<a href="test2.php">Try the test</a>';
?>
PAGE 2:

Code: Select all

<?php
session_start();
echo $_SESSION['test'] . ' is the value set for "test".<br />';
echo 'Our current session id is ' . session_id() . '<br />';
?>

Posted: Mon Jun 12, 2006 5:10 am
by a94060
i tried that already,it seems to only work in the same directory. There are no php directive you need to set right?

Posted: Mon Jun 12, 2006 10:43 am
by RobertGonzalez
Can you describe your directory structure that you are trying to access sessions from? The reason I ask is that there may be an issue with the session cookie setting the path higher than what you are trying to do. Not sure if this is a possible problem or not, but it might be worth looking into.

To kind of clarify where I am coming from, when setting a cookie, one of the parameters you pass to the cookie is the cookie path. If the path to the cookie is '/' is becomes available site wide. But if the path to the cookie is '/foo/' then it is only available within that directory and above ('/foo/bar', '/foo/bar/baz', etc), but not below ('/').

I am not sure if the sessions cookie works along the same lines, but if you are calling session_start() from within, say, the folder '/admin/', then the cookie path will be '/admin/' and will not be available below that directory.
The PHP Manual wrote: Taken from the PHP manual on set_cookie():

If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The default value is the current directory that the cookie is being set in.

Posted: Mon Jun 12, 2006 12:13 pm
by a94060
i already checked that all up on the directory things. i had all my scripts in /admin and they were were breaking within the directory session.

I would have a page like this:

Code: Select all

session_start();
if(/*passcheck*/) {
$_SESSION['in'] = 1;
}
else {
//give my login page
}
i would access it from another page like this:

Code: Select all

session_start();
if($_SESSION['in'] == 1) {
//echo the secret stuff
}
else {
//echo the login page
}

Posted: Mon Jun 12, 2006 12:42 pm
by RobertGonzalez
So you're saying that /admin/page1.php will still break when going to /admin/page2.php (as an example of course)?

Posted: Mon Jun 12, 2006 2:52 pm
by a94060
well,yea,according to myscript it will break. Here is one:
main.php

Code: Select all

<?PHP
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Main Admin Page</title>
</head>

<body>
<?PHP
print_r($_SESSION);
error_reporting(E_ALL);
if(!isset($_SESSION['in']) || $_SESSION['in'] != 1) {
echo 'You are not logged in,please go to <a href="http://avi.aerohostale.com/admin">Here</a> to login';
}
else {
echo 'Welcome to the admin page. This is the basic layout so far.<br>Please use one of the links below to do what you would like to.';
echo '<br>';
echo '<br>';
echo '<a href="http://avi.aerohostale.com/admin/addoffer.php">Add An Offer</a>';
echo '<br>';
echo '<a href="http://avi.aerohostale.com/admin/tabview.php">View Pending and Completed Offers</a>';
echo '<br>';
echo '<a href="http://avi.aerohostale.com/admin/pay.php">Make a Payment to Someone</a>';
}
?>
</body>
</html>
login.php

Code: Select all

<?PHP
$you = $_POST['you'];
$me = $_POST['me'];
if(($you == '**') && ($me == '***')) {
$_SESSION['in'] = 1;
echo 'You are in,please go <a href="http://avi.aerohostale.com/admin/main.php">Here</a>';
}
else{
header("Location: http://avi.aerohostale.com/admin");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Logging In</title>
</head>

<body>
</body>
</html>

Posted: Mon Jun 12, 2006 3:31 pm
by tecktalkcm0391
I didn't read this whole topic, but try this:

Code: Select all

<?PHP 
session_start(); 
echo ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 
<title>Main Admin Page</title> 
</head> 

<body> ';

print_r($_SESSION); 
error_reporting(E_ALL); 
if(!isset($_SESSION['in']) || $_SESSION['in'] != 1) { 
echo 'You are not logged in,please go to <a href=\"http://avi.aerohostale.com/admin\">Here</a> to login'; 
} 
else { 
echo 'Welcome to the admin page. This is the basic layout so far.<br>Please use one of the links below to do what you would like to.'; 
echo '<br>'; 
echo '<br>'; 
echo '<a href=\"http://avi.aerohostale.com/admin/addoffer.php\">Add An Offer</a>'; 
echo '<br>'; 
echo '<a href=\"http://avi.aerohostale.com/admin/tabview.php\">View Pending and Completed Offers</a>'; 
echo '<br>'; 
echo '<a href=\"http://avi.aerohostale.com/admin/pay.php\">Make a Payment to Someone</a>'; 
} 
?> 
</body> 
</html>


login.php

Code: Select all

<?PHP 
$you = $_POST['you']; 
$me = $_POST['me']; 
if(($you == '**') && ($me == '***')) { 
$_SESSION['in'] = 1; 
echo 'You are in, please go <a href=\"http://avi.aerohostale.com/admin/main.php\">Here</a>'; 
} 
else{ 
header("Location: http://avi.aerohostale.com/admin"); 
} 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 
<title>Logging In</title> 
</head> 

<body> 
</body> 
</html>

Posted: Mon Jun 12, 2006 3:37 pm
by a94060
will it all echo properly?

Posted: Mon Jun 12, 2006 3:38 pm
by ambivalent
session_start().
In the preceding two posts, it is missing from login.php which means your session data dies on that page.

Posted: Mon Jun 12, 2006 4:09 pm
by RobertGonzalez
Let's try your code with some comments...
main.php

Code: Select all

<?php
// First things first, start the session
// We should remember to do this on EVERY page in the session domain
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Main Admin Page</title>
</head>

<body>
<?php
// If there is nothing in the session var print_r returns array()
print_r($_SESSION);

// Set our error reporting level
error_reporting(E_ALL);

// Checking to see if the session var 'in' is not set OR if it doesn't equal 1
// So anything other than a value of 1 for the session 'in' var will result in else
if ( !isset($_SESSION['in']) || $_SESSION['in'] != 1 ) {
    // Either session var 'in' was not set or it did not equal 1
    echo 'You are not logged in,please go to <a href="http://avi.aerohostale.com/admin">Here</a> to login';
}
else {
    // session var 'in' was set to 1
    echo 'Welcome to the admin page. This is the basic layout so far.<br>Please use one of the links below to do what you would like to.';
    echo '<br>';
    echo '<br>';
    echo '<a href="http://avi.aerohostale.com/admin/addoffer.php">Add An Offer</a>';
    echo '<br>';
    echo '<a href="http://avi.aerohostale.com/admin/tabview.php">View Pending and Completed Offers</a>';
    echo '<br>';
    echo '<a href="http://avi.aerohostale.com/admin/pay.php">Make a Payment to Someone</a>';
}
?>
</body>
</html>
login.php

Code: Select all

<?php
// Same as before, let's start the session
session_start();

// Normally I would check to see if there was a POST var sent
// But first, for clarity, initialize the vars to check
$you = '';
$me = '';

// Now check is post is set and assign new values
if ( isset($_POST['somecheckablepostfield']) ) {
    $you = $_POST['you'];
    $me = $_POST['me'];
}

// Check the value of the vars to check against what we know already
if(($you == '**') && ($me == '***')) {
    // Vars to check matched what we already know
    // Let's set our session var 'in' for use beyond this point
    // Of course, we know that up to now, the session var 'in' was unset
    $_SESSION['in'] = 1;
    echo 'You are in,please go <a href="http://avi.aerohostale.com/admin/main.php">Here</a>';
}
else {
    // Vars to check did not match the known
    header("Location: http://avi.aerohostale.com/admin");
    exit(); // Always call exit after a header redirect
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Logging In</title>
</head>

<body>
</body>
</html>

Posted: Mon Jun 12, 2006 4:31 pm
by a94060
after i get authenticated,i get :

Array ( ) You are not logged in,please go to Here to login
and it gives me the link. i put exactly what you typed in and replaced the username and password.

Posted: Mon Jun 12, 2006 4:43 pm
by RobertGonzalez
When you say authenticated, are you talking about after the form is submitted? I don't see a form anywhere in the code you posted.

What should happen is throughout your admin section, there should be a check on every page for a session value that should show that the user is authorized to be there. If that value is true, let the page load. If it is not, redirect the page to the login form. The login form should have the same check, but if the user is already authorized, they should be redirected to a navigation page of some sort. Otherwise they should see a form.

I suppose without seeing the entire code for your login page, your main page and some of the other pages I couldn't really tell you what is happening. If the code is not that long, can you post the entire thing? If it is enormous, PM me and I will give you my email address to send it to. This problem needs to be fixed, if for nothing else, then just because I want to see it fixed! :)

Posted: Mon Jun 12, 2006 4:56 pm
by a94060
these are the main pages i am interacting with for now. Once the sessions are fixed on one,they should be jsut as easy to fix on following pages.


index.php

Code: Select all

<?PHP
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin Page</title>
<style type="text/css">
<!--
.style1 {font-size: 16px}
.style4 {font-size: 24px}
-->
</style>
</head>

<body>
<h1>
<?PHP

//simple check to see if the person is logged in
if(isset($_SESSION['in']) && $_SESSION['in'] == 1) {
echo '<font color=green>You are logged in,please go <a href="http://avi.aerohostale.com/admin/main.php">Here</a> to see the main page.</font>';
}
else {
?>
<div align="center" class="style1">
  <h1 align="center" class="style4">Admin Login</h1>
  <form id="form1" name="form1" method="post" action="login.php">
    <p align="center">Username
      <input name="you" type="text" id="you" />
  </p>
    <p align="center">Password
      <input name="me" type="password" id="me" />
</p>
    <p align="center">
      <input type="submit" name="Submit" value="Login" />
      <input type="reset" name="Submit2" value="Reset" />
    </p>
</form>
  <p>&nbsp;</p>
  <div align="center" class="style1"></div>
</h1>

<?PHP
}
?>
</body>
</html>
login.php

Code: Select all

<?php
// Same as before, let's start the session
session_start();

// Normally I would check to see if there was a POST var sent
// But first, for clarity, initialize the vars to check
$you = '';
$me = '';

// Now check is post is set and assign new values
if ( isset($_POST['Submit']) ) {
    $you = $_POST['you'];
    $me = $_POST['me'];
}

// Check the value of the vars to check against what we know already
if(($you == '***') && ($me == '***')) {
    // Vars to check matched what we already know
    // Let's set our session var 'in' for use beyond this point
    // Of course, we know that up to now, the session var 'in' was unset
    $_SESSION['in'] = 1;
    echo 'You are in,please go <a href="http://avi.aerohostale.com/admin/main.php">Here</a>';
}
else {
    // Vars to check did not match the known
    header("Location: http://avi.aerohostale.com/admin");
    exit(); // Always call exit after a header redirect
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Logging In</title>
</head>

<body>
</body>
</html>
main.php

Code: Select all

<?php
// First things first, start the session
// We should remember to do this on EVERY page in the session domain
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Main Admin Page</title>
</head>

<body>
<?php
// If there is nothing in the session var print_r returns array()
print_r($_SESSION);

// Set our error reporting level
error_reporting(E_ALL);

// Checking to see if the session var 'in' is not set OR if it doesn't equal 1
// So anything other than a value of 1 for the session 'in' var will result in else
if ( !isset($_SESSION['in']) || $_SESSION['in'] != 1 ) {
    // Either session var 'in' was not set or it did not equal 1
    echo 'You are not logged in,please go to <a href="http://avi.aerohostale.com/admin">Here</a> to login';
}
else {
    // session var 'in' was set to 1
    echo 'Welcome to the admin page. This is the basic layout so far.<br>Please use one of the links below to do what you would like to.';
    echo '<br>';
    echo '<br>';
    echo '<a href="http://avi.aerohostale.com/admin/addoffer.php">Add An Offer</a>';
    echo '<br>';
    echo '<a href="http://avi.aerohostale.com/admin/tabview.php">View Pending and Completed Offers</a>';
    echo '<br>';
    echo '<a href="http://avi.aerohostale.com/admin/pay.php">Make a Payment to Someone</a>';
}
?>
</body>
</html>
there is all of the interacting pages. Hopefully this will get solved:)

Posted: Mon Jun 12, 2006 5:14 pm
by RobertGonzalez
I will try this on my development machine tonight and see if I get the same errors as you.