Page 1 of 2

How do sessions work?

Posted: Fri Sep 01, 2006 10:49 am
by St8ic
Before I start rambling, I'm running an OpenBSD web server using Apache and PHP 4.

All I want is a login system where the users type in any name they want and a pre-specified password in "index.php" and it takes them to "terminal.php" and uses their user name that they specified in that page. However, it shouldn't take them to the terminal.php if the password is wrong and they shouldn't be able to access terminal.php without logging in first. I figured that the easiest way to do this is with php sessions, but so far no dice.

When I hit login all I get is a blank page. Please excuse my messy and amature coding! I would *really* appreciate if someone would sift through it with me and tell me what I'm messing up on. Thanks!

Code: Select all

# -----LOGIN.PHP : WHERE INDEX GOES TO VALIDATE LOGIN
<html>
<title>Page Title</title>
<?php
if($_POST['pass'] == 'thepassword'){
session_start();
$key = "3hfdy";
session_register($key);
session_name = ($_POST['name']);
echo 'Login good, loading...';
header('Location:terminal.php');
}
else {
echo "INCORRECT LOGIN";
}
?>
</html>

Code: Select all

# -----TERMINAL.PHP : CHECKS FOR VALID LOGIN OR WON'T DISPLAY PAGE
<html>
<?php
session_start();
if($key != '3hfdy'){
echo 'LOGIN INVALID';
}
else { ?>
<head>
<title>Page Title</title>
</head>
<body>
Welcome, <?php echo (session_name); ?>
(and the real content goes here)
</body>
</html>

Posted: Fri Sep 01, 2006 11:27 am
by Luke
A few things:
I wouldn't use session_register as it is deprecated I believe. Use the $_SESSION superglobal . Then you can use it just like any other array value:

Code: Select all

session_start();
$_SESSION['foo'] = "bar";
echo $_SESSION['foo']; // outputs "bar"
$_SESSION['foo'] = "boofar";
echo $_SESSION['foo']; // outputs "boofar"
Also, always use full urls when redirecting with header()

Code: Select all

header('Location: http://www.yourdomain.com/page.php');
You could even make your own simple function to avoind having to type the whole url every time:

Code: Select all

function redirect($page)
{
    if(!headers_sent()){
        header('Location: http://www.yourdomain.com/' . $page);
        exit;
    }
    echo "headers were already sent, so we can not redirect... sorry";
}
Just some good practice to get used to... :D

Posted: Fri Sep 01, 2006 9:15 pm
by St8ic
Thanks for the tips! It's greatly appreciated.

So aside from the header redirect problem, the code is fundamentally correct? I don't understand why it's not working!

Posted: Sat Sep 02, 2006 7:05 pm
by St8ic
Sorry for making so many posts, but I think Ihave it figured out except for this one thing

Parse error: parse error, unexpected $ in /htdocs/site/terminal.php on line 35

Line 35 is blank. I read up on this on the internet and apparently this is due to a file corruption on upload. I'm uploading it via SSH using WinSCP (I tried the puTTY ftp-clone too) and I've tried deleting and re-creating the file. Nothing works.

Has anyone else had this problem?

Posted: Sun Sep 03, 2006 1:31 pm
by toasty2
PHP commonly reports an error on a line before or after the line with the actual error. It happens to me all the time.
Just look near where it says the error is, nothing is perfect :D

I really doubt your files are corrupted on upload, it's very uncommon. And I've had my share of crappy internet connections :?

Posted: Sun Sep 03, 2006 2:27 pm
by jayshields
St8ic wrote:Sorry for making so many posts, but I think Ihave it figured out except for this one thing

Parse error: parse error, unexpected $ in /htdocs/site/terminal.php on line 35

Line 35 is blank. I read up on this on the internet and apparently this is due to a file corruption on upload. I'm uploading it via SSH using WinSCP (I tried the puTTY ftp-clone too) and I've tried deleting and re-creating the file. Nothing works.

Has anyone else had this problem?
Look for missing curly braces or missing semi-colons.

Posted: Sun Sep 03, 2006 2:54 pm
by Dave2000
The Ninja Space Goat wrote:Also, always use full urls when redirecting with header()

Code: Select all

header('Location: http://www.yourdomain.com/page.php');
Can i ask why you should do this?

Shears :)

Posted: Sun Sep 03, 2006 2:56 pm
by toasty2
It does a redirect, for example if you wish to send a user to another page. Now if you are asking about full url's, I never bother :P It works fine for me...

Posted: Sun Sep 03, 2006 2:57 pm
by feyd
Shears wrote:Can i ask why you should do this?
Full URI is the only value allowed by the standard. Relative URI's will not work in certain browsers.

Posted: Sun Sep 03, 2006 2:59 pm
by toasty2
What certain browsers? I am curious.

Posted: Sun Sep 03, 2006 3:02 pm
by feyd
Any browser that strictly implements the HTTP standard.

Posted: Mon Sep 04, 2006 7:40 pm
by Dave2000
The Ninja Space Goat wrote:You could even make your own simple function to avoind having to type the whole url every time:

Code: Select all

function redirect($page)
{
    if(!headers_sent()){
        header('Location: http://www.yourdomain.com/' . $page);
        exit;
    }
    echo "headers were already sent, so we can not redirect... sorry";
}
Is it actually possible to do this? Or at least i haven't been able to get it to work. It seems that the $page variable is unable to be passed though/ to the function. Doing so seems to result in any dots getting "lost".

For example, calling... redirect(index.php) atempts to redirect to http://example.com/indexphp NOTE: the missing dot :?

How could i prevent this from happening?

Thank you

Shears :)

Posted: Fri Sep 08, 2006 8:48 am
by Dave2000
anyone? :?

Posted: Fri Sep 08, 2006 8:54 am
by volka
You should test your scripts with error_reporting=E_ALL and either display_errors or keeping an eye on your webserver's error log.
You can set those values within the script if you must

Code: Select all

error_reporting(E_ALL); ini_set('display_errors', true);
function redirect($page)
{
	if(!headers_sent()){
		header('Location: http://www.yourdomain.com/' . $page);
	exit;
	}
	echo "headers were already sent, so we can not redirect... sorry";
}
but it's better to set them e.g. in the php.ini on your test webserver.


String literals have to be marked for php or they are considered constants. In this case as two constants concatenated by .

Code: Select all

redirect('index.php');

Posted: Fri Sep 08, 2006 9:00 am
by GM
You need to do:

Code: Select all

redirect("index.php");
Note the double quotes (also works with single quotes).

If you leave the quotes out, php sees an undefined constant called index and an undefined constant called php, and sees that they are concatenated with the full stop (period). Since you haven't defined constants index and php, the php engine decides to define them itself. Result is that you get "indexphp".

EDIT: Damnit. Beaten to it by volka