I am having a lot of difficulty with sessions and in particular 'checking' the session variable in different pages.
What I am trying to do is authorise access to each page by calling auth.inc.php, a file i made that checks the value of a session variable and depending on its value will either grant access or call the login page.
My problem is that when i call auth.inc.php from different pages, the session variable is empty.
Here is my code:
Login page:
Code: Select all
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
h2
{
font-family: Arial, Helvetica, Sans-serif;
font-weight: bold;
color: #FF9900;
}
</style>
</head>
<body>
<table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<form name="login" method="post" action="check_login.php">
<table width="354" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="3"><h2>Smile32 CMS - Secure Log In</h2></td>
</tr>
<tr>
<td width="98" height="30"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Username</font></td>
<td width="120"><input name="username" type="text" size="20"></td>
<td width="134"> </td>
</tr>
<tr>
<td height="30"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Password</font></td>
<td><input name="pword" type="password" size="20"></td>
<td> </td>
</tr>
<tr>
<td height="60" colspan="2" align="right"> <div align="center"></div>
<div align="right">
<input name="submit" type="submit" value="Log In">
</div></td></tr>
</table>
</form>
</td>
<td> </td>
</tr>
</table>
</body>
</html>The code below checks the login values:
Code: Select all
<?php
session_start();
ob_start();
$user=$_POST['username'];
$pword=$_POST['pword'];
if(empty($user))
{
$err=1;
}
if(empty($pword))
{
$err=1;
}
if($err==1)
{ ?>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_popupMsg(msg) { //v1.0
alert(msg);
javascript: history.go(-1);
}
//-->
</script>
<body onLoad="MM_popupMsg('Please enter both a username and password!')">
<?
exit;
}
if(isset($_POST['submit']) && $user=="username" && $pword=="password")
{
$_SESSION['logged']=1;
header("Location: products/get_products.php");
} else {
?>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_popupMsg(msg) { //v1.0
alert(msg);
javascript: history.go(-1);
}
//-->
</script>
<body onLoad="MM_popupMsg('Invalid username and/or password!')">
<?
}
?>However, when i call the script below once i have logged in, the session variables' value is empty:
Code: Select all
<?php
include"../auth.inc.php";
include"../cms_header.php";
include"../conn.inc.php";
?>
<html>
<head>
<title>Smile32 CMS - Orders</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="../../../css/cms_orders.css" type="text/css" rel="stylesheet">
</head>
<body leftmargin="5" topmargin="0">
<!-- CONTENT USING PHP/MYSQL LOOP -->
<?
$view=$_REQUEST['view'];
$cid=$_REQUEST['cid'];
$re_url="http://www.smile32.co.uk" . $_SERVER['PHP_SELF'] . "?view=" . $view;
$query=mysql_query("SELECT customer_first_name, customer_last_name FROM customer WHERE customer_id='$cid'");
while($get_row=mysql_fetch_array($query))
{
extract($get_row);
} ?>
<table width="760" cellpadding="0" cellspacing="0">
<? if($view=="cust")
{ ?>
<tr><td><h2>Order History for: "<? echo $customer_first_name . " " . $customer_last_name; ?>"</h2></td></tr>
<? } else { ?>
<tr><td><h2>Order History</h2></td></tr>
<? } ?>
<tr><td><a href="order_history.php?view=all">View All Orders</a> | <a href="order_history.php?view=new">View New Orders</a></td></tr>
<tr><td> </td></tr>
</table>
<!-- FIELD HEADERS -->
<table width="760" cellpadding="2" cellspacing="2">
<tr bgcolor="#FF9900">
<td width="120"><strong><font color="#FFFFFF">Date</font></strong></td>
<td width="100"><strong><font color="#FFFFFF">Order Code</font></strong></td>
<td width="220"><strong><font color="#FFFFFF">Customer</font></strong></td>
<td width="250"><strong><font color="#FFFFFF">Delivery</font></strong></td>
<td width="60"><strong><font color="#FFFFFF">Total</font></strong></td>
<td width="200" colspan="2" align="center"><strong><font color="#FFFFFF">Options</font></strong></td>
</tr>
<?
if(empty($view))
{
$view="all";
}
switch ($view)
{
case "all":
$query="SELECT DISTINCT order_details.order_num, product_order.order_id, product_order.order_date, customer_first_name,
customer_last_name, product_order.order_total, delivery.del_destination, delivery.del_duration
FROM product_order, order_details, customer, delivery, product
WHERE product_order.order_id=order_details.order_num
AND order_details.product_id=product.prod_code
AND product_order.customer_id=customer.customer_id
AND product_order.del_id=delivery.del_id
ORDER BY product_order.order_date";
break;
case "new":
$query="SELECT DISTINCT order_details.order_num, product_order.order_id, product_order.order_date, customer_first_name,
customer_last_name, product_order.order_total, delivery.del_destination, delivery.del_duration
FROM product_order, order_details, customer, delivery, product
WHERE product_order.order_id=order_details.order_num
AND order_details.product_id=product.prod_code
AND product_order.customer_id=customer.customer_id
AND product_order.del_id=delivery.del_id
AND product_order.status='NEW'
ORDER BY product_order.order_date";
break;
case "cust":
$query="SELECT DISTINCT order_details.order_num, product_order.order_id, product_order.order_date, customer_first_name,
customer_last_name, product_order.order_total, delivery.del_destination, delivery.del_duration
FROM product_order, order_details, customer, delivery, product
WHERE product_order.order_id=order_details.order_num
AND order_details.product_id=product.prod_code
AND product_order.customer_id=customer.customer_id
AND product_order.del_id=delivery.del_id
AND product_order.customer_id='$cid'
ORDER BY product_order.order_date";
break;
}
$result=mysql_query($query)
or die(mysql_error());
if(mysql_num_rows($result)==0)
{ ?>
<tr>
<td height="30" colspan="7" align="center">There are no orders to display!</td>
</tr>
</table>
<?
exit;
}
$total_gross=0;
while($row=mysql_fetch_array($result))
{
extract($row);
$total_gross=number_format($total_gross + $order_total, 2);
?>
<tr bgcolor="#DCEFDC">
<td height="30"><a href="get_orders.php?date=<? echo $order_date; ?>" title="View orders placed on <? echo $order_date; ?>" class=data_link><? echo $order_date; ?></a></td>
<td><a href="get_order.php?orderid=<? echo $order_id; ?>" class=data_link title="View details for this order"><? echo $order_id; ?></a></td>
<td><a href="get_customer.php?cid=<? echo customer_id; ?>" class=data_link title="View orders for <? echo $customer_first_name . " " . $customer_last_name; ?>"><? echo $customer_first_name . " " . $customer_last_name; ?></a></td>
<td><? echo $del_destination . ": " . $del_duration; ?></td>
<td><? echo "£" . $order_total; ?></td>
<td align="center" width="70"><a href="get_order.php?orderid=<? echo $order_id; ?>" class=data_link>View</a></td>
<td align="center" width="70"><a href="modorder.php?action=remove&orderid=<? echo $order_id; ?>&re_url=<? echo $re_url; ?>" class=data_link>Delete</a></td>
</tr>
<?
}
?>
<tr bgcolor="#FF9900"><td colspan="7"> </td></tr>
<tr><td colspan="7"> </td></tr>
<tr><td colspan="5" align="right"><font face="Arial, Helvetica, Sans-serif" font size="5" color="#009933"><strong>Total Income <font size="2">(Gross):</font> £<? echo $total_gross; ?></strong></font></td></tr>
</table>
</body>
</html>What am i doing wrong?