Page 1 of 1

$_SESSION not working, can you tell me why?

Posted: Wed Jul 18, 2007 9:30 am
by rjdeclute
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I was wondering if anyone could help me with a sessions issue.

When I login to my login script, it seems to be creating a session but does not pass it to my .inc file. If I do a print session_id(); on the .inc file it prints the session_id and when I go back to my login script it works fine. I've been working on this for several hours and can not figure it out. Below I've posted both my login script and my .inc file. Thank you.


LOGIN.PHP

Code: Select all

<?php
include "my_conn.inc";
require "template_class.inc";

/*
********************************************************************************************************************

CREATE TABLE sessions (
session_num varchar(32) default NULL,
session_date timestamp(14) NOT NULL,
users_id int(11) default NULL,
pages_viewed int(11) default NULL,
active char(3) default NULL,
level int(11) default NULL,
sessions_id int(11) NOT NULL auto_increment,
PRIMARY KEY (sessions_id)
) TYPE=MyISAM;

CREATE TABLE users (
username varchar(20) default NULL,
password varchar(20) default NULL,
firstname varchar(20) default NULL,
lastname varchar(30) default NULL,
email varchar(255) default NULL,
level int(11) default NULL,
active char(3) default NULL,
users_id int(11) NOT NULL auto_increment,
PRIMARY KEY (users_id)
) TYPE=MyISAM;

********************************************************************************************************************
*/

if ($action == "Retrieve Password") {
$query = "SELECT * FROM users WHERE email = '$email'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
if (($num == 1) && $email) {
$row = mysql_fetch_array($result);
$mailbody = "Your requested username and password are:\n\n";
$mailbody .= "User Name : $row[username]\n";
$mailbody .= "Password : $row[password]\n";
mail($email,"Lost Password",$mailbody,"From: users@hollyhillchamber.com");
$content .= "<p>Your username and password have been emailed, check your email and log in again.</p>\n";
unset($action);
} else {
$content .= "<p>Email address does not match any in database.</p>\n";
$error = "Login";
}
}

if ($action == "Login") {
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
if ($num) {
$row = mysql_fetch_array($result);
session_start();
$session_num = md5(uniqid(time()));
$session_date = date("Y-m-d H:i:s");
$query = "INSERT INTO sessions (
session_num,
session_date,
users_id,
pages_viewed,
active,
level
) VALUES (
'$session_num',
'$session_date',
'$row[users_id]',
'0',
'$row[active]',
'$row[level]'
)";
$result = mysql_query($query);
$_SESSION["current_session"] = $session_num;
header("Location: index.php");
exit;
} else {
$error = "Login";
}
}

if ($error) {
if ($error == "Login") {
$content .= "<p>There was an error logging in, please try again.</p>\n";
} else if ($error == "Active") {
$content .= "<p>User is currently not active.</p>\n";
} else if ($error == "Level") {
$content .= "<p>User does not have high enough level to view requested page.</p>\n";
} else if ($error == "Timeout") {
$content .= "<p>Your session has timed out, please log in again.</p>\n";
} else if ($error == "Session") {
$content .= "<p>Your session was not found, please log in again.</p>\n";
}
}

if ((!$action) || $error) {
$content .= "<form action=\"$SCRIPT_NAME\" method=\"POST\">\n";
$content .= "<table>\n";
$content .= "<tr><td>User Name : </td>\n";
$content .= "<td><input type=\"text\" name=\"username\" size=\"30\" value=\"$username\"></td>\n</tr>\n";
$content .= "<tr><td>Password : </td>\n";
$content .= "<td><input type=\"password\" name=\"password\" size=\"30\" value=\"$password\"></td>\n</tr>\n";
$content .= "<tr><td></td>\n<td><input name=\"action\" value=\"Login\" type=\"submit\"></td>\n</tr>\n";
$content .= "</table>\n";
$content .= "</form>\n";
if ($error == "Login") {
$content .= "<p>Enter your email address to retrieve a lost password.</p>\n";
$content .= "<form action=\"$SCRIPT_NAME\" method=\"POST\">\n";
$content .= "<input type=\"text\" name=\"email\" size=\"30\">\n";
$content .= "<input name=\"action\" value=\"Retrieve Password\" type=\"submit\">\n";
$content .= "</form>";
}
}

$text_links = implode("",file("text_links.inc"));
//$footer = implode("",file("footer.inc"));

$html = new html_template("template.html");

$html->set_parameter("PAGE_TITLE", "$company EZBizBuilderPro® Admin Interface"); // Set the page title.
$html->set_parameter("PAGE_CONTENT", $content); // Set the main content.
$html->set_parameter("TEXT_LINKS", $text_links); // Set the text link content.
$html->set_parameter("PAGE_FOOTER", $footer); // Set the footer content.
$html->create_page(); // Send the page to the browser.
?>
/*****************************************************


SECURE_PAGE.INC

Code: Select all

<?php
session_start();
//print session_id();
$too_old = (time() - 3600);
if ($_SESSION["current_session"]) {
if (!$required_level) $required_level = 1;
$query = "SELECT session_num,
UNIX_TIMESTAMP(session_date) AS session_date_ts,
users_id,
pages_viewed,
active,
level
FROM sessions
WHERE session_num = '" . $_SESSION["current_session"] . "'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
if ($num) {
$session = mysql_fetch_array($result);
if ($session["session_date_ts"] < $too_old) {
header("Location: login.php?error=Timeout");
exit;
} else if ($session["level"] < $required_level) {
header("Location: login.php?error=Level");
exit;
} else if ($session["active"] == 0) {
header("Location: login.php?error=Active");
exit;
} else {
$query = "UPDATE sessions SET
pages_viewed = pages_viewed + 1,
session_date = session_date
WHERE sessions_id = '$session[sessions_id]";
$result = mysql_query($query);
$query = "SELECT * FROM users WHERE users_id = '$session[users_id]'";
$result = mysql_query($query);
if (mysql_num_rows($result) != 0) $USER = mysql_fetch_array($result);
}
} else {
header("Location: login.php?error=Session");
exit;
}
} else {
header("Location: login.php");
exit;
}

?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Wed Jul 18, 2007 9:49 am
by aceconcepts
Position

Code: Select all

session_start();
at the very top of your script, just after "<?PHP"

Thanx

Posted: Wed Jul 18, 2007 9:56 am
by rjdeclute
Thanks that worked... I could of sworn I tried that already, it just doesn't make sense, the code worked fine without that on my development server, but when I uploaded it to the live server it wouldn't work. All well it's fixed now.

Thanks

Posted: Wed Jul 18, 2007 10:02 am
by Jello
session.autostart is probably on in the php.ini on your dev server but not on the production one!

Things always make sense! :wink:

Posted: Wed Jul 18, 2007 10:09 am
by rjdeclute
session.auto_start is off on both servers could there be another reason?

Posted: Wed Jul 18, 2007 10:21 am
by Jello
I dunno... guess there has to be or it wouldn't have happened would it!

Posted: Wed Jul 18, 2007 10:23 am
by rjdeclute
True True, thanks anyways.