Session Variables That Vanish from page to page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lordjeff
Forum Newbie
Posts: 2
Joined: Fri Aug 10, 2007 7:50 pm

Session Variables That Vanish from page to page

Post by lordjeff »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I've got a rather strange problem going on here - any help u guys can offer is terribly appreciated.  I've been writing my login script for my site (i'm sure everyone does this?).  Anyway, the whole authentication process is working.  EXCEPT, the session variable isn't "sticking" from page to page.  I'm using a very simple routine to verify that a user is logged in, in post validation:

Code: Select all

function userloggedin() {
if(isset($_SESSION['actid'])) { 
    return true;
} else {
    session_start();
    return false;
}
return false;
}
call this function prior to user authentication, it returns false, call it after they're validated, it returns true... go to another link on the page and *poof* it's gone.

in case it's something I'm doing in the code that someone might be able to spot, I've pasted it below.

Any help you guys could offer would be greatly appreciated!!!! THX in advance.:


Code: Select all

<?php




function userloggedin() {
if(isset($_SESSION['actid'])) {
/*    echo 'login:true<br>'; */
    return true;
} else {
    session_start();
/*    echo 'login:false<br>'; */
    return false;
}
return false;
}



function authuser($findusername, $findpassword) {
$returnvalid = false;

// database username query
db_connect();
// generate and execute query
$query = "SELECT ActID, Password, username FROM stafffile WHERE username = '$findusername'";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

// get resultset as object
$row = mysql_fetch_object($result);

// compare details
	if ($row)
	{
	 if ($row->Password == $findpassword)
	{
    session_register('actid');
    $_SESSION['actid'] = $row->ActID;
	$returnvalid = true;
	}

	}

return $returnvalid;
}

function show_login_page($msg) {
echo '<HTML>';
echo '<HEAD><title>FORK: Authorization</title></HEAD>';
echo '<BODY>';
echo '<div id="wrapper">';
echo '<div id="header"><h1>Authorization Required</h1></div>';
echo '<div id="main">';
echo '	<div id="mid">';
echo '';
echo '		<div class=error>'.$msg.'</div>';
echo '';
echo '		<form action="" method="POST">';
echo '';
echo '			UserName:&nbsp;<input name="username" size="20">&nbsp;<br>';
echo '';
echo '			Password:&nbsp;<input type="password" name="password" size="20">&nbsp;<br>';
echo '			<input type="submit" value="Login">';
echo '			<input type="hidden" name="sub" value="sub">';
echo '		</form>';
echo '	</div>';
echo '</div>';
echo '</div>';
echo '';
echo '</body>';
echo '</html>';

 }

/* END FUNCTIONS */

$errormsg='';


















if (userloggedin() == false)
{
	if (isset($_POST['sub']))
	{						// if form has been submitted
			if (authuser($_POST['username'],$_POST['password']) == false)
			{		// if password is incorrect
				$errormsg='Incorrect Login';
				show_login_page($errormsg);
				exit();

			} else { // if password is correct
            }
	} else { // if no form was submitted
			show_login_page($errormsg);
			exit();

	}


}

?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Post by VladSun »

You should call session_start in the very beginning of the file - unconditionally.
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

You need to start a session first before you can create session variables. And, FYI, you could completely skip the session_register() call. It's deprecated.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Yeah, don't put your session_start() call in a conditional statement (unless session_start() is throwing you errors about already being started).. and definately not inside of a function.

Code: Select all

session_start();

function loggedIn()
{
    if ( isset($_SESSION['actid'])) {
        return true;
    } else {
        return false;
    }
}
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
lordjeff
Forum Newbie
Posts: 2
Joined: Fri Aug 10, 2007 7:50 pm

put it at the top of the first include

Post by lordjeff »

I put it at the top of the first include (my site-lib.php that gets included on all pages). That solved it, god thanks guys... I've been looking at that code for hours. YAY! on to the actual work of the site.
Post Reply