Page 1 of 1

Session Variables That Vanish from page to page

Posted: Fri Aug 10, 2007 8:07 pm
by lordjeff
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I've got a rather strange problem going on here - any help u guys can offer is terribly appreciated.  I've been writing my login script for my site (i'm sure everyone does this?).  Anyway, the whole authentication process is working.  EXCEPT, the session variable isn't "sticking" from page to page.  I'm using a very simple routine to verify that a user is logged in, in post validation:

Code: Select all

function userloggedin() {
if(isset($_SESSION['actid'])) { 
    return true;
} else {
    session_start();
    return false;
}
return false;
}
call this function prior to user authentication, it returns false, call it after they're validated, it returns true... go to another link on the page and *poof* it's gone.

in case it's something I'm doing in the code that someone might be able to spot, I've pasted it below.

Any help you guys could offer would be greatly appreciated!!!! THX in advance.:


Code: Select all

<?php




function userloggedin() {
if(isset($_SESSION['actid'])) {
/*    echo 'login:true<br>'; */
    return true;
} else {
    session_start();
/*    echo 'login:false<br>'; */
    return false;
}
return false;
}



function authuser($findusername, $findpassword) {
$returnvalid = false;

// database username query
db_connect();
// generate and execute query
$query = "SELECT ActID, Password, username FROM stafffile WHERE username = '$findusername'";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

// get resultset as object
$row = mysql_fetch_object($result);

// compare details
	if ($row)
	{
	 if ($row->Password == $findpassword)
	{
    session_register('actid');
    $_SESSION['actid'] = $row->ActID;
	$returnvalid = true;
	}

	}

return $returnvalid;
}

function show_login_page($msg) {
echo '<HTML>';
echo '<HEAD><title>FORK: Authorization</title></HEAD>';
echo '<BODY>';
echo '<div id="wrapper">';
echo '<div id="header"><h1>Authorization Required</h1></div>';
echo '<div id="main">';
echo '	<div id="mid">';
echo '';
echo '		<div class=error>'.$msg.'</div>';
echo '';
echo '		<form action="" method="POST">';
echo '';
echo '			UserName:&nbsp;<input name="username" size="20">&nbsp;<br>';
echo '';
echo '			Password:&nbsp;<input type="password" name="password" size="20">&nbsp;<br>';
echo '			<input type="submit" value="Login">';
echo '			<input type="hidden" name="sub" value="sub">';
echo '		</form>';
echo '	</div>';
echo '</div>';
echo '</div>';
echo '';
echo '</body>';
echo '</html>';

 }

/* END FUNCTIONS */

$errormsg='';


















if (userloggedin() == false)
{
	if (isset($_POST['sub']))
	{						// if form has been submitted
			if (authuser($_POST['username'],$_POST['password']) == false)
			{		// if password is incorrect
				$errormsg='Incorrect Login';
				show_login_page($errormsg);
				exit();

			} else { // if password is correct
            }
	} else { // if no form was submitted
			show_login_page($errormsg);
			exit();

	}


}

?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Fri Aug 10, 2007 8:11 pm
by VladSun
You should call session_start in the very beginning of the file - unconditionally.

Posted: Fri Aug 10, 2007 9:39 pm
by superdezign
You need to start a session first before you can create session variables. And, FYI, you could completely skip the session_register() call. It's deprecated.

Posted: Fri Aug 10, 2007 9:47 pm
by s.dot
Yeah, don't put your session_start() call in a conditional statement (unless session_start() is throwing you errors about already being started).. and definately not inside of a function.

Code: Select all

session_start();

function loggedIn()
{
    if ( isset($_SESSION['actid'])) {
        return true;
    } else {
        return false;
    }
}

put it at the top of the first include

Posted: Sat Aug 11, 2007 1:08 pm
by lordjeff
I put it at the top of the first include (my site-lib.php that gets included on all pages). That solved it, god thanks guys... I've been looking at that code for hours. YAY! on to the actual work of the site.