Page 1 of 1

Sessions Clearing After One Page

Posted: Tue Sep 04, 2007 5:01 pm
by compguru910
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Im having a problem. I have built a login script that works, that sets the rights to the users on the website using a $_SESSION call. Now, it works on the first page I go to, but after the first page, the session clears itself out. I ran in isset call on this Session on the second page I visit, and its empty. Can anyone help me with this? Thank you


you can check it out at http://www.n-volved.com
login at the top with 

username:test
password:test1

Here is the code for the adduser page

Code: Select all

<?
	session_start();
	if (!isset($_SESSION['rights'])) {
		header ('Location: index.php');
		print '<p><font color="CCCCCC">No Session Stored</font></p>';
	}
		if ($_SESSION['rights'] < 11) {
			header ('Locations: privelages.php');
			exit();
		}
	$username = $_POST['username'];
	$password = $_POST['password'];
	$rpassword = $_POST['rpassword'];
	$rights = $_POST['rights'];
	$first_name = $_POST['first_name'];
	$last_name = $_POST['last_name'];
	$email = $_POST['email'];
	require('functions.php');
	if (!$username) 
		echo "Username is blank";
	else if (!$password || !$rpassword)
		echo "Password(s) field empty.";
	else if (!$first_name || !$last_name)
		echo "First or last name not entered!";
	else if ($username && $password && rpassword && $rights && $first_name && $last_name && $email) {

		if ($username == $password)
			echo "Username and password cannot be the same!";
		else if (!ereg("[a-z||0-9]", $username))
			echo "Username has illegal characters, alphanumbers only.";
		else if($password != $rpassword)
			echo "You failed to retype the password correctly.";
		else if (adduser('$username', '$password', '$rights', '$first_name', '$last_name', '$email')) {
			echo 'Added Successfully';
		} else {
			echo 'Error Occured';
		}
	}
	

?>
And Here Is The Code For The Login

Code: Select all

$auth = false;
if (isset($_POST['submit'])) {
	 mysql_connect('localhost', "kromped", "*")or die("cannot connect");
	mysql_select_db('main-site')or die("cannot select DB");

	// username and password sent from signup form
	$myusername=$_POST['username'];
	$password = $_POST['password'];
	$mypassword= md5($password);

	$sql="SELECT username, password, rights FROM login WHERE username='$myusername' and password='$mypassword'";
	$result=mysql_query($sql);
	$frights = mysql_fetch_array($result);
	// Mysql_num_row is counting table row
	$count=mysql_num_rows($result);
	// If result matched $myusername and $mypassword, table row must be 1 row

	if($count==1){
		// Register $myusername, $mypassword and redirect to file "login_success.php"
		session_start();
		$_SESSION['username'] = "$myusername";
		$_SESSION['rights'] = "$frights[2]";
		header ('Location: main_login.php');
		exit();
	}else {
		echo "<font color=\"red\">Wrong Username or Password</font>";
	}
}
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Sep 04, 2007 6:20 pm
by califdon
I don't see where you ever issued a session_start() in your login script. You have to do that before setting $_SESSION variables.

Posted: Tue Sep 04, 2007 7:31 pm
by playgames
a session_start() should be used on the head

your first page had a session_start() but the other page hadn't

so $_SESSION can't be called.

Posted: Tue Sep 04, 2007 8:00 pm
by RobertPaul
Slightly off-topic, but:

Code: Select all

// username and password sent from signup form
   $myusername=$_POST['username'];
   $password = $_POST['password'];
   $mypassword= md5($password);

   $sql="SELECT username, password, rights FROM login WHERE username='$myusername' and password='$mypassword'";
Don't use POST/GET input directly in queries. You have to escape it, in your case with mysql_real_escape_string().

Posted: Wed Sep 05, 2007 10:13 am
by compguru910
The second page has a session_start() its at the bottom. So, I dont believe that is the problem. Im still really confused on why its dumping the session variables after just one page. Secondly, im a litle confused on what the last post said about not using POST/GET. Could someone explain a little more in depth please?

Posted: Wed Sep 05, 2007 10:22 am
by compguru910
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Also, the way the pages are built I use lots of requires so I dont have to worry about re coding, or even copying and pasting information into each page I build. I have now put the ob_start(); and session_start(); tags in the header.php file (which is the head of each page) and I have put ob_flush_end(); into the footer of each page. 

Here is the header

Code: Select all

<?php
ob_start();
session_start();
?>
<html>
<head>
<style type="text/css">
body { background-attachment:fixed;}
</style>
<title>n-volved</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="rollover.css" rel="stylesheet" type="text/css">
</head>
<body background="images/background.jpg" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<center>
<table width="800" height="701" border="0" cellpadding="0" cellspacing="0">
<tr>
		<td colspan="4" background="images/n-volved_01.jpg" width="800" height="127" valign="top">
			
            <div align="right">
			  <form name="form1" method="post" action="index.php">
			    <label>
			    <input name="username" type="text" id="txtuser" size="20">
			    </label>
			    <label>
			      <input name="password" type="password" id="txtpass" size="20">
			      <input type="submit" name="submit" id="login" value="Go!">
		        </label>
		      </form>
		    </div></td>
	</tr>
	<tr>
		<td colspan="4" background="images/n-volved_02.jpg" width="800" height="28" valign="middle">
			<center><table width="600" height="20" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td  width="150" valign="middle"><div class="button" align="center"><a href="">Web Design</a></div></td>
    <td  width="150" valign="middle"><div class="button" align="center"><a href="">Web Management</a></div></td>
    <td  width="150" valign="middle"><div class="button" align="center"><a href="">Web Advertisement</a></div></td>
    <td  width="150" valign="middle"><div class="button" align="center"><a href="">Web Hosting</a></div></td>
  </tr>

</table>
 </center></td>
	</tr>
	<tr>
		<td colspan="4" background="images/n-volved_03.jpg" width="800" height="36">
			</td>
	</tr>
	<tr>
		<td colspan="2" bgcolor="#000000" width="582" height="418" valign="top">

And Here is the footer

Code: Select all

</td>
	</tr>
	<tr>
		<td rowspan="3" background="images/n-volved_06.jpg" width="22" height="91">
			</td>
		<td colspan="3" background="images/n-volved_07.jpg" width="778" height="33">
		</td>
	</tr>
	<tr>
		<td colspan="2" background="images/n-volved_08.jpg" width="743" height="33">
			</td>
		<td rowspan="2" background="images/n-volved_09.jpg" width="35" height="58">
			</td>
	</tr>
	<tr>
		<td colspan="2" background="images/n-volved_10.jpg" width="743" height="25">
			</td>
	</tr>
	<tr>
		<td>
			<img src="images/spacer.gif" width="22" height="1" alt=""></td>
		<td>
			<img src="images/spacer.gif" width="560" height="1" alt=""></td>
		<td>
			<img src="images/spacer.gif" width="183" height="1" alt=""></td>
		<td>
			<img src="images/spacer.gif" width="35" height="1" alt=""></td>
	</tr>
</table>
</center>
</body>
</html>
<?php
ob_end_flush();
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Wed Sep 05, 2007 10:22 am
by aceconcepts
$_SESSION['username'] = "$myusername";
$_SESSION['rights'] = "$frights[2]";
Remove the quotes.

Regarding the other post about using Post/Get to query a database, by using just POST/GET without any other precautions you be the victim of SQL Injections. Look it up and have a read.

When I post values from a form that are going to be used to query a database I do the following:

Code: Select all

if(isset($_POST['submit'])) //check if form has been submitted
{
   if(!empty($_POST['username'])) //check if field is NOT empty
   {
      $username=htmlentities(trim($_POST['username'])); //cater for html chars and remove whitespace

      $sql=sprintf("SELECT * FROM tbl WHERE username='%s'", mysql_real_escape_string($username)); //a more secure way to query a db

      $res=mysql_query($sql);
   }
}

Posted: Wed Sep 05, 2007 4:20 pm
by compguru910
Ok, I have removed the quotes in the $_Session tags, and still no luck. Im really confused. I changed the opening script to

Code: Select all

<?
	print '<p><font color="CCCCCC">' . $_SESSION['rights'] . '</font></p>';
	
	if (empty($_SESSION['rights'])) {
		//header ('Location: index.php');
		print '<p><font color="CCCCCC">No Session Stored</font></p>';
	}
	if ($_SESSION['rights'] < 11) {
		header ('Locations: privelages.php');
		//exit();
		}

And added later after the adduser function the code

Code: Select all

echo $_SESSION['rights'];
Now, when I submit the form on the page it tells me no session is stored, but, it will display 11 (which is the value stored in $_session['rights'] This is really confusing now.

Posted: Wed Sep 05, 2007 5:27 pm
by RobertGonzalez
session_start() needs to be called before you do anything with the session on the page you are on.

Posted: Thu Sep 06, 2007 6:49 am
by compguru910
Ok, well, I have solved the problem. For some reason or another when testing the script I took the if (isset($_Post['submit'])) out of it. I re added that code, and all seems to work fine now for some reason, lol. I dont know why having that code missing would cause the sessions to clear, but, hey, if it works it works. BTW I was calling session_start() the whole time in all of the scripts because I put the session_start() in the header file that I war requiring in every page.