I developed on my ubuntu laptop, and didn't have any issues with sessions or their variables.
I then uploaded to a test folder for another site on the same host that will be hosting the site. Now, sessions only seem to set every 4 times I try to login, which is odd.
I compared the php.ini files of my laptop and the host, and they are the same. Please note that output buffering is on for redirects on the site.
I have tried everything I can find on the php.net site, and on the other forums. I will explain my trials, but first, the code:
sessions.php (this will become a class in the next site)
Code: Select all
<?php
session_start();
//session_regenerate_id(true);
function log_in($user){
//$session_array = array("userid"=>$user['UserID'], "username"=>$user['UserName'], "admin"=>$user['UserAdmin']);
$_SESSION['userid'] = $user['UserID'];
//session_write_close();
$_SESSION['username'] = $user['UserName'];
//session_write_close();
$_SESSION['admin'] = $user['UserAdmin'];
//foreach($session_array as $key=>$value){
//$_SESSION[$key] = $value;
//}
session_write_close();
if($_SESSION['admin'] == $user['UserAdmin'] && $_SESSION['username'] == $user['UserName']){
return true;
} else {
die("The session wasn't saved");
}
}
function check_logged_in($access_level="", $referrer_page="") {
//session_regenerate_id(true);
if(isset($referrer_page)){
$refer = "&page=" . urlencode($referrer_page);
} else {
$refer = "";
}
if($access_level == "admin"){
if(!empty($_SESSION['userid']) && $_SESSION['admin'] == "1") {
return true;
} else {
redirect_to("../pages/login.html?auth_error=admin{$refer}");
}
} elseif($access_level == "user"){
if(!empty($_SESSION['userid'])) {
return true;
} else {
redirect_to("../pages/login.html?auth_error=user{$referrer_page}");
//print_r($_SESSION);
}
} else {
if(!empty($_SESSION['userid'])){
return true;
}
}
}
function log_out(){
$_SESSION=array();
if(isset($_COOKIE[session_name()])){
setcookie(session_name(), '', time()-2100, '/');
}
session_destroy();
//redirect_to("pages/login.php?logout=1");
}
?>Code: Select all
<?php
//session_start();
//Set Include Files
require_once("../includes/sessions.php");
require_once("../includes/functions.php");
require_once("../includes/connection.php");
require_once("../includes/admin_functions.php");
require_once("../includes/form_functions.php");
require_once("../includes/FormField.php");
require_once("../includes/database_queries.php");
if(check_logged_in() == true){
$logged_in = true;
} else {
$logged_in = false;
}
//Add Form Fields
$UserName =& new FormField("text", "username", "Username", "string", "UserName", 45);
$Password =& new FormField("password", "password", "Password", "string", "UserHashedPassword");
//Set Field Array, Error Checking Arrays, File Arrays and Get Arrays
$field_array = array($UserName, $Password);
$required_fields=array($UserName, $Password);
$max_length_fields=array($UserName);
//End Basic Template required information
$gets = array("logout", "auth_error", "page"); //Set Get values
if(isset($get_items_array)){ //Set any additional Get values from above
$gets = array_merge($gets, $get_items_array);
}
foreach($gets as $name){//Get GET values, and set their values
$$name = get_GET($name);
$get_array[$name] = $$name;
}
if ($logout!=null){ //Log User Out
if ($logout == "1" || $logout == "true"){
log_out();
$insert_message = "You have been successfully logged out.";
}
}
if ($auth_error!=null){ //show authorization errors
if ($auth_error == "admin"){
$insert_message = "Administrator Access is required to view requested page.<br>Please log in with an administrator account.";
} elseif ($auth_error == "user"){
$insert_message = "Registration is required to view the requested page.<br>Please log in or request a username from the Dance Studio.";
}
}
if (isset($page)){
$refer = "?page={$page}";
}
if (isset($_POST['submit'])) { //If the form is submitted, process it.
//Update Field values and check for errors
set_field_objects_values($field_array);
check_field_objects_required($required_fields);
check_field_objects_max_length($max_length_fields);
$errors= check_field_objects_for_errors($field_array);
if($errors==0){ //get changes if no errors raised
$field_values = array();
foreach($field_array as $object){ //Get input Values
$current_values = $object->getValuesForQuery();
if (!empty($current_values)){
$field_values[]=($current_values);
}
}
if(!empty($field_values)){
$result = get_items_by_values("Users", $field_values);
if(!empty($result)){
$login = log_in($result[0]);
if($login == true && !empty($_SESSION['admin'])){
if (isset($refer)){
//session_write_close();
redirect_to(urldecode($page));
} else {
//session_write_close();
$logged_in = true;
redirect_to("../pages/studioannouncements.html");
//redirect_to("../pages/login.html");
//$insert_message = "You have been logged in.";
//echo $_SESSION['userid'];
//$logged_in = true;
}
}
} else {
$insert_message = "Username/Password combination not found.<br>Please try again, and make sure your caps key is not on.";
}
}
}
}
?>
As you can see from teh commented portions of the code, I've tried regenerating the id, write_close, etc.
I've also tried use only cookies set to 1, but no luck.
The headers seem to indicate that the SID remains the same, and if I don't redirect, the info is permeated through the page, but doesn't always survive reload. Like I said, it persists about a quarter of the time. Any ideas out there?