Session variables only occassionally setting

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Cryophallion
Forum Newbie
Posts: 10
Joined: Fri Apr 24, 2009 9:05 am

Session variables only occassionally setting

Post by Cryophallion »

I am working on a site, and the only issue with going live is that the login system is not working on the host.

I developed on my ubuntu laptop, and didn't have any issues with sessions or their variables.

I then uploaded to a test folder for another site on the same host that will be hosting the site. Now, sessions only seem to set every 4 times I try to login, which is odd.

I compared the php.ini files of my laptop and the host, and they are the same. Please note that output buffering is on for redirects on the site.

I have tried everything I can find on the php.net site, and on the other forums. I will explain my trials, but first, the code:

sessions.php (this will become a class in the next site)

Code: Select all

<?php
      session_start();
    //session_regenerate_id(true);
    
    
    function log_in($user){
        //$session_array = array("userid"=>$user['UserID'], "username"=>$user['UserName'], "admin"=>$user['UserAdmin']);
        $_SESSION['userid'] = $user['UserID'];
        //session_write_close();
        $_SESSION['username'] = $user['UserName'];
        //session_write_close();
        $_SESSION['admin'] = $user['UserAdmin'];
        //foreach($session_array as $key=>$value){
            //$_SESSION[$key] = $value;
        //}
        session_write_close();
        if($_SESSION['admin'] == $user['UserAdmin'] && $_SESSION['username'] == $user['UserName']){
            return true;    
        } else {
            die("The session wasn't saved");
        }
    }
       
    function check_logged_in($access_level="", $referrer_page="") {
        //session_regenerate_id(true);
        if(isset($referrer_page)){
            $refer = "&page=" . urlencode($referrer_page);
        } else {
            $refer = "";
        }
        if($access_level == "admin"){
            if(!empty($_SESSION['userid']) && $_SESSION['admin'] == "1") {
                return true;
            } else {
                redirect_to("../pages/login.html?auth_error=admin{$refer}");
            }
        } elseif($access_level == "user"){
            if(!empty($_SESSION['userid'])) {
                return true;
            } else {
                redirect_to("../pages/login.html?auth_error=user{$referrer_page}");
                //print_r($_SESSION);
            }
        } else {
            if(!empty($_SESSION['userid'])){
                return true;
            }
        }
    }
    
    function log_out(){
        $_SESSION=array();
        if(isset($_COOKIE[session_name()])){
            setcookie(session_name(), '', time()-2100, '/');
        }
        session_destroy();
        //redirect_to("pages/login.php?logout=1");
    }
?>
And the login page:

Code: Select all

 
<?php
  //session_start();
  //Set Include Files
  require_once("../includes/sessions.php");
  require_once("../includes/functions.php");
  require_once("../includes/connection.php");
  require_once("../includes/admin_functions.php");
  require_once("../includes/form_functions.php");
  require_once("../includes/FormField.php");
  require_once("../includes/database_queries.php");
  
    if(check_logged_in() == true){
        $logged_in = true;
    } else {
        $logged_in = false;
    }
  
  //Add Form Fields
  $UserName =& new FormField("text", "username", "Username", "string", "UserName", 45);
  $Password =& new FormField("password", "password", "Password", "string", "UserHashedPassword");
    
  //Set Field Array, Error Checking Arrays, File Arrays and Get Arrays
  $field_array = array($UserName, $Password);
  $required_fields=array($UserName, $Password);
  $max_length_fields=array($UserName);
  
  //End Basic Template required information
  $gets = array("logout", "auth_error", "page"); //Set Get values
  if(isset($get_items_array)){ //Set any additional Get values from above
    $gets = array_merge($gets, $get_items_array);
  }
  foreach($gets as $name){//Get GET values, and set their values
    $$name = get_GET($name);
    $get_array[$name] = $$name;
  }
 
  if ($logout!=null){ //Log User Out
    if ($logout == "1" || $logout == "true"){
      log_out();
      $insert_message = "You have been successfully logged out.";
    }
  }
  if ($auth_error!=null){ //show authorization errors
    if ($auth_error == "admin"){
      $insert_message = "Administrator Access is required to view requested page.<br>Please log in with an administrator account.";
    } elseif ($auth_error == "user"){
      $insert_message = "Registration is required to view the requested page.<br>Please log in or request a username from the Dance Studio.";
    }
  }
  if (isset($page)){
    $refer = "?page={$page}";
  }
  if (isset($_POST['submit'])) { //If the form is submitted, process it.
    //Update Field values and check for errors
    set_field_objects_values($field_array);
    check_field_objects_required($required_fields);
    check_field_objects_max_length($max_length_fields);
    $errors= check_field_objects_for_errors($field_array); 
    if($errors==0){ //get changes if no errors raised
      $field_values = array();
      foreach($field_array as $object){ //Get input Values
        $current_values = $object->getValuesForQuery();
        if (!empty($current_values)){
          $field_values[]=($current_values);
        }
      }
      if(!empty($field_values)){
        $result = get_items_by_values("Users", $field_values);
        if(!empty($result)){
          $login = log_in($result[0]);
          if($login == true && !empty($_SESSION['admin'])){       
            if (isset($refer)){
              //session_write_close();
              redirect_to(urldecode($page));
            } else {
              //session_write_close();
              $logged_in = true;
              redirect_to("../pages/studioannouncements.html");
              //redirect_to("../pages/login.html");
              //$insert_message = "You have been logged in.";
              //echo $_SESSION['userid'];
              //$logged_in = true;
            }
          }
        } else {
          $insert_message = "Username/Password combination not found.<br>Please try again, and make sure your caps key is not on.";
        }
      }
    }
  } 
?>
 
Please forgive my rudimentary classes, they will be revised next version of the site, but they work pretty well for now.

As you can see from teh commented portions of the code, I've tried regenerating the id, write_close, etc.
I've also tried use only cookies set to 1, but no luck.

The headers seem to indicate that the SID remains the same, and if I don't redirect, the info is permeated through the page, but doesn't always survive reload. Like I said, it persists about a quarter of the time. Any ideas out there?
Post Reply