Session variables only occassionally setting
Posted: Fri Apr 24, 2009 9:28 am
I am working on a site, and the only issue with going live is that the login system is not working on the host.
I developed on my ubuntu laptop, and didn't have any issues with sessions or their variables.
I then uploaded to a test folder for another site on the same host that will be hosting the site. Now, sessions only seem to set every 4 times I try to login, which is odd.
I compared the php.ini files of my laptop and the host, and they are the same. Please note that output buffering is on for redirects on the site.
I have tried everything I can find on the php.net site, and on the other forums. I will explain my trials, but first, the code:
sessions.php (this will become a class in the next site)
And the login page:
Please forgive my rudimentary classes, they will be revised next version of the site, but they work pretty well for now.
As you can see from teh commented portions of the code, I've tried regenerating the id, write_close, etc.
I've also tried use only cookies set to 1, but no luck.
The headers seem to indicate that the SID remains the same, and if I don't redirect, the info is permeated through the page, but doesn't always survive reload. Like I said, it persists about a quarter of the time. Any ideas out there?
I developed on my ubuntu laptop, and didn't have any issues with sessions or their variables.
I then uploaded to a test folder for another site on the same host that will be hosting the site. Now, sessions only seem to set every 4 times I try to login, which is odd.
I compared the php.ini files of my laptop and the host, and they are the same. Please note that output buffering is on for redirects on the site.
I have tried everything I can find on the php.net site, and on the other forums. I will explain my trials, but first, the code:
sessions.php (this will become a class in the next site)
Code: Select all
<?php
session_start();
//session_regenerate_id(true);
function log_in($user){
//$session_array = array("userid"=>$user['UserID'], "username"=>$user['UserName'], "admin"=>$user['UserAdmin']);
$_SESSION['userid'] = $user['UserID'];
//session_write_close();
$_SESSION['username'] = $user['UserName'];
//session_write_close();
$_SESSION['admin'] = $user['UserAdmin'];
//foreach($session_array as $key=>$value){
//$_SESSION[$key] = $value;
//}
session_write_close();
if($_SESSION['admin'] == $user['UserAdmin'] && $_SESSION['username'] == $user['UserName']){
return true;
} else {
die("The session wasn't saved");
}
}
function check_logged_in($access_level="", $referrer_page="") {
//session_regenerate_id(true);
if(isset($referrer_page)){
$refer = "&page=" . urlencode($referrer_page);
} else {
$refer = "";
}
if($access_level == "admin"){
if(!empty($_SESSION['userid']) && $_SESSION['admin'] == "1") {
return true;
} else {
redirect_to("../pages/login.html?auth_error=admin{$refer}");
}
} elseif($access_level == "user"){
if(!empty($_SESSION['userid'])) {
return true;
} else {
redirect_to("../pages/login.html?auth_error=user{$referrer_page}");
//print_r($_SESSION);
}
} else {
if(!empty($_SESSION['userid'])){
return true;
}
}
}
function log_out(){
$_SESSION=array();
if(isset($_COOKIE[session_name()])){
setcookie(session_name(), '', time()-2100, '/');
}
session_destroy();
//redirect_to("pages/login.php?logout=1");
}
?>Code: Select all
<?php
//session_start();
//Set Include Files
require_once("../includes/sessions.php");
require_once("../includes/functions.php");
require_once("../includes/connection.php");
require_once("../includes/admin_functions.php");
require_once("../includes/form_functions.php");
require_once("../includes/FormField.php");
require_once("../includes/database_queries.php");
if(check_logged_in() == true){
$logged_in = true;
} else {
$logged_in = false;
}
//Add Form Fields
$UserName =& new FormField("text", "username", "Username", "string", "UserName", 45);
$Password =& new FormField("password", "password", "Password", "string", "UserHashedPassword");
//Set Field Array, Error Checking Arrays, File Arrays and Get Arrays
$field_array = array($UserName, $Password);
$required_fields=array($UserName, $Password);
$max_length_fields=array($UserName);
//End Basic Template required information
$gets = array("logout", "auth_error", "page"); //Set Get values
if(isset($get_items_array)){ //Set any additional Get values from above
$gets = array_merge($gets, $get_items_array);
}
foreach($gets as $name){//Get GET values, and set their values
$$name = get_GET($name);
$get_array[$name] = $$name;
}
if ($logout!=null){ //Log User Out
if ($logout == "1" || $logout == "true"){
log_out();
$insert_message = "You have been successfully logged out.";
}
}
if ($auth_error!=null){ //show authorization errors
if ($auth_error == "admin"){
$insert_message = "Administrator Access is required to view requested page.<br>Please log in with an administrator account.";
} elseif ($auth_error == "user"){
$insert_message = "Registration is required to view the requested page.<br>Please log in or request a username from the Dance Studio.";
}
}
if (isset($page)){
$refer = "?page={$page}";
}
if (isset($_POST['submit'])) { //If the form is submitted, process it.
//Update Field values and check for errors
set_field_objects_values($field_array);
check_field_objects_required($required_fields);
check_field_objects_max_length($max_length_fields);
$errors= check_field_objects_for_errors($field_array);
if($errors==0){ //get changes if no errors raised
$field_values = array();
foreach($field_array as $object){ //Get input Values
$current_values = $object->getValuesForQuery();
if (!empty($current_values)){
$field_values[]=($current_values);
}
}
if(!empty($field_values)){
$result = get_items_by_values("Users", $field_values);
if(!empty($result)){
$login = log_in($result[0]);
if($login == true && !empty($_SESSION['admin'])){
if (isset($refer)){
//session_write_close();
redirect_to(urldecode($page));
} else {
//session_write_close();
$logged_in = true;
redirect_to("../pages/studioannouncements.html");
//redirect_to("../pages/login.html");
//$insert_message = "You have been logged in.";
//echo $_SESSION['userid'];
//$logged_in = true;
}
}
} else {
$insert_message = "Username/Password combination not found.<br>Please try again, and make sure your caps key is not on.";
}
}
}
}
?>
As you can see from teh commented portions of the code, I've tried regenerating the id, write_close, etc.
I've also tried use only cookies set to 1, but no luck.
The headers seem to indicate that the SID remains the same, and if I don't redirect, the info is permeated through the page, but doesn't always survive reload. Like I said, it persists about a quarter of the time. Any ideas out there?