?
Solved

Session information not being passed in my login authentification pages

Posted on 2005-03-04
2
Medium Priority
?
202 Views
Last Modified: 2012-05-05
Hi,

Please help me with this as I think it may be a bug in PHP - I've been wrestling with it for hours. I am using PHP 4.3.10

I have a page login.php

###########################################################
<?php # Script 7.7 - login.php
if (isset($_POST['submit'])) {
      require_once ('../mysql_connect.php');
      function escape_data ($data) {
            global $dbc;
            if (ini_get('magic_quotes_gpc')) {
                  $data = stripslashes($data);
            }
            return mysql_real_escape_string($data, $dbc);
      }
      $message = NULL;
      if (empty($_POST['username'])) {
            $u = FALSE;
            $message .= '<p>You forgot to enter your username!</p>';
      } else {
            $u = escape_data($_POST['username']);
      }
      if (empty($_POST['password'])) {
            $p = FALSE;
            $message .= '<p>You forgot to enter your password!</p>';
      } else {
            $p = escape_data($_POST['password']);
      }
      
      if ($u && $p) { // If everything's OK.
            $query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";            
            $result = @mysql_query ($query);
            $row = mysql_fetch_array ($result, MYSQL_NUM);
            if ($row) {
                        
                        // Start the session, register the values & redirect.
                                                                session_start();
                        $_SESSION['first_name'] = $row[1];
                        $_SESSION['user_id'] = $row[0];
                        header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
                        exit();
                        
            } else {
                  $message = '<p>The username and password entered do not match those on file.</p>';
            }
            mysql_close();
      } else {
            $message .= '<p>Please try again.</p>';            
      }
}
$page_title = 'Login';
include ('templates/header.inc');
if (isset($message)) {
      echo '<font color="red">', $message, '</font>';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>
<p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</form><!-- End of Form -->
<?php
include ('templates/footer.inc');
?>
###########################################################

The above all works fine, the crux is the 4 lines below // Start the session, register the values & redirect.

This takes the first_name and user_id and puts them in session variables. The header function is now used to redirect to loggedin.php which evaluates whether the first_name session variable is present (i.e. authentification of the session).

The code for loggedin.php is as follows

############################################################
<?php # Script 7.13 - loggedin.php

session_name ('YourVisitID');
session_start(); // Start the session.

// If no session is present, redirect the user.
if (!isset($_SESSION['first_name'])) {
      header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/login.php");
      exit(); // Quit the script.
}

// Set the page title and include the HTML header.
$page_title = 'Logged In!';
include ('templates/header.inc');

// Print a customized message.
echo "<p>You are now logged in, {$_SESSION['first_name']}!</p>";

include ('templates/footer.inc'); // Include the HTML footer.
?>
############################################################

The problem is that even when a correct username and password are entered in login.php, loggedin.php conditional  (!isset($_SESSION['first_name'])) doesn't evaluate as if the session variable 'first_name' has been passed from login.php.

I.e. loggedin.php just redirects to login.php.

It would seem that $_SESSION['first_name'] from login.php is not being picked up by the conditional in loggedin.php.

Please help, I don't understand why this is happening (please note, I am using XP and have cookies enabled) - I have a feeling this is something to do with using the header() function with sessions.

I look forward to hearing from you experts!! - Thankyou James
0
Comment
Question by:JamesFrog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
aksteve earned 2000 total points
ID: 13463884
Get rid of the session_name.. You are naming it in one file but not on the login

If you are going to set session_name you must set it before every session_start or before a variable you register with a session.

I would get rid of it and try it again..

0
 

Author Comment

by:JamesFrog
ID: 13465231
Thankyou aksteve for such a precise answer - my script now works a treat - am am researching as to why session_name in the above case messed things up so badly.

All the best
James
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question