• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 204
  • Last Modified:

Session information not being passed in my login authentification pages

Hi,

Please help me with this as I think it may be a bug in PHP - I've been wrestling with it for hours. I am using PHP 4.3.10

I have a page login.php

###########################################################
<?php # Script 7.7 - login.php
if (isset($_POST['submit'])) {
      require_once ('../mysql_connect.php');
      function escape_data ($data) {
            global $dbc;
            if (ini_get('magic_quotes_gpc')) {
                  $data = stripslashes($data);
            }
            return mysql_real_escape_string($data, $dbc);
      }
      $message = NULL;
      if (empty($_POST['username'])) {
            $u = FALSE;
            $message .= '<p>You forgot to enter your username!</p>';
      } else {
            $u = escape_data($_POST['username']);
      }
      if (empty($_POST['password'])) {
            $p = FALSE;
            $message .= '<p>You forgot to enter your password!</p>';
      } else {
            $p = escape_data($_POST['password']);
      }
      
      if ($u && $p) { // If everything's OK.
            $query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";            
            $result = @mysql_query ($query);
            $row = mysql_fetch_array ($result, MYSQL_NUM);
            if ($row) {
                        
                        // Start the session, register the values & redirect.
                                                                session_start();
                        $_SESSION['first_name'] = $row[1];
                        $_SESSION['user_id'] = $row[0];
                        header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
                        exit();
                        
            } else {
                  $message = '<p>The username and password entered do not match those on file.</p>';
            }
            mysql_close();
      } else {
            $message .= '<p>Please try again.</p>';            
      }
}
$page_title = 'Login';
include ('templates/header.inc');
if (isset($message)) {
      echo '<font color="red">', $message, '</font>';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>
<p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</form><!-- End of Form -->
<?php
include ('templates/footer.inc');
?>
###########################################################

The above all works fine, the crux is the 4 lines below // Start the session, register the values & redirect.

This takes the first_name and user_id and puts them in session variables. The header function is now used to redirect to loggedin.php which evaluates whether the first_name session variable is present (i.e. authentification of the session).

The code for loggedin.php is as follows

############################################################
<?php # Script 7.13 - loggedin.php

session_name ('YourVisitID');
session_start(); // Start the session.

// If no session is present, redirect the user.
if (!isset($_SESSION['first_name'])) {
      header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/login.php");
      exit(); // Quit the script.
}

// Set the page title and include the HTML header.
$page_title = 'Logged In!';
include ('templates/header.inc');

// Print a customized message.
echo "<p>You are now logged in, {$_SESSION['first_name']}!</p>";

include ('templates/footer.inc'); // Include the HTML footer.
?>
############################################################

The problem is that even when a correct username and password are entered in login.php, loggedin.php conditional  (!isset($_SESSION['first_name'])) doesn't evaluate as if the session variable 'first_name' has been passed from login.php.

I.e. loggedin.php just redirects to login.php.

It would seem that $_SESSION['first_name'] from login.php is not being picked up by the conditional in loggedin.php.

Please help, I don't understand why this is happening (please note, I am using XP and have cookies enabled) - I have a feeling this is something to do with using the header() function with sessions.

I look forward to hearing from you experts!! - Thankyou James
0
JamesFrog
Asked:
JamesFrog
1 Solution
 
aksteveCommented:
Get rid of the session_name.. You are naming it in one file but not on the login

If you are going to set session_name you must set it before every session_start or before a variable you register with a session.

I would get rid of it and try it again..

0
 
JamesFrogAuthor Commented:
Thankyou aksteve for such a precise answer - my script now works a treat - am am researching as to why session_name in the above case messed things up so badly.

All the best
James
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now