Link to home
Start Free TrialLog in
Avatar of TheGtrsR1
TheGtrsR1

asked on

PHP Doesn't Pass Session Variables

I have a login page which, when logged in, uses header("Location: filename.php") to send them to filename.php (obviously). The authentication is done by calling the login page to run the script, and in that scenario the session variables work great. Once I redirect them to the filename.php page the session variables are no longer available.

I have changed session.save_path to "c:\php\tmp" in the php.ini file and created the tmp folder. I noticed in c:\php\sessiondata that a session is created but I don't know if the fact that it is 0KB is important or not.

Hopefully the problem is clear.

Here is the code:

------------------------------------
login.php
------------------------------------

<?PHP
require ('database.php');

//echo $_REQUEST['username'].'<br>';

if (!isset($_SESSION['uid'])){
//echo 'if statement<br>';
      session_defaults();
}

if (isset($_REQUEST['username'])){
      $date = gmdate("'Y-m-d'");
      $db = db_connect();
      $user = new User($db);
      
      $user->_checkLogin($_REQUEST['username'],$_REQUEST['password'],'remember');
}

echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Software Validation</title>
<style type="text/css">@import url("CSS/screen.css");</style>
</head>
<body>
';

include ('login_header.php');

echo '
<div id="Content">
<form action="login.php" method="get">
Blah Blah Blah<br><br>

';

if ($_SESSION['error']){
      echo '<font color=#cc3333><b>Incorrect username or password.</b></font>';
};
echo '

<table border="0" align="center" cellpadding="0" cellspacing="4">
  <tr>
    <td>E-mail:</td>
    <td colspan="2"><input name="username" type="text" size="30"></td>
  </tr>
  <tr>
    <td>Password:</td>
    <td colspan="2"><input name="password" type="password" size="30"></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><input name="submit" type="submit" value="Login"></td>
    <td><div align="right">
      <input name="remember" type="checkbox" id="remember" value="true">
  Remember Me </div></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td colspan="2"></td>
  </tr>
  <tr>
  <td>&nbsp;</td>
  <td colspan="2">Not Registered? <a href="register.php" class="blueLink">Register Here</a></td>
  </tr>
</table>
</form>
</div>
';

include ('login_footer.php');

echo '
</div>
</body>
</html>
';
?>

----------------------------------------
reports.php
----------------------------------------
<?PHP
session_start();
require ('database.php');

if (!isset($_SESSION['uid'])) {
      echo 'no uid';}//header ('Location: login.php');}
else {
      $date = gmdate("'Y-m-d'");
      $db = db_connect();
}

echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Software Validation</title>
<style type="text/css">
<!--
@import url("CSS/screen.css");
-->
</style>
</head>
<body>';

include ('logout_header.php');

echo '
<div id="Content">
<a href="add.php" class="addLink">New Report</a>
<h2>Reports</h2>
<table border="0" align="center" cellpadding="0" cellspacing="5">
  <tr class="reportsTitle">
    <td width="75px">ID</td>
    <td width="325px">Name</td>
      <td width="90px">Start</td>
      <td width="90px">End</td>
  </tr>
  <tr>
    <td class="evenRow">20031</td>
    <td><a href="report.php" class="reportLink">Test Report for testing purposes only</a></td>
      <td>02/08/05</td>
      <td>06/09/05</td>
  </tr>
  <tr>
    <td class="oddRow">20035</td>
    <td>Name of program</td>
      <td>10/18/05</td>
      <td>09/01/06</td>
  </tr>
</table>
</div>
';

include ('logout_footer.php');

echo '
</div>
</body>
</html>
';
?>

----------------------------------------
Database.php
----------------------------------------
<?PHP
function &db_connect() {
//echo 'db_connect<br>';
      require_once 'DB.php';
      PEAR::setErrorHandling(PEAR_ERROR_DIE);
      $db_host = 'localhost';  //remember to use full host path
      $db_user = 'dnichols';
      $db_pass = 'Tree;House';
      $db_name = 'validation';
      $dsn = "mysql://$db_user:$db_pass@unix+$db_host/$db_name";
      $db = DB::connect($dsn);
      $db->setFetchMode(DB_FETCHMODE_OBJECT);
      return $db;
}
function _checkSession() {
//echo '_checkSession<br>';
      $username = $this->db->quote($_SESSION['username']);
      $cookie = $this->db->quote($_SESSION['cookie']);
      $session = $this->db->quote(session_id());
      $ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
      $sql = "SELECT * FROM member WHERE " .
               "(username = $username) AND (cookie = $cookie) AND " .
               "(session = $session) AND (ip = $ip)";
      $result = $this->db->getRow($sql);

      if (is_object($result)) {
            $this->_setSession($result, false, false);}
      else {
            $this->_logout();}
}

function _checkRemembered($cookie) {
//echo '_checkRemembered<br>';
      list($username, $cookie) = @unserialize($cookie);
      
      if (!$username or !$cookie) return;
      
      $username = $this->db->quote($username);
      $cookie = $this->db->quote($cookie);
      $sql = "SELECT * FROM member WHERE " .
                  "(username = $username) AND (cookie = $cookie)";
      $result = $this->db->getRow($sql);

      if (is_object($result) ) {
            $this->_setSession($result, true);}
}

function session_defaults() {
//echo 'session_defaults<br>';
      $_SESSION['logged'] = false;
      $_SESSION['uid'] = 0;
      $_SESSION['username'] = '';
      $_SESSION['cookie'] = 0;
      $_SESSION['remember'] = false;
      $_SESSION['error'] = false;
}

/****************************************************************/
/***** Everything From Here Should Be Within the User Class *****/
/****************************************************************/
class User {
      var $db = null; // PEAR::DB pointer
      var $failed = false; // failed login attempt
      var $date; // current date GMT
      var $id = 0; // the current user's id

      function User(&$db) {
            $this->db = $db;
            $this->date = $GLOBALS['date'];
//echo 'User function<br>';
            if ($_SESSION['logged']) {
                  $this->_checkSession();}
            elseif (isset($_COOKIE['mtwebLogin'])) {
                  $this->_checkRemembered($_COOKIE['mtwebLogin']);}
      }


function _checkLogin($username, $password, $remember) {
//echo '_checkLogin<br>';
//echo 'username='.$username.'<br>';
//echo 'password='.$password.'<br>';
      $username = $this->db->quote($username);
      $password = $this->db->quote($password);
      $sql = "SELECT * FROM account WHERE " .
      "act_email = $username AND " .
      "act_password = $password";
      $result = $this->db->getRow($sql);
//echo '_checkLogin2<br>';
      if ( is_object($result) ) {
            $this->_setSession($result, $remember);
            header ('Location: reports.php');
//echo '<br>LOGIN SUCCESSFUL<br><br>';
            return true;}
      else {
            $_SESSION['error'] = true;
            $this->failed = true;
//echo '<br>FAILED LOGIN<br><br>';
            $this->_logout();
            return false;}
}

function _setSession(&$values, $remember, $init = true) {
//echo '_setSession<br>';
//echo $_SESSION['uid'].'<br>';
      $this->act_id = $values->act_id;
      $_SESSION['uid'] = $this->act_id;
      $_SESSION['username'] = htmlspecialchars($values->act_email);
      $_SESSION['cookie'] = $values->act_cookie;
      $_SESSION['logged'] = true;
//echo $_SESSION['uid'];
//echo $remember.'<br>';
      if ($remember) {
            $this->updateCookie($values->act_cookie, true);}
 
      if ($init) {
            $session = $this->db->quote(session_id());
            $ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
            $sql = "UPDATE account SET act_session = $session, act_ip = $ip WHERE " .
                        "act_id = $this->id";
            $this->db->query($sql);}
}

function updateCookie($cookie, $save) {
//echo 'updateCookie<br>';
      $_SESSION['cookie'] = $cookie;
      if ($save) {
            $cookie = serialize(array($_SESSION['username'], $cookie));
//echo $cookie.'<br>';
            setcookie('softwareValidationLogin', $cookie, time() + 31104000);}
}

function _logout() {
//echo '_logout<br>';
      session_defaults();
}
}
/****************************/
/***** End of Functions *****/
/****************************/

?>
Avatar of TheGtrsR1
TheGtrsR1

ASKER

I just figured out that I'm not actually obtaining anything from session_id() on the login page. I don't know what that means is going wrong.
ASKER CERTIFIED SOLUTION
Avatar of ldbkutty
ldbkutty
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I'm still not getting any session variables in that second page. I can do an echo right after the session_write_close(); and get the correct value but once I do that redirect I don't get any session variables. I have a feeling it has something to do with the php.ini but I've changed everything I could find.
Idbkutty, thank you for your help it actually ended up being session_start(); needed to be on the database.php page. Thought I had done that before...but apparently not. Thanks again.