TheGtrsR1
asked on
PHP Doesn't Pass Session Variables
I have a login page which, when logged in, uses header("Location: filename.php") to send them to filename.php (obviously). The authentication is done by calling the login page to run the script, and in that scenario the session variables work great. Once I redirect them to the filename.php page the session variables are no longer available.
I have changed session.save_path to "c:\php\tmp" in the php.ini file and created the tmp folder. I noticed in c:\php\sessiondata that a session is created but I don't know if the fact that it is 0KB is important or not.
Hopefully the problem is clear.
Here is the code:
-------------------------- ----------
login.php
-------------------------- ----------
<?PHP
require ('database.php');
//echo $_REQUEST['username'].'<br >';
if (!isset($_SESSION['uid'])) {
//echo 'if statement<br>';
session_defaults();
}
if (isset($_REQUEST['username '])){
$date = gmdate("'Y-m-d'");
$db = db_connect();
$user = new User($db);
$user->_checkLogin($_REQUE ST['userna me'],$_REQ UEST['pass word'],'re member');
}
echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Software Validation</title>
<style type="text/css">@import url("CSS/screen.css");</st yle>
</head>
<body>
';
include ('login_header.php');
echo '
<div id="Content">
<form action="login.php" method="get">
Blah Blah Blah<br><br>
';
if ($_SESSION['error']){
echo '<font color=#cc3333><b>Incorrect username or password.</b></font>';
};
echo '
<table border="0" align="center" cellpadding="0" cellspacing="4">
<tr>
<td>E-mail:</td>
<td colspan="2"><input name="username" type="text" size="30"></td>
</tr>
<tr>
<td>Password:</td>
<td colspan="2"><input name="password" type="password" size="30"></td>
</tr>
<tr>
<td> </td>
<td><input name="submit" type="submit" value="Login"></td>
<td><div align="right">
<input name="remember" type="checkbox" id="remember" value="true">
Remember Me </div></td>
</tr>
<tr>
<td> </td>
<td colspan="2"></td>
</tr>
<tr>
<td> </td>
<td colspan="2">Not Registered? <a href="register.php" class="blueLink">Register Here</a></td>
</tr>
</table>
</form>
</div>
';
include ('login_footer.php');
echo '
</div>
</body>
</html>
';
?>
-------------------------- ---------- ----
reports.php
-------------------------- ---------- ----
<?PHP
session_start();
require ('database.php');
if (!isset($_SESSION['uid'])) {
echo 'no uid';}//header ('Location: login.php');}
else {
$date = gmdate("'Y-m-d'");
$db = db_connect();
}
echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Software Validation</title>
<style type="text/css">
<!--
@import url("CSS/screen.css");
-->
</style>
</head>
<body>';
include ('logout_header.php');
echo '
<div id="Content">
<a href="add.php" class="addLink">New Report</a>
<h2>Reports</h2>
<table border="0" align="center" cellpadding="0" cellspacing="5">
<tr class="reportsTitle">
<td width="75px">ID</td>
<td width="325px">Name</td>
<td width="90px">Start</td>
<td width="90px">End</td>
</tr>
<tr>
<td class="evenRow">20031</td>
<td><a href="report.php" class="reportLink">Test Report for testing purposes only</a></td>
<td>02/08/05</td>
<td>06/09/05</td>
</tr>
<tr>
<td class="oddRow">20035</td>
<td>Name of program</td>
<td>10/18/05</td>
<td>09/01/06</td>
</tr>
</table>
</div>
';
include ('logout_footer.php');
echo '
</div>
</body>
</html>
';
?>
-------------------------- ---------- ----
Database.php
-------------------------- ---------- ----
<?PHP
function &db_connect() {
//echo 'db_connect<br>';
require_once 'DB.php';
PEAR::setErrorHandling(PEA R_ERROR_DI E);
$db_host = 'localhost'; //remember to use full host path
$db_user = 'dnichols';
$db_pass = 'Tree;House';
$db_name = 'validation';
$dsn = "mysql://$db_user:$db_pass @unix+$db_ host/$db_n ame";
$db = DB::connect($dsn);
$db->setFetchMode(DB_FETCH MODE_OBJEC T);
return $db;
}
function _checkSession() {
//echo '_checkSession<br>';
$username = $this->db->quote($_SESSION ['username ']);
$cookie = $this->db->quote($_SESSION ['cookie'] );
$session = $this->db->quote(session_i d());
$ip = $this->db->quote($_SERVER[ 'REMOTE_AD DR']);
$sql = "SELECT * FROM member WHERE " .
"(username = $username) AND (cookie = $cookie) AND " .
"(session = $session) AND (ip = $ip)";
$result = $this->db->getRow($sql);
if (is_object($result)) {
$this->_setSession($result , false, false);}
else {
$this->_logout();}
}
function _checkRemembered($cookie) {
//echo '_checkRemembered<br>';
list($username, $cookie) = @unserialize($cookie);
if (!$username or !$cookie) return;
$username = $this->db->quote($username );
$cookie = $this->db->quote($cookie);
$sql = "SELECT * FROM member WHERE " .
"(username = $username) AND (cookie = $cookie)";
$result = $this->db->getRow($sql);
if (is_object($result) ) {
$this->_setSession($result , true);}
}
function session_defaults() {
//echo 'session_defaults<br>';
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
$_SESSION['cookie'] = 0;
$_SESSION['remember'] = false;
$_SESSION['error'] = false;
}
/************************* ********** ********** ********** *********/
/***** Everything From Here Should Be Within the User Class *****/
/************************* ********** ********** ********** *********/
class User {
var $db = null; // PEAR::DB pointer
var $failed = false; // failed login attempt
var $date; // current date GMT
var $id = 0; // the current user's id
function User(&$db) {
$this->db = $db;
$this->date = $GLOBALS['date'];
//echo 'User function<br>';
if ($_SESSION['logged']) {
$this->_checkSession();}
elseif (isset($_COOKIE['mtwebLogi n'])) {
$this->_checkRemembered($_ COOKIE['mt webLogin'] );}
}
function _checkLogin($username, $password, $remember) {
//echo '_checkLogin<br>';
//echo 'username='.$username.'<br >';
//echo 'password='.$password.'<br >';
$username = $this->db->quote($username );
$password = $this->db->quote($password );
$sql = "SELECT * FROM account WHERE " .
"act_email = $username AND " .
"act_password = $password";
$result = $this->db->getRow($sql);
//echo '_checkLogin2<br>';
if ( is_object($result) ) {
$this->_setSession($result , $remember);
header ('Location: reports.php');
//echo '<br>LOGIN SUCCESSFUL<br><br>';
return true;}
else {
$_SESSION['error'] = true;
$this->failed = true;
//echo '<br>FAILED LOGIN<br><br>';
$this->_logout();
return false;}
}
function _setSession(&$values, $remember, $init = true) {
//echo '_setSession<br>';
//echo $_SESSION['uid'].'<br>';
$this->act_id = $values->act_id;
$_SESSION['uid'] = $this->act_id;
$_SESSION['username'] = htmlspecialchars($values-> act_email) ;
$_SESSION['cookie'] = $values->act_cookie;
$_SESSION['logged'] = true;
//echo $_SESSION['uid'];
//echo $remember.'<br>';
if ($remember) {
$this->updateCookie($value s->act_coo kie, true);}
if ($init) {
$session = $this->db->quote(session_i d());
$ip = $this->db->quote($_SERVER[ 'REMOTE_AD DR']);
$sql = "UPDATE account SET act_session = $session, act_ip = $ip WHERE " .
"act_id = $this->id";
$this->db->query($sql);}
}
function updateCookie($cookie, $save) {
//echo 'updateCookie<br>';
$_SESSION['cookie'] = $cookie;
if ($save) {
$cookie = serialize(array($_SESSION[ 'username' ], $cookie));
//echo $cookie.'<br>';
setcookie('softwareValidat ionLogin', $cookie, time() + 31104000);}
}
function _logout() {
//echo '_logout<br>';
session_defaults();
}
}
/************************* ***/
/***** End of Functions *****/
/************************* ***/
?>
I have changed session.save_path to "c:\php\tmp" in the php.ini file and created the tmp folder. I noticed in c:\php\sessiondata that a session is created but I don't know if the fact that it is 0KB is important or not.
Hopefully the problem is clear.
Here is the code:
--------------------------
login.php
--------------------------
<?PHP
require ('database.php');
//echo $_REQUEST['username'].'<br
if (!isset($_SESSION['uid']))
//echo 'if statement<br>';
session_defaults();
}
if (isset($_REQUEST['username
$date = gmdate("'Y-m-d'");
$db = db_connect();
$user = new User($db);
$user->_checkLogin($_REQUE
}
echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Software Validation</title>
<style type="text/css">@import url("CSS/screen.css");</st
</head>
<body>
';
include ('login_header.php');
echo '
<div id="Content">
<form action="login.php" method="get">
Blah Blah Blah<br><br>
';
if ($_SESSION['error']){
echo '<font color=#cc3333><b>Incorrect
};
echo '
<table border="0" align="center" cellpadding="0" cellspacing="4">
<tr>
<td>E-mail:</td>
<td colspan="2"><input name="username" type="text" size="30"></td>
</tr>
<tr>
<td>Password:</td>
<td colspan="2"><input name="password" type="password" size="30"></td>
</tr>
<tr>
<td> </td>
<td><input name="submit" type="submit" value="Login"></td>
<td><div align="right">
<input name="remember" type="checkbox" id="remember" value="true">
Remember Me </div></td>
</tr>
<tr>
<td> </td>
<td colspan="2"></td>
</tr>
<tr>
<td> </td>
<td colspan="2">Not Registered? <a href="register.php" class="blueLink">Register Here</a></td>
</tr>
</table>
</form>
</div>
';
include ('login_footer.php');
echo '
</div>
</body>
</html>
';
?>
--------------------------
reports.php
--------------------------
<?PHP
session_start();
require ('database.php');
if (!isset($_SESSION['uid']))
echo 'no uid';}//header ('Location: login.php');}
else {
$date = gmdate("'Y-m-d'");
$db = db_connect();
}
echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Software Validation</title>
<style type="text/css">
<!--
@import url("CSS/screen.css");
-->
</style>
</head>
<body>';
include ('logout_header.php');
echo '
<div id="Content">
<a href="add.php" class="addLink">New Report</a>
<h2>Reports</h2>
<table border="0" align="center" cellpadding="0" cellspacing="5">
<tr class="reportsTitle">
<td width="75px">ID</td>
<td width="325px">Name</td>
<td width="90px">Start</td>
<td width="90px">End</td>
</tr>
<tr>
<td class="evenRow">20031</td>
<td><a href="report.php" class="reportLink">Test Report for testing purposes only</a></td>
<td>02/08/05</td>
<td>06/09/05</td>
</tr>
<tr>
<td class="oddRow">20035</td>
<td>Name of program</td>
<td>10/18/05</td>
<td>09/01/06</td>
</tr>
</table>
</div>
';
include ('logout_footer.php');
echo '
</div>
</body>
</html>
';
?>
--------------------------
Database.php
--------------------------
<?PHP
function &db_connect() {
//echo 'db_connect<br>';
require_once 'DB.php';
PEAR::setErrorHandling(PEA
$db_host = 'localhost'; //remember to use full host path
$db_user = 'dnichols';
$db_pass = 'Tree;House';
$db_name = 'validation';
$dsn = "mysql://$db_user:$db_pass
$db = DB::connect($dsn);
$db->setFetchMode(DB_FETCH
return $db;
}
function _checkSession() {
//echo '_checkSession<br>';
$username = $this->db->quote($_SESSION
$cookie = $this->db->quote($_SESSION
$session = $this->db->quote(session_i
$ip = $this->db->quote($_SERVER[
$sql = "SELECT * FROM member WHERE " .
"(username = $username) AND (cookie = $cookie) AND " .
"(session = $session) AND (ip = $ip)";
$result = $this->db->getRow($sql);
if (is_object($result)) {
$this->_setSession($result
else {
$this->_logout();}
}
function _checkRemembered($cookie) {
//echo '_checkRemembered<br>';
list($username, $cookie) = @unserialize($cookie);
if (!$username or !$cookie) return;
$username = $this->db->quote($username
$cookie = $this->db->quote($cookie);
$sql = "SELECT * FROM member WHERE " .
"(username = $username) AND (cookie = $cookie)";
$result = $this->db->getRow($sql);
if (is_object($result) ) {
$this->_setSession($result
}
function session_defaults() {
//echo 'session_defaults<br>';
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
$_SESSION['cookie'] = 0;
$_SESSION['remember'] = false;
$_SESSION['error'] = false;
}
/*************************
/***** Everything From Here Should Be Within the User Class *****/
/*************************
class User {
var $db = null; // PEAR::DB pointer
var $failed = false; // failed login attempt
var $date; // current date GMT
var $id = 0; // the current user's id
function User(&$db) {
$this->db = $db;
$this->date = $GLOBALS['date'];
//echo 'User function<br>';
if ($_SESSION['logged']) {
$this->_checkSession();}
elseif (isset($_COOKIE['mtwebLogi
$this->_checkRemembered($_
}
function _checkLogin($username, $password, $remember) {
//echo '_checkLogin<br>';
//echo 'username='.$username.'<br
//echo 'password='.$password.'<br
$username = $this->db->quote($username
$password = $this->db->quote($password
$sql = "SELECT * FROM account WHERE " .
"act_email = $username AND " .
"act_password = $password";
$result = $this->db->getRow($sql);
//echo '_checkLogin2<br>';
if ( is_object($result) ) {
$this->_setSession($result
header ('Location: reports.php');
//echo '<br>LOGIN SUCCESSFUL<br><br>';
return true;}
else {
$_SESSION['error'] = true;
$this->failed = true;
//echo '<br>FAILED LOGIN<br><br>';
$this->_logout();
return false;}
}
function _setSession(&$values, $remember, $init = true) {
//echo '_setSession<br>';
//echo $_SESSION['uid'].'<br>';
$this->act_id = $values->act_id;
$_SESSION['uid'] = $this->act_id;
$_SESSION['username'] = htmlspecialchars($values->
$_SESSION['cookie'] = $values->act_cookie;
$_SESSION['logged'] = true;
//echo $_SESSION['uid'];
//echo $remember.'<br>';
if ($remember) {
$this->updateCookie($value
if ($init) {
$session = $this->db->quote(session_i
$ip = $this->db->quote($_SERVER[
$sql = "UPDATE account SET act_session = $session, act_ip = $ip WHERE " .
"act_id = $this->id";
$this->db->query($sql);}
}
function updateCookie($cookie, $save) {
//echo 'updateCookie<br>';
$_SESSION['cookie'] = $cookie;
if ($save) {
$cookie = serialize(array($_SESSION[
//echo $cookie.'<br>';
setcookie('softwareValidat
}
function _logout() {
//echo '_logout<br>';
session_defaults();
}
}
/*************************
/***** End of Functions *****/
/*************************
?>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm still not getting any session variables in that second page. I can do an echo right after the session_write_close(); and get the correct value but once I do that redirect I don't get any session variables. I have a feeling it has something to do with the php.ini but I've changed everything I could find.
ASKER
Idbkutty, thank you for your help it actually ended up being session_start(); needed to be on the database.php page. Thought I had done that before...but apparently not. Thanks again.
ASKER