• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 525
  • Last Modified:

PHP Doesn't Pass Session Variables

I have a login page which, when logged in, uses header("Location: filename.php") to send them to filename.php (obviously). The authentication is done by calling the login page to run the script, and in that scenario the session variables work great. Once I redirect them to the filename.php page the session variables are no longer available.

I have changed session.save_path to "c:\php\tmp" in the php.ini file and created the tmp folder. I noticed in c:\php\sessiondata that a session is created but I don't know if the fact that it is 0KB is important or not.

Hopefully the problem is clear.

Here is the code:

------------------------------------
login.php
------------------------------------

<?PHP
require ('database.php');

//echo $_REQUEST['username'].'<br>';

if (!isset($_SESSION['uid'])){
//echo 'if statement<br>';
      session_defaults();
}

if (isset($_REQUEST['username'])){
      $date = gmdate("'Y-m-d'");
      $db = db_connect();
      $user = new User($db);
      
      $user->_checkLogin($_REQUEST['username'],$_REQUEST['password'],'remember');
}

echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Software Validation</title>
<style type="text/css">@import url("CSS/screen.css");</style>
</head>
<body>
';

include ('login_header.php');

echo '
<div id="Content">
<form action="login.php" method="get">
Blah Blah Blah<br><br>

';

if ($_SESSION['error']){
      echo '<font color=#cc3333><b>Incorrect username or password.</b></font>';
};
echo '

<table border="0" align="center" cellpadding="0" cellspacing="4">
  <tr>
    <td>E-mail:</td>
    <td colspan="2"><input name="username" type="text" size="30"></td>
  </tr>
  <tr>
    <td>Password:</td>
    <td colspan="2"><input name="password" type="password" size="30"></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><input name="submit" type="submit" value="Login"></td>
    <td><div align="right">
      <input name="remember" type="checkbox" id="remember" value="true">
  Remember Me </div></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td colspan="2"></td>
  </tr>
  <tr>
  <td>&nbsp;</td>
  <td colspan="2">Not Registered? <a href="register.php" class="blueLink">Register Here</a></td>
  </tr>
</table>
</form>
</div>
';

include ('login_footer.php');

echo '
</div>
</body>
</html>
';
?>

----------------------------------------
reports.php
----------------------------------------
<?PHP
session_start();
require ('database.php');

if (!isset($_SESSION['uid'])) {
      echo 'no uid';}//header ('Location: login.php');}
else {
      $date = gmdate("'Y-m-d'");
      $db = db_connect();
}

echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Software Validation</title>
<style type="text/css">
<!--
@import url("CSS/screen.css");
-->
</style>
</head>
<body>';

include ('logout_header.php');

echo '
<div id="Content">
<a href="add.php" class="addLink">New Report</a>
<h2>Reports</h2>
<table border="0" align="center" cellpadding="0" cellspacing="5">
  <tr class="reportsTitle">
    <td width="75px">ID</td>
    <td width="325px">Name</td>
      <td width="90px">Start</td>
      <td width="90px">End</td>
  </tr>
  <tr>
    <td class="evenRow">20031</td>
    <td><a href="report.php" class="reportLink">Test Report for testing purposes only</a></td>
      <td>02/08/05</td>
      <td>06/09/05</td>
  </tr>
  <tr>
    <td class="oddRow">20035</td>
    <td>Name of program</td>
      <td>10/18/05</td>
      <td>09/01/06</td>
  </tr>
</table>
</div>
';

include ('logout_footer.php');

echo '
</div>
</body>
</html>
';
?>

----------------------------------------
Database.php
----------------------------------------
<?PHP
function &db_connect() {
//echo 'db_connect<br>';
      require_once 'DB.php';
      PEAR::setErrorHandling(PEAR_ERROR_DIE);
      $db_host = 'localhost';  //remember to use full host path
      $db_user = 'dnichols';
      $db_pass = 'Tree;House';
      $db_name = 'validation';
      $dsn = "mysql://$db_user:$db_pass@unix+$db_host/$db_name";
      $db = DB::connect($dsn);
      $db->setFetchMode(DB_FETCHMODE_OBJECT);
      return $db;
}
function _checkSession() {
//echo '_checkSession<br>';
      $username = $this->db->quote($_SESSION['username']);
      $cookie = $this->db->quote($_SESSION['cookie']);
      $session = $this->db->quote(session_id());
      $ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
      $sql = "SELECT * FROM member WHERE " .
               "(username = $username) AND (cookie = $cookie) AND " .
               "(session = $session) AND (ip = $ip)";
      $result = $this->db->getRow($sql);

      if (is_object($result)) {
            $this->_setSession($result, false, false);}
      else {
            $this->_logout();}
}

function _checkRemembered($cookie) {
//echo '_checkRemembered<br>';
      list($username, $cookie) = @unserialize($cookie);
      
      if (!$username or !$cookie) return;
      
      $username = $this->db->quote($username);
      $cookie = $this->db->quote($cookie);
      $sql = "SELECT * FROM member WHERE " .
                  "(username = $username) AND (cookie = $cookie)";
      $result = $this->db->getRow($sql);

      if (is_object($result) ) {
            $this->_setSession($result, true);}
}

function session_defaults() {
//echo 'session_defaults<br>';
      $_SESSION['logged'] = false;
      $_SESSION['uid'] = 0;
      $_SESSION['username'] = '';
      $_SESSION['cookie'] = 0;
      $_SESSION['remember'] = false;
      $_SESSION['error'] = false;
}

/****************************************************************/
/***** Everything From Here Should Be Within the User Class *****/
/****************************************************************/
class User {
      var $db = null; // PEAR::DB pointer
      var $failed = false; // failed login attempt
      var $date; // current date GMT
      var $id = 0; // the current user's id

      function User(&$db) {
            $this->db = $db;
            $this->date = $GLOBALS['date'];
//echo 'User function<br>';
            if ($_SESSION['logged']) {
                  $this->_checkSession();}
            elseif (isset($_COOKIE['mtwebLogin'])) {
                  $this->_checkRemembered($_COOKIE['mtwebLogin']);}
      }


function _checkLogin($username, $password, $remember) {
//echo '_checkLogin<br>';
//echo 'username='.$username.'<br>';
//echo 'password='.$password.'<br>';
      $username = $this->db->quote($username);
      $password = $this->db->quote($password);
      $sql = "SELECT * FROM account WHERE " .
      "act_email = $username AND " .
      "act_password = $password";
      $result = $this->db->getRow($sql);
//echo '_checkLogin2<br>';
      if ( is_object($result) ) {
            $this->_setSession($result, $remember);
            header ('Location: reports.php');
//echo '<br>LOGIN SUCCESSFUL<br><br>';
            return true;}
      else {
            $_SESSION['error'] = true;
            $this->failed = true;
//echo '<br>FAILED LOGIN<br><br>';
            $this->_logout();
            return false;}
}

function _setSession(&$values, $remember, $init = true) {
//echo '_setSession<br>';
//echo $_SESSION['uid'].'<br>';
      $this->act_id = $values->act_id;
      $_SESSION['uid'] = $this->act_id;
      $_SESSION['username'] = htmlspecialchars($values->act_email);
      $_SESSION['cookie'] = $values->act_cookie;
      $_SESSION['logged'] = true;
//echo $_SESSION['uid'];
//echo $remember.'<br>';
      if ($remember) {
            $this->updateCookie($values->act_cookie, true);}
 
      if ($init) {
            $session = $this->db->quote(session_id());
            $ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
            $sql = "UPDATE account SET act_session = $session, act_ip = $ip WHERE " .
                        "act_id = $this->id";
            $this->db->query($sql);}
}

function updateCookie($cookie, $save) {
//echo 'updateCookie<br>';
      $_SESSION['cookie'] = $cookie;
      if ($save) {
            $cookie = serialize(array($_SESSION['username'], $cookie));
//echo $cookie.'<br>';
            setcookie('softwareValidationLogin', $cookie, time() + 31104000);}
}

function _logout() {
//echo '_logout<br>';
      session_defaults();
}
}
/****************************/
/***** End of Functions *****/
/****************************/

?>
0
TheGtrsR1
Asked:
TheGtrsR1
  • 3
1 Solution
 
TheGtrsR1Author Commented:
I just figured out that I'm not actually obtaining anything from session_id() on the login page. I don't know what that means is going wrong.
0
 
ldbkuttyCommented:
1. Put session_start(); at the top of the pages where you access SESSION variables.

2. >> Once I redirect them to the filename.php page the session variables are no longer available. <<

Before redirecting the page, write and close the session data using session_write_close().

Example:

<?php
session_start();

/* your stuff here */

// Write and close the session data.
session_write_close();

// Now redirect the page.
header("Location: filename.php");

// Make sure you have exit next to header() command.
exit();
?>
0
 
TheGtrsR1Author Commented:
I'm still not getting any session variables in that second page. I can do an echo right after the session_write_close(); and get the correct value but once I do that redirect I don't get any session variables. I have a feeling it has something to do with the php.ini but I've changed everything I could find.
0
 
TheGtrsR1Author Commented:
Idbkutty, thank you for your help it actually ended up being session_start(); needed to be on the database.php page. Thought I had done that before...but apparently not. Thanks again.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now