[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 436
  • Last Modified:

Why am I having PHP session problems?

Hello:

I am building upon a site that I didn't create, adding back-end functionality using PHP/MySQL.  I created a PHP file that is an include on each page.  For some reason... the sessions are very sporadic.  Sometimes it will work, and sometimes it doesn't.  Can someone please look at my code, and tell me what I am doing wrong?

Basically... I am building a login form for users to authenticate.

If you need additional information... please let me know, and I will get it to you promptly.

Thank you...
<?php
	//error_reporting(E_ALL);
	session_start();
	ini_set('session.use_cookies',0);
	
	if ($_GET['mode'] == "logout")
	{
		session_unset(); 
		session_destroy();
	}
	if ($_GET['mode'] == "logout" && $_GET['id'] == "") {
		$webpage = str_replace("?mode=logout","",$_SERVER['REQUEST_URI']);
		header("Location: http://www.stlouisata.com".$webpage);
	} 
	if ($_GET['mode'] == "logout" && $_GET['id'] != "") {
		$webpage = str_replace("&mode=logout","",$_SERVER['REQUEST_URI']);
		header("Location: http://www.stlouisata.com".$webpage);
	}
 
	include("dbconnect.php");
	// list expected fields
	$expected = array('userid', 'userpass');
	// set required fields
	$required = array('userid', 'userpass');
	// create empty array for any missing fields
	$missing = array();
 
	foreach ($_POST as $key => $value) {
		$temp = is_array($value) ? $value : trim($value);
		if (empty($temp) && in_array($key, $required)) {
			array_push($missing, $key);
		}
		elseif (in_array($key, $expected)) {
			${$key} = $temp;
		}
	}
 
	if (isset($missing) && empty($missing)) {
		$usersignincheck		 = "SELECT pp.uid, pp.aid, pp.PFName, pp.PLName, pp.eaddress, pp.upassword, p.PID, p.TotalATAPoints, p.MSEATAPoints, p.CMATAPoints, p.MW, p.ML, p.SW, p.SL, p.GW, p.GL, p.TourStatus, p.TourNotes FROM players pp, profiles p WHERE pp.eaddress='".$_POST['userid']."' AND pp.upassword=PASSWORD('".$_POST['userpass']."') LIMIT 0,1";
 
		$usersignincheckresult   = mysql_query($usersignincheck);
		$usersigninchecknum_rows = mysql_num_rows($usersignincheckresult);
 
		if($usersigninchecknum_rows == 1)
		{
			session_start();
			while($usersignincheckrow = mysql_fetch_array($usersignincheckresult))
			{
				$_SESSION["mysetting"]				 = 1;
				$_SESSION["sessionpid"]				 = $usersignincheckrow['PID'];
				$_SESSION["sessionuid"]				 = $usersignincheckrow['uid'];
				$_SESSION["sessionaid"]				 = $usersignincheckrow['aid'];
				$_SESSION["sessionpfname"]			 = $usersignincheckrow['PFName'];
				$_SESSION["sessionplname"]			 = $usersignincheckrow['PLName'];
				$_SESSION["sessiontotalata"]		 = $usersignincheckrow['TotalATAPoints'];
				$_SESSION["sessionmseata"]			 = $usersignincheckrow['MSEATAPoints'];
				$_SESSION["sessioncmata"]			 = $usersignincheckrow['CMATAPoints'];
				$_SESSION["sessionmw"]			     = $usersignincheckrow['MW'];
				$_SESSION["sessionml"]  			 = $usersignincheckrow['ML'];
				$_SESSION["sessionsw"]  			 = $usersignincheckrow['SW'];
				$_SESSION["sessionsl"]  			 = $usersignincheckrow['SL'];
				$_SESSION["sessiongw"]			     = $usersignincheckrow['GW'];
				$_SESSION["sessiongl"]			     = $usersignincheckrow['GL'];
				$_SESSION["sessiontourstatus"]   	 = $usersignincheckrow['TourStatus'];
				$_SESSION["sessiontournotes"]		 = $usersignincheckrow['TourNotes'];
				$_SESSION["sessionustanum"]			 = $usersignincheckrow['USTAnum'];
				$_SESSION["sessionustarating"]		 = $usersignincheckrow['USTArating'];
				$_SESSION["sessiondatejoined"]		 = $usersignincheckrow['DATEjoined'];
				$_SESSION["sessionbirthdate"]   	 = $usersignincheckrow['BIRTHdate'];
				$_SESSION["sessionbirthplace"]		 = $usersignincheckrow['BIRTHplace'];
				$_SESSION["sessionhanded"]			 = $usersignincheckrow['PLAYShanded'];
				$_SESSION["sessionclothing"]		 = $usersignincheckrow['CLOTHINGpref'];
				$_SESSION["sessionracketpref"]	     = $usersignincheckrow['RACKETpref'];
				$_SESSION["sessionhomecourts"]		 = $usersignincheckrow['HOMEcourts'];
				$_SESSION["sessionbestresults"]		 = $usersignincheckrow['BESTresults'];
				$_SESSION["sessioneaddress"]		 = $usersignincheckrow['eaddress'];
				$_SESSION["sessionpass"]		     = $usersignincheckrow['upassword'];
				$phpsessid = session_id();
			}
		}
	} 
?>

Open in new window

0
charleswelton
Asked:
charleswelton
2 Solutions
 
cdaugustinCommented:
Just a quick guess, try error_reporting(0); at the begining of the file also look in the files where you include the above code and see if theres any output (blank lines etc) getting out before the session_start() fcall
0
 
nplibCommented:
I had a problem similar, and it was if I created the sesstion in say http://mysite.com then navigate to http://www.mysite.com/page.php, the session was not there, but if I removed the www and had only http://mysite.com/page.php again it worked.   PHP see www.mysite.com and mysite.com as two different domains, therefore the session information can't be passed between them. Just check to make sure that that isn't the reason why.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Ray PaseurCommented:
Whenever you use header("Location:..."); you must be aware that this is a synchronous statement and YOUR SCRIPT GOES RIGHT ON RUNNING!  You almost certainly want to put "exit;" right after those redirect statements.

Also, please see this teaching example of how to set the session cookie so it is available to multiple subdomains - such as is the case in http://domain.com vs http://www.domain.com

Best regards, ~Ray
<?php // RAY_session_cookie_domain.php
// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS
error_reporting(E_ALL);
 
 
// GET DOMAIN WITHOUT WWW
$host = eregi_replace('^WWW', '', "$_SERVER[HTTP_HOST]");
 
// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
	setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);
}
 
 
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;
 
 
// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
$gost = substr($host,1); // STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php';
$www_link = 'http://www' . $host . '/RAY_dump_session.php';
 
echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>\n";
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>\n";
 
 
// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo "\n\n";
echo "SESSION ";
var_dump($_SESSION);
 
echo "</pre>\n";
 
 
 
?>
<form method="post">
<input type="submit" value="CLICK ME" />
</form>

Open in new window

0
 
charlesweltonAuthor Commented:
Okay... I greatly appreciate all of the suggestions above, but none of them really helped my situation.  Before you look at the code snippets... let me explain the story.  There is a guy that I know, who built the site.  The URL is http://www.stlouisata.com.  He built the site using a WYSIWYG editor... since he knows nothing about HTML.  He is wanting to continue to maintain the site himself and add more static pages, but he knew I did stuff with websites, and wanted to know if I would build-on some functionality that would allow a person to login, edit his/her profile... etc.  So... the URL to the stuff I am working on is... http://www.stlouisata.com/beta/test.php.
 
Now... earlier last year, I built a site for someone and implemented a login form, and I was able to implement PHP sessions with no problem.  But this site is giving me fits.  The session variables seem to lose their values when I leave the page, or simply do a refresh.  Try testing http://www.stlouisata.com/beta/test.php using both IE and FireFox.  Test the login using the following two accounts:
 
santi_beltran@hotmail.com (this is just a regular level account)
welcome
 
charleswelton@gmail.com  (this is an "admin" level account)
test12

Below in the code snippet section, I pasted code from SESSIONHEADER.php, SIGNIN.php, ADDPLAYER.php, and FOOTER.php.
*** SESSIONHEADER.PHP ***
*************************
 
<?php
	ob_start();
	if(session_id() == ""){
		session_start();
		header("Cache-control: private"); //IE 6 Fix
	}
	
	if ($_GET['mode'] == "logout")
	{
		$_SESSION = array();
		session_destroy(); 
	}
	include("dbconnect.php");
 
	// list expected fields
	$expected = array('userid', 'userpass');
	// set required fields
	$required = array('userid', 'userpass');
	// create empty array for any missing fields
	$missing = array();
 
	foreach ($_POST as $key => $value) {
		$temp = is_array($value) ? $value : trim($value);
		if (empty($temp) && in_array($key, $required)) {
			array_push($missing, $key);
		}
		elseif (in_array($key, $expected)) {
			${$key} = $temp;
		}
	}
	
	if(isset($_POST["btnSign"]))
	{
		$_SESSION['username'] = mysql_real_escape_string($_POST['userid']); 
		$_SESSION['password'] = mysql_real_escape_string($_POST['userpass']);
		$usersignincheck	  = "SELECT pp.uid, pp.aid, pp.PFName, pp.PLName, pp.eaddress, pp.upassword, p.PID, p.TotalATAPoints, p.MSEATAPoints, p.CMATAPoints, p.MW, p.ML, p.SW, p.SL, p.GW, p.GL, p.TourStatus, p.TourNotes FROM players pp, profiles p WHERE pp.eaddress='".$_SESSION['username']."' AND pp.upassword=PASSWORD('".$_SESSION['password']."') LIMIT 0,1";
 
		$usersignincheckresult   = mysql_query($usersignincheck);
		$usersigninchecknum_rows = mysql_num_rows($usersignincheckresult);
 
		$_SESSION["checknumrows"] = $usersigninchecknum_rows;
 
		if($usersigninchecknum_rows == 1 || $_SESSION["checknumrows"] == 1)
		{
			while($usersignincheckrow = mysql_fetch_array($usersignincheckresult))
			{
				$_SESSION["mysetting"]				 = 1;
				$_SESSION["sessionpid"]				 = $usersignincheckrow['PID'];
				$_SESSION["sessionuid"]				 = $usersignincheckrow['uid'];
				$_SESSION["sessionaid"]				 = $usersignincheckrow['aid'];
				$_SESSION["sessionpfname"]			 = $usersignincheckrow['PFName'];
				$_SESSION["sessionplname"]			 = $usersignincheckrow['PLName'];
				$_SESSION["sessiontotalata"]		 = $usersignincheckrow['TotalATAPoints'];
				$_SESSION["sessionmseata"]			 = $usersignincheckrow['MSEATAPoints'];
				$_SESSION["sessioncmata"]			 = $usersignincheckrow['CMATAPoints'];
				$_SESSION["sessionmw"]			     = $usersignincheckrow['MW'];
				$_SESSION["sessionml"]  			 = $usersignincheckrow['ML'];
				$_SESSION["sessionsw"]  			 = $usersignincheckrow['SW'];
				$_SESSION["sessionsl"]  			 = $usersignincheckrow['SL'];
				$_SESSION["sessiongw"]			     = $usersignincheckrow['GW'];
				$_SESSION["sessiongl"]			     = $usersignincheckrow['GL'];
				$_SESSION["sessiontourstatus"]   	 = $usersignincheckrow['TourStatus'];
				$_SESSION["sessiontournotes"]		 = $usersignincheckrow['TourNotes'];
				$_SESSION["sessionustanum"]			 = $usersignincheckrow['USTAnum'];
				$_SESSION["sessionustarating"]		 = $usersignincheckrow['USTArating'];
				$_SESSION["sessiondatejoined"]		 = $usersignincheckrow['DATEjoined'];
				$_SESSION["sessionbirthdate"]   	 = $usersignincheckrow['BIRTHdate'];
				$_SESSION["sessionbirthplace"]		 = $usersignincheckrow['BIRTHplace'];
				$_SESSION["sessionhanded"]			 = $usersignincheckrow['PLAYShanded'];
				$_SESSION["sessionclothing"]		 = $usersignincheckrow['CLOTHINGpref'];
				$_SESSION["sessionracketpref"]	     = $usersignincheckrow['RACKETpref'];
				$_SESSION["sessionhomecourts"]		 = $usersignincheckrow['HOMEcourts'];
				$_SESSION["sessionbestresults"]		 = $usersignincheckrow['BESTresults'];
				$_SESSION["sessioneaddress"]		 = $usersignincheckrow['eaddress'];
				$_SESSION["sessionpass"]		     = $usersignincheckrow['upassword'];
				$phpsessid = session_id();
				echo $_SESSION["sessionaid"];
			}
		}
	}
	
	if($_SESSION["mysetting"] == 1)
	{
		include("signin.php");
	}
?>
 
 
**********************************************************************
*** SIGNIN.PHP ***
******************
 
<?php 
if($_SESSION["mysetting"] != 1)
 {
	if ($_POST['btnSign'] && isset($missing) && in_array('userid', $missing)) {
		echo "<div style='font-family: verdana, arial, sans-serif; font-size: 11px; color: red; font-weight: bold;'>&nbsp;&nbsp;&nbsp;&nbsp;Please enter your User ID!</div>";
	}
	if ($_POST['btnSign'] && isset($missing) && in_array('userpass', $missing)) {
		echo "<div style='font-family: verdana, arial, sans-serif; font-size: 11px; color: red; font-weight: bold;'>&nbsp;&nbsp;&nbsp;&nbsp;Please enter your password!</div>";
	}
	if ($_POST['btnSign'] && isset($missing) && empty($missing) && ($usersigninchecknum_rows == 0)) {
		echo "<div style='font-family: verdana, arial, sans-serif; font-size: 11px; color: red; font-weight: bold;'>&nbsp;&nbsp;&nbsp;&nbsp;Sorry... either your User ID or password is incorrect!</div>";
	}
 
    echo "<form name='signinform' method='post' action='$pagename'>";
	echo "<table width='900' cellpadding='1' cellspacing='1' border='0'>";
	echo "<tr><td width='40%'>&nbsp;</td><td width='10%'><span style='font-family: verdana, arial, sans-serif; font-size: 12px; color: #000000; font-weight: bold;'>User ID:</span></td><td><input name='userid' type='text' size='25' "; 
		
		if (isset($missing)) { 
			echo 'value="'.htmlentities($_POST['userid']).'"';
		}
		
	echo "></td></tr>";
	echo "<tr><td width='40%'>&nbsp;</td><td width='10%'><span style='font-family: verdana, arial, sans-serif; font-size: 12px; color: #000000; font-weight: bold;'>Password:</span></td><td><input name='userpass' type='password' size='25' "; 
		
		if (isset($missing)) { 
			echo 'value="'.htmlentities($_POST['userpass']).'"';
		}
		
	echo "></td></tr>";
	echo "<tr><td width='40%'>&nbsp;</td><td width='10%'>&nbsp;</td><td><input type='submit' name='btnSign' value='Sign In'>&nbsp;<input type='reset' name='btnReset' value='Reset'></td></tr>";
	echo "</table>";
	echo "</form>";
 }
?>
 
 
 
**********************************************************************
*** ADDPLAYER.PHP ***
*********************
 
<?php
	include("sessionheader.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv=Content-Type content="text/html; charset=ISO-8859-1"><title>2009 ATA TMS NTRP MS HOME</title><meta name="viewport" content="width = 1250, mimimum-scale = 0.25, maximum-scale = 1.60"><meta name="generator" content="Freeway 5 Pro 5.2.0"><style type="text/css"><!-- 
body { margin:0px; background-color:#fff; height:100% }
html { height:100% }
img { margin:0px; border-style:none }
button { margin:0px; border-style:none; padding:0px; background-color:transparent; vertical-align:top }
p:first-child { margin-top:0px }
table { empty-cells:hide }
.f-sp { font-size:1px; visibility:hidden }
.f-lp { margin-bottom:0px }
.f-fp { margin-top:0px }
.f-x1 {  }
.f-x2 {  }
.f-x3 {  }
a:link { color:#306; text-decoration:none }
a:visited { color:#306; text-decoration:none }
a:hover { color:#306; text-decoration:none }
a:active { color:#306; text-decoration:none }
#item2 a:link { text-decoration:none }
#item2 a:visited { text-decoration:none }
#item2 a:hover { text-decoration:none }
#item2 a:active { text-decoration:none }
.style27 { font-family:Baskerville Old Face; font-size:12px }
.style96 { font-family:Baskerville Old Face; font-size:11px }
.style93 { font-size:11px }
#fwNav1 { float:left; margin:0; padding:0; list-style:none; border:2px Solid #9966CC;  }
#fwNav1 li, #fwNav1 dd { display:inline; float:left; width:7em; padding:0; border-left:1px Solid #9966CC; position:relative; margin:0; }
#fwNav1 li:first-child, #fwNav1 dd:first-child { border-left:0; }
#fwNav1 li a, #fwNav1 dd a { display:block; padding:3px 10px 3px 10px; text-decoration:none; color:#FFFFFF; background:#330066;  }
#fwNav1 li a.fwCurrent, #fwNav1 dd a.fwCurrent { background:#9966CC; color:#FFFFFF; }
#fwNav1 li a:hover, #fwNav1 dd a:hover { background:#330066; color:#FFFFFF; text-decoration:none;  }
#fwNav1 * ol, #fwNav1 * ul, #fwNav1 * dl { left:-1px; top:auto; width:7em; position:absolute; visibility:hidden; margin:0; padding:0; list-style:none; border:2px Solid #9966CC;  }
#fwNav1 * .fwFirstList { left:-2px; }
#fwNav1 * * * .fwFirstList { left:7em ; top:-2px; }
#fwNav1 * * li, #fwNav1 * * dd { width:7em; border-left:0; border-top:1px Solid #9966CC; }
#fwNav1 * * li a, #fwNav1 * * dd a { display:block; text-decoration:none; color:#FFFFFF; background:#330066;  }
#fwNav1 * * li a.fwCurrent, #fwNav1 * * dd a.fwCurrent	{ color:#FFFFFF; background:#9966CC;  }
#fwNav1 * * li a:hover, #fwNav1 * * dd a:hover { color:#FFFFFF; background:#330066; text-decoration:none;  }
#fwNav1 li.fwFirstChild { border-left:0; }
#fwNav1 * * * ul, #fwNav1 * * * dl, #fwNav1 * * * ol { position:absolute; right:auto; left:7em; top:-1px; visibility:hidden; margin:0; padding:0; list-style-type:none;  }
#fwNav1 * * * * li a, #fwNav1 * * * * dd a { border-left:0; }
#fwNav1 * * li.fwFirstChild, #fwNav1 * * dd.fwFirstChild { border-top:0; }
* html #fwNav1 li { float:left; height:1%; }
* html #fwNav1 li a { height:1%; }
*.over *#fwSub1 { visibility:visible; }
*.over1 *#fwSub2{ visibility:visible; }
#fwNav1 *:hover > ul, #fwNav1 *:hover > ol, #fwNav1 *:hover > dl { visibility:visible; }
 
.fwMainPointer1 {position:absolute; width:10px; height:10px; right:5px; top:25%}
 
.fwSubPointer1 {position:absolute; width:10px; height:10px; right:5px; top:25%}--></style>
<!--[if lt IE 7]><link rel=stylesheet type="text/css" href="css/ie6.css"><![endif]-->
<script type="text/javascript">//<![CDATA[
var usingIEFix = false;
//]]></script>
 
<!--[if lt IE 7]>
<script type="text/javascript">//<![CDATA[
usingIEFix = true;
//]]></script>
<![endif]-->
<script type="text/javascript">//<![CDATA[
function FWStripFileFromFilterString(filterString)
{
	var start,end;
	var strSrc = "src='";
	var strRes = "";
 
	start = filterString.indexOf(strSrc);
 
	if(start != -1)
	{
		start += strSrc.length;
		
		end = filterString.indexOf("',",start);
		if(end != -1)
		{
			strRes = filterString.substring(start,end);
		}
	}
 
	return strRes;
}
 
var fwIsNetscape = navigator.appName == 'Netscape';
 
fwLoad = new Object;
function FWLoad(image)
{
	if (!document.images)
		return null;
	if (!fwLoad[image])
	{
		fwLoad[image]=new Image;
		fwLoad[image].src=image;
	}
	return fwLoad[image].src;
}
 
fwRestore = new Object;
function FWRestore(msg,chain) 
{
	if (document.images) 
		for (var i in fwRestore)
		{
			var r = fwRestore[i];
			if (r && (!chain || r.chain==chain) && r.msg==msg)
			{
				r.src = FWLoad(r.old);
				fwRestore[i]=null;
			}
		}
}
 
function FWLSwap(name,msg,newImg,layer,chain,trigger) 
{
	var r = fwRestore[name];
	if (document.images && (!r || r.msg < msg)) 
	{
		var uselayers = fwIsNetscape && document.layers && layer != '';
		var hld;
		if (uselayers)
			hld = document.layers[layer].document;
		else
			hld = document;
		var im = hld.getElementById(name);
		if (!im.old)
		{
			if(usingIEFix && im.runtimeStyle.filter)
				im.old = FWStripFileFromFilterString(im.runtimeStyle.filter);
			else
				im.old = im.src;
		}
		
		im.msg = msg;
		im.chain = chain;
		im.trigger = trigger;
		if (newImg) im.src = FWLoad(newImg);
		fwRestore[name] = im;
	}
}
 
function FWCallHit(func,targNum,msg)
{
	if(func)
		for (var i in func)
			func[i](targNum,msg);
}
function FW_Hit(frameset,chain,targNum,msg)
{
	if (frameset && frameset.length)
		for (var i=0 ; i <frameset.length ; i++)
		{
			try
			{
				FW_Hit(frameset[i].frames,chain,targNum,msg);
				FWCallHit(top["FT_"+chain],targNum,msg);
				FWCallHit(frameset[i].window["FT_"+chain],targNum,msg);
			}
			catch(err)
			{
			}
		}
	else
		FWCallHit(window["FT_"+chain],targNum,msg);
}
 
fwHit = new Object;
function FWSlave(frameset,chain,targNum,msg)
{
	if (msg==1) fwHit[chain]=targNum;
	FW_Hit(frameset,chain,targNum,1);
}
 
function FWSRestore(frameset,chain)
{
	var hit=fwHit[chain];
	if (hit)
		FW_Hit(frameset,chain,hit,0);
	fwHit[chain]=null;
}
function FWPreload(){FWLoad("../Resources/tennisball1a1.jpeg");FWLoad("../Resources/TMSEVENT1.jpg");FWLoad("../Resources/tennisball1a.jpeg");FWLoad("../Resources/TMSEVENT3.jpg");FWLoad("../Resources/tennisball.jpeg");FWLoad("../Resources/TMSEVENT2.jpg");FWLoad("../Resources/TMSEVENT4.jpg");FWLoad("../Resources/TMSEVENT5.jpg");FWLoad("../Resources/TMSEVENT6.jpg");FWLoad("../Resources/tennisball1b1a1a.jpeg");FWLoad("../Resources/TMSEVENT7CUP.jpg");FWLoad("../Resources/tms2009janfeb.jpeg");FWLoad("../Resources/tms2009marapr.jpeg");FWLoad("../Resources/tms2009may.jpeg");FWLoad("../Resources/tms2009june.jpeg");FWLoad("../Resources/tms2009july.jpeg");FWLoad("../Resources/tmsntrpms2009aug.jpeg");FWLoad("../Resources/tms2009septa.jpeg");FWLoad("../Resources/item2b1a1a1b1a.gif");FWLoad("../Resources/TMSNTRPMS2009JANFEB.jpg");FWLoad("../Resources/item2b1a1a1b1aa.gif");}
function FWLHitSwap(layer,name,num)
{
	var image = arguments[num+3];
	if (document.images && image)
	{
		var uselayers = fwIsNetscape && document.layers && layer != '';
		var hld;
		if (uselayers)
			hld = document.layers[layer].document;
		else
			hld = document;
		hld.getElementById(name).src = FWLoad(image);
	}
}
window.onload = function(){  FWPreload(); }//]]></script>
<!--[if lt IE 7]>
<script type="text/javascript">
//<![CDATA[
function FWAddClassNames(node)
{
	if(FWIsListItem(node, "items"))
	{
		var depth = FWFindDepth(node);
		node.onmouseover=function() { this.className+=' over'+(depth == 1?'':(depth-1));
			FWIsListItem(this.lastChild, "blocks")?this.lastChild.id = "fwSub"+depth:""; }
		node.onmouseout=function() { this.className=this.className.replace(' over'+(depth == 1?'':depth-1), "");
			FWIsListItem(this.lastChild, "blocks")?this.lastChild.id = "":""; }
	}
	if(node.nextSibling) 
		FWAddClassNames(node.nextSibling);
}
 
function FWIsListItem(node, listType)
{
	var blocks = ["UL", "OL", "DL"];
	var items = ["LI", "DD"];
	if(listType == "blocks")
	{
		if(blocks.toString().search(node.nodeName) != -1) 
			return true;
	}
	else if(listType == "items")
	{
		if(items.toString().search(node.nodeName) != -1)
			return true;
	}
	else
	{
		if(blocks.toString().search(node.nodeName) != -1 || items.toString().search(node.nodeName) != -1)
			return true;
	}
	return false;
}
 
function FWFindDepth(node)
{
	currentNode = node;
	depth = 0;
	while(FWIsListItem(currentNode.parentNode, "all"))
	{
		if(FWIsListItem(currentNode.parentNode, "blocks")) 
			depth++;
		currentNode = currentNode.parentNode;
	}
	return depth;
}
 
function FWStartList()
{
	var listTypes = ['OL','UL','DL'];
	var nodes = [];
	for(i=0; i<3; i++)
	{
		var temp = document.getElementsByTagName(listTypes[i]);
		for(var j = 0;j<temp.length;j++)
			if(FWIsListItem(temp[j], "blocks")) 
				nodes.push(temp[j]);
	}
	for(i=0; i<nodes.length; i++) 
		FWAddClassNames(nodes[i].firstChild);
}
window.onload = function(){ FWStartList(); FWPreload(); }
//]]>
</script>
<![endif]-->
</head><body width="989"><div id="PageDiv" style="position:relative; min-height:100%"><table border=0 cellspacing=0 cellpadding=0 width=989><colgroup><col width=6><col width=62><col width=1><col width=62><col width=8><col width=849><col width=1></colgroup><tr valign=top><td height=2 colspan=6></td><td height=2></td></tr><tr valign=top><td height=1 colspan=5></td><td height=98 rowspan=3><img src="../Resources/item3ab.gif" border=0 width=849 height=98 alt="" usemap="#map1" style="float:left"></td><td height=1></td></tr><tr valign=top><td height=96></td><td height=96><a href="2009atatmsntrpws.html"><img src="../Resources/atalogowomen2009.jpeg" border=0 width=62 height=96 alt="" style="float:left"></a></td><td height=96></td><td height=96><a href="2009atatmsntrpms.html"><img src="../Resources/atalogomen20092a.jpeg" border=0 width=62 height=96 alt="" style="float:left"></a></td><td height=96></td><td height=96></td></tr><tr valign=top><td height=1 colspan=5></td><td height=1></td></tr><tr class="f-sp"><td><img src="../Resources/_clear.gif" border=0 width=6 height=1 alt="" style="float:left"></td><td><img src="../Resources/_clear.gif" border=0 width=62 height=1 alt="" style="float:left"></td><td><img src="../Resources/_clear.gif" border=0 width=1 height=1 alt="" style="float:left"></td><td><img src="../Resources/_clear.gif" border=0 width=62 height=1 alt="" style="float:left"></td><td><img src="../Resources/_clear.gif" border=0 width=8 height=1 alt="" style="float:left"></td><td><img src="../Resources/_clear.gif" border=0 width=849 height=1 alt="" style="float:left"></td><td height=42><img src="../Resources/_clear.gif" border=0 width=1 height=1 alt="" style="float:left"></td></tr></table><table border=0 cellspacing=0 cellpadding=0 width=619><colgroup><col width=306><col width=143><col width=2><col width=167><col width=1></colgroup><colgroup><col width=9><col width=979><col width=1></colgroup><tr><td>&nbsp;</td></tr></table>
 
 
<?php 
	$pagename = "addplayer.html";
	if(isset($_SESSION["mysetting"]))
	{
		if($_SESSION["mysetting"] == 1)
		{
			include("dbconnect.php");
			if($_SESSION["sessionaid"] == 2)
			{
				$viewplayerprofile       = "SELECT p.PID, pp.PFName, pp.PLName, pp.uid, p.TotalATAPoints, p.MSEATAPoints, p.CMATAPoints, p.MW, p.ML, p.SW, p.SL, p.GW, p.GL, p.TourStatus, p.TourNotes FROM profiles p, players pp WHERE pp.uid=p.uid";
				$viewplayerprofileresult = mysql_query($viewplayerprofile);
				$viewprofilenum_rows     = mysql_num_rows($viewplayerprofileresult);
 
				echo "<table width='900' cellpadding='0' cellspacing='0' border='1'>";
				echo "<tr><td colspan='2'>&nbsp;</td></tr>";
				echo "</table>";
 
 
				echo "<table width='900' cellpadding='0' cellspacing='0' border='1'>";
				echo "<tr><td>First Name:</td><td><input type='text' size='30' name='fname'></td></tr>";
				echo "<tr><td>Last Name:</td><td><input type='text' size='30' name='lname'></td></tr>";
				echo "<tr><td>E-Mail Address:</td><td><input type='text' size='30' name='usereaddress'></td></tr>";
				echo "<tr><td>Initial Password:</td><td><input type='password' size='30' name='initpassword'></td></tr>";
				echo "</table>";
			} else {
				echo "Sorry... you are not authorized to view page!  <a href='test.html'>Click here</a> to return back to main page.";
			}
 
		} 
	} else {
			include("signin.php");
	}
 
	include("footer.php");
?>
 
 
**********************************************************************
*** FOOTER.PHP ***
*********************
<table border=0 cellspacing=0 cellpadding=0 width=989>
<tr><td>&nbsp;</td></tr>
<tr valign=top><td height=30 rowspan=2></td><td height=8><img src="../Resources/item3ca.gif" border=0 width=979 height=8 alt="" style="float:left"></td><td height=8></td></tr>
<tr valign=top><td height=22><img src="../Resources/item3a1d.gif" border=0 width=979 height=22 alt="" usemap="#map2" style="float:left"></td><td height=22></td></tr><tr class="f-sp"><td><img src="../Resources/_clear.gif" border=0 width=9 height=1 alt="" style="float:left"></td><td><img src="../Resources/_clear.gif" border=0 width=979 height=1 alt="" style="float:left"></td><td height=1><img src="../Resources/_clear.gif" border=0 width=1 height=1 alt="" style="float:left"></td></tr></table><div id="item2" style="position:absolute; left:12.39px; top:104px; width:auto;  height:auto;  z-index:2;  overflow:visible; "><ul class="f-fp f-lp" id="fwNav1"><li class="fwFirstChild"><a href="#" style="cursor:default"><span class="style27">STANDINGS<br>&nbsp;</span></a><ul class="fwFirstList"><li class="fwFirstChild"><span class="style96"><a href="../2009atatmsntrpme.html">NTRP 4.0 <br>MEN <br>2009 RACE</a></span></li><li><span class="style27"><a href="../2009atatmsntrpma.html"><span class="style93">NTRP 4.0 <br>MEN <br>RANKINGS</span></a></span></li><li><span class="style96"><a href="../2009atatmsntrpmf.html">NTRP 4.5 <br>MEN <br>2009 RACE</a></span></li><li><span class="style27"><a href="../2009atatmsntrpmb.html"><span class="style93">NTRP 4.5 <br>MEN <br>RANKINGS</span></a></span></li><li><a href="#" style="cursor:default"><span class="style96">NTRP 4.0 WOMEN <br>2009 RACE</span></a></li><li><span class="style27"><a href="../2009atatmsntrpwa.html"><span class="style93">NTRP 4.0 WOMEN <br>RANKINGS</span></a></span></li><li><a href="#" style="cursor:default"><span class="style27"><span class="style93">NTRP 4.5 WOMEN <br>2009 RACE</span></span></a></li><li><span class="style27"><a href="../2009atatmsntrpwb.html"><span class="style93">NTRP 4.5 WOMEN <br>RANKINGS</span></a></span></li></ul></li><li><a href="#" style="cursor:default"><span class="style27">TOUR INFO<br>&nbsp;</span></a><ul><li class="fwFirstChild"><span class="style27"><a href="../2009atatmsrulesn.html">NTRP MEN RULES</a></span></li><li><span class="style27"><a href="../2009atatmsrulesa.html">NTRP WOMEN RULES</a></span></li><li><span class="style27"><a href="../2009atatmsntrpms.html">NTRP MEN SCHEDULE</a></span></li><li><span class="style27"><a href="../2009atatmsntrpws.html">NTRP WOMEN SCHEDULE</a></span></li></ul></li><li><a href="#" style="cursor:default"><span class="style27">PLAYER<br>PROFILES </span></a><ul><li class="fwFirstChild"><span class="style27"><a href="test.php?ntrp=4.0">NTRP 4.0<br>MEN</a></span></li><li><span class="style27"><a href="test.php?ntrp=4.5">NTRP 4.5<br>MEN</a></span></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.0<br>WOMEN</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP OPEN<br>WOMEN</span></a></li></ul></li><li><a href="#" style="cursor:default"><span class="style27"> 2009 RESULTS<br>&nbsp;</span></a><ul><li class="fwFirstChild"><a href="#" style="cursor:default"><span class="style27">NTRP MEN</span></a><ul class="fwFirstList"><li class="fwFirstChild"><a href="#" style="cursor:default"><span class="style27">TOUR EVENTS</span></a><ul class="fwFirstList"><li class="fwFirstChild"><span class="style27"><a href="2009atatmsntrpmc.html">NTRP 4.0, JAN</a></span></li><li><span class="style27"><a href="../2009atatmsntrpmg.html">NTPR 4.0, MAR</a></span></li><li><span class="style27"><a href="../2009atatmsntrpmi.html">NTRP 4.0, MAY</a></span></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.0, JUN</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.0, JUL</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.0, AUG</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.0, SEP</span></a></li><li><span class="style27"><a href="2009atatmsntrpmd.html">NTRP 4.5, FEB</a></span></li><li><span class="style27"><a href="../2009atatmsntrpmh.html">NTRP 4.5, APR</a></span></li><li><span class="style27"><a href="../2009atatmsmsntrp.html">NTRP 4.5, MAY</a></span></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.5, JUN</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.5, JUL</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.5, AUG</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.5, SEP</span></a></li></ul></li><li><span class="style27"><a href="../2009atatmschalle.html">TOUR 100 CHALLENGER</a></span></li></ul></li><li><a href="#" style="cursor:default"><span class="style27">NTRP WOMEN</span></a><ul><li class="fwFirstChild"><a href="#" style="cursor:default"><span class="style27">TOUR EVENTS NTRP</span></a><ul class="fwFirstList"><li class="fwFirstChild"><a href="#" style="cursor:default"><span class="style27">NTRP 4.0, JUN</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.0, JUL</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.0 AUG</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP 4.0 SEP</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP OPEN, JUN</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP OPEN, JUL</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP OPEN, AUG</span></a></li><li><a href="#" style="cursor:default"><span class="style27">NTRP OPEN, SEP</span></a></li></ul></li><li><a href="#" style="cursor:default"><span class="style27">TOUR 100 CHALLENGER</span></a></li></ul></li></ul></li><li><a href="#" style="cursor:default"><span class="style27">CHAMPIONS CLUB</span></a><ul><li class="fwFirstChild"><a href="#" style="cursor:default"><span class="style27">NTRP MEN</span></a><ul class="fwFirstList"><li class="fwFirstChild"><span class="style27"><a href="../2008atachampions.html">2008</a></span></li><li><span class="style27"><a href="../2009atatmschampi.html">2009</a></span></li></ul></li><li><span class="style27"><a href="../2009atatmschampa.html">NTRP WOMEN</a></span><ul><li class="fwFirstChild"><span class="style27"><a href="../2009atatmschampa.html">2009</a></span></li></ul></li></ul></li><li><a href="#" style="cursor:default"><span class="style27">TOUR <br>PICTURES</span></a><ul><li class="fwFirstChild"><a href="#" style="cursor:default"><span class="style27">NTRP MEN</span></a><ul class="fwFirstList"><li class="fwFirstChild"><span class="style27"><a href="../2008atatmstourpi.html">2008</a></span></li><li><span class="style27"><a href="../2009atatmstourpi.html">2009</a></span></li></ul></li><li><a href="#" style="cursor:default"><span class="style27">NTRP WOMEN</span></a><ul><li class="fwFirstChild"><span class="style27"><a href="2009atatmstourpa.html">2009</a></span></li></ul></li></ul></li><li><a href="#" style="cursor:default"><span class="style27">TOUR <br>ROSTER</span></a><ul><li class="fwFirstChild"><span class="style27"><a href="../2009atatmsroster.html">NTRP MEN</a></span></li><li><span class="style27"><a href="../2009atatmsrostea.html">NTRP WOMEN</a></span></li></ul></li><li><span class="style27"><a href="../2008ataweeklynew.html">ATA <br>NEWS</a></span></li></ul>
 
<div>
 
<?php
  if($_SESSION["mysetting"] == 1)
  {
	$fullname = $_SESSION['sessionpfname']." ".$_SESSION['sessionplname'];
	echo "<br /><br /><span style='font-family: verdana, arial, sans-serif; font-size: 11px; color: #000000; font-weight: bold;'>Welcome</span><span style='font-family: verdana, arial, sans-serif; font-size: 11px; color: #000000; font-weight: normal;'>, $fullname <b>|</b> <a href='$PHP_SELF?mode=logout' style='color:blue'>Logout</a>";
 
	if($_SESSION["sessionaid"] == 2)
	{
		echo " <b>|</b> <a href='addplayer.html' style='color:blue'>Player Administration</a>";
	}
	
	echo "</span>";
  }
?>
 
</div>

Open in new window

0
 
Ray PaseurCommented:
I have not read all the code yet, but I sympathize with the issue.

Here is what I would do.  First take the session_start() statement out of conditional logic.  Simply doing that will help reduce the risk of an error in the code.

The session cookie is getting set for the domain name with the www prepended to it, in other words, to a subdomain.  You can see the cookies in FF via the path Tools => Options => Privacy => Show Cookies.  Make your session start work like the code snippet and that will solve at least some of the potential issues.
// GET DOMAIN WITHOUT WWW
$host = eregi_replace('^WWW', '', "$_SERVER[HTTP_HOST]");
 
// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
	setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);
}

Open in new window

0
 
Ray PaseurCommented:
Next, in this code snippet, you can see the correct way to handle a logout.
<?php // RAY_logout.php
error_reporting(E_ALL);
 
 
define('COOKIE_LIFE', 60*60*24); // A 24-HOUR DAY IN SECONDS ( = 86,400 )
$cookie_expires	= time() - date('Z') - COOKIE_LIFE;
 
 
// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
$_SESSION = array();
 
// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
if (isset($_COOKIE[session_name()]))
{
   setcookie(session_name(), '', $cookie_expires, '/');
}
 
// TELL PHP TO ELIMINATE THE SESSION
session_destroy();
 
 
 
 
 
 
// CLEAR ALL COOKIES WITH THIS CODE
foreach ($_COOKIE as $key => $value)
{
   setcookie($key, '', $cookie_expires, '/');
}
 
 
 
 
 
// REDIRECT TO THE HOME PAGE
header("Location: /");
exit;
 
?>

Open in new window

0
 
Ray PaseurCommented:
Finally, this statement at line 41 in the snippet above is missing a key piece of the action.  A better way and IMHO necessary way to handle any MySQL query is to test for success and give an error message if it fails.

// FROM LINE 41 ABOVE
$usersignincheckresult   = mysql_query($usersignincheck);
 
// A BETTER PRACTICE
if (!$usersignincheckresult   = mysql_query($usersignincheck))
{
   $err = mysql_errno() . ' ' . mysql_error();
   echo "<br/>QUERY FAIL: $usersignincheck \n";
   die( $err );
}

Open in new window

0
 
charlesweltonAuthor Commented:
Thank you Ray for the extremely fast response.  I implemented all of the changes you suggested, and still getting the same result. :(  I have placed my updated code for SESSIONHEADER.php in the code snippet section below.

<?php
	ob_start();
	
	session_start();
 
	// GET DOMAIN WITHOUT WWW
	$host = eregi_replace('^WWW', '', "$_SERVER[HTTP_HOST]");
 
	// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
	$sess_name = session_name();
	if (session_start())
	{
		setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);
	}
	
	if ($_GET['mode'] == "logout")
	{
		error_reporting(E_ALL);
		define('COOKIE_LIFE', 60*60*24); // A 24-HOUR DAY IN SECONDS ( = 86,400 )
		$cookie_expires	= time() - date('Z') - COOKIE_LIFE;
 
		// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
		$_SESSION = array();
 
		// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
		if (isset($_COOKIE[session_name()]))
		{
			setcookie(session_name(), '', $cookie_expires, '/');
		}
 
		// TELL PHP TO ELIMINATE THE SESSION
		session_destroy();
 
		// CLEAR ALL COOKIES WITH THIS CODE
		foreach ($_COOKIE as $key => $value)
		{
			setcookie($key, '', $cookie_expires, '/');
		}
	}
 
	include("dbconnect.php");
 
	// list expected fields
	$expected = array('userid', 'userpass');
	// set required fields
	$required = array('userid', 'userpass');
	// create empty array for any missing fields
	$missing = array();
 
	foreach ($_POST as $key => $value) {
		$temp = is_array($value) ? $value : trim($value);
		if (empty($temp) && in_array($key, $required)) {
			array_push($missing, $key);
		}
		elseif (in_array($key, $expected)) {
			${$key} = $temp;
		}
	}
	
	if(isset($_POST["btnSign"]))
	{
		$_SESSION['username'] = mysql_real_escape_string($_POST['userid']); 
		$_SESSION['password'] = mysql_real_escape_string($_POST['userpass']);
		$usersignincheck	  = "SELECT pp.uid, pp.aid, pp.PFName, pp.PLName, pp.eaddress, pp.upassword, p.PID, p.TotalATAPoints, p.MSEATAPoints, p.CMATAPoints, p.MW, p.ML, p.SW, p.SL, p.GW, p.GL, p.TourStatus, p.TourNotes FROM players pp, profiles p WHERE pp.eaddress='".$_SESSION['username']."' AND pp.upassword=PASSWORD('".$_SESSION['password']."') LIMIT 0,1";
 
		$usersignincheckresult   = mysql_query($usersignincheck);
		$usersigninchecknum_rows = mysql_num_rows($usersignincheckresult);
 
		// A BETTER PRACTICE
		if (!$usersignincheckresult = mysql_query($usersignincheck))
		{
			$err = mysql_errno() . ' ' . mysql_error();
			echo "<br/>QUERY FAIL: $usersignincheck \n";
			die( $err );
		}
 
		$_SESSION["checknumrows"] = $usersigninchecknum_rows;
 
		if($usersigninchecknum_rows == 1 || $_SESSION["checknumrows"] == 1)
		{
			while($usersignincheckrow = mysql_fetch_array($usersignincheckresult))
			{
				$_SESSION["mysetting"]				 = 1;
				$_SESSION["sessionpid"]				 = $usersignincheckrow['PID'];
				$_SESSION["sessionuid"]				 = $usersignincheckrow['uid'];
				$_SESSION["sessionaid"]				 = $usersignincheckrow['aid'];
				$_SESSION["sessionpfname"]			 = $usersignincheckrow['PFName'];
				$_SESSION["sessionplname"]			 = $usersignincheckrow['PLName'];
				$_SESSION["sessiontotalata"]		 = $usersignincheckrow['TotalATAPoints'];
				$_SESSION["sessionmseata"]			 = $usersignincheckrow['MSEATAPoints'];
				$_SESSION["sessioncmata"]			 = $usersignincheckrow['CMATAPoints'];
				$_SESSION["sessionmw"]			     = $usersignincheckrow['MW'];
				$_SESSION["sessionml"]  			 = $usersignincheckrow['ML'];
				$_SESSION["sessionsw"]  			 = $usersignincheckrow['SW'];
				$_SESSION["sessionsl"]  			 = $usersignincheckrow['SL'];
				$_SESSION["sessiongw"]			     = $usersignincheckrow['GW'];
				$_SESSION["sessiongl"]			     = $usersignincheckrow['GL'];
				$_SESSION["sessiontourstatus"]   	 = $usersignincheckrow['TourStatus'];
				$_SESSION["sessiontournotes"]		 = $usersignincheckrow['TourNotes'];
				$_SESSION["sessionustanum"]			 = $usersignincheckrow['USTAnum'];
				$_SESSION["sessionustarating"]		 = $usersignincheckrow['USTArating'];
				$_SESSION["sessiondatejoined"]		 = $usersignincheckrow['DATEjoined'];
				$_SESSION["sessionbirthdate"]   	 = $usersignincheckrow['BIRTHdate'];
				$_SESSION["sessionbirthplace"]		 = $usersignincheckrow['BIRTHplace'];
				$_SESSION["sessionhanded"]			 = $usersignincheckrow['PLAYShanded'];
				$_SESSION["sessionclothing"]		 = $usersignincheckrow['CLOTHINGpref'];
				$_SESSION["sessionracketpref"]	     = $usersignincheckrow['RACKETpref'];
				$_SESSION["sessionhomecourts"]		 = $usersignincheckrow['HOMEcourts'];
				$_SESSION["sessionbestresults"]		 = $usersignincheckrow['BESTresults'];
				$_SESSION["sessioneaddress"]		 = $usersignincheckrow['eaddress'];
				$_SESSION["sessionpass"]		     = $usersignincheckrow['upassword'];
				$phpsessid = session_id();
				echo $_SESSION["sessionaid"];
			}
		}
	}
	
	if($_SESSION["mysetting"] == 1)
	{
		include("signin.php");
	}
?>

Open in new window

0
 
Ray PaseurCommented:
While I am looking the code over, please run this - it is possible, but unlikely, that the session mechanism is broken.  If the value does not increment with each click on the submit button, there is something wrong with the server.  
<?php // RAY_session_test.php
error_reporting(E_ALL);
 
// START THE SESSION (DO THIS FIRST IN EVERY PHP SCRIPT ON EVERY PAGE)
session_start();
 
// SEE IF THE SUBMIT BUTTON WAS CLICKED
if (isset($_POST['fred']))
{
 
// SEE IF THE CHEESE VARIABLE IS SET IN THE SESSION ARRAY
	if(!isset($_SESSION['cheese']))
	{
 
// IF CHEESE IS NOT SET, SET IT TO ONE
		$_SESSION['cheese'] = 1;
 
	} else {
 
// IF CHEESE IS SET, ADD ONE TO IT
		$_SESSION['cheese']++;
	}
}
// END OF SCRIPT
?>
<html><head><title>Session Test</title></head>
<body>
Currently, $_SESSION["cheese"] contains: <?php echo $_SESSION['cheese'] ?> <br/>
<form method="post">
<input type="submit" value="click" name="fred">
</form>
</body>
</html>

Open in new window

0
 
charlesweltonAuthor Commented:
Thanks again Ray.  I implemented the "RAY_session_test.php" page, and it correctly increments as expected.
0
 
Ray PaseurCommented:
That's good news.  There are a few changes I would suggest to this process - it seems like there are a lot of moving parts in this script and I might want to cut some of that down.  One way to do that would be to make the field names in the $_SESSION array be the same as the column names in the data base, or in the alternative just store the entire client record in one field of the $_SESSION array.

Here are a couple of changes you might want - just to put things in the right order.

But I am curious about line 112 in your post above where it says this:
$phpsessid = session_id();

What is the use of that variable?

More to follow...
<?php
	ob_start();
	
	session_start();
 
	// GET DOMAIN WITHOUT WWW
	$host = eregi_replace('^WWW', '', "$_SERVER[HTTP_HOST]");
 
	// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
	$sess_name = session_name();
	if (session_start())
	{
		setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);
	}
	
	if ($_GET['mode'] == "logout")
	{
		error_reporting(E_ALL);
		define('COOKIE_LIFE', 60*60*24); // A 24-HOUR DAY IN SECONDS ( = 86,400 )
		$cookie_expires	= time() - date('Z') - COOKIE_LIFE;
 
		// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
		$_SESSION = array();
 
		// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
		if (isset($_COOKIE[session_name()]))
		{
			setcookie(session_name(), '', $cookie_expires, '/');
		}
 
		// TELL PHP TO ELIMINATE THE SESSION
		session_destroy();
 
		// CLEAR ALL COOKIES WITH THIS CODE
		foreach ($_COOKIE as $key => $value)
		{
			setcookie($key, '', $cookie_expires, '/');
		}
		header("Location: /");
		exit;
	}
 
	include("dbconnect.php");
 
	// list expected fields
	$expected = array('userid', 'userpass');
	// set required fields
	$required = array('userid', 'userpass');
	// create empty array for any missing fields
	$missing = array();
 
	foreach ($_POST as $key => $value) {
		$temp = is_array($value) ? $value : trim($value);
		if (empty($temp) && in_array($key, $required)) {
			array_push($missing, $key);
		}
		elseif (in_array($key, $expected)) {
			${$key} = $temp;
		}
	}
	
	if(isset($_POST["btnSign"]))
	{
		$_SESSION['username'] = mysql_real_escape_string($_POST['userid']); 
		$_SESSION['password'] = mysql_real_escape_string($_POST['userpass']);
		$usersignincheck	  = "SELECT pp.uid, pp.aid, pp.PFName, pp.PLName, pp.eaddress, pp.upassword, p.PID, p.TotalATAPoints, p.MSEATAPoints, p.CMATAPoints, p.MW, p.ML, p.SW, p.SL, p.GW, p.GL, p.TourStatus, p.TourNotes FROM players pp, profiles p WHERE pp.eaddress='".$_SESSION['username']."' AND pp.upassword=PASSWORD('".$_SESSION['password']."') LIMIT 0,1";
 
		if (!$usersignincheckresult = mysql_query($usersignincheck))
		{
			$err = mysql_errno() . ' ' . mysql_error();
			echo "<br/>QUERY FAIL: $usersignincheck \n";
			die( $err );
		}
		$usersigninchecknum_rows = mysql_num_rows($usersignincheckresult);
  
		$_SESSION["checknumrows"] = $usersigninchecknum_rows;
 
		if($usersigninchecknum_rows == 1 || $_SESSION["checknumrows"] == 1)
		{
			while($usersignincheckrow = mysql_fetch_array($usersignincheckresult))
			{
				$_SESSION["mysetting"]				 = 1;
				$_SESSION["sessionpid"]				 = $usersignincheckrow['PID'];
				$_SESSION["sessionuid"]				 = $usersignincheckrow['uid'];
				$_SESSION["sessionaid"]				 = $usersignincheckrow['aid'];
				$_SESSION["sessionpfname"]			 = $usersignincheckrow['PFName'];
				$_SESSION["sessionplname"]			 = $usersignincheckrow['PLName'];
				$_SESSION["sessiontotalata"]		 = $usersignincheckrow['TotalATAPoints'];
				$_SESSION["sessionmseata"]			 = $usersignincheckrow['MSEATAPoints'];
				$_SESSION["sessioncmata"]			 = $usersignincheckrow['CMATAPoints'];
				$_SESSION["sessionmw"]			     = $usersignincheckrow['MW'];
				$_SESSION["sessionml"]  			 = $usersignincheckrow['ML'];
				$_SESSION["sessionsw"]  			 = $usersignincheckrow['SW'];
				$_SESSION["sessionsl"]  			 = $usersignincheckrow['SL'];
				$_SESSION["sessiongw"]			     = $usersignincheckrow['GW'];
				$_SESSION["sessiongl"]			     = $usersignincheckrow['GL'];
				$_SESSION["sessiontourstatus"]   	 = $usersignincheckrow['TourStatus'];
				$_SESSION["sessiontournotes"]		 = $usersignincheckrow['TourNotes'];
				$_SESSION["sessionustanum"]			 = $usersignincheckrow['USTAnum'];
				$_SESSION["sessionustarating"]		 = $usersignincheckrow['USTArating'];
				$_SESSION["sessiondatejoined"]		 = $usersignincheckrow['DATEjoined'];
				$_SESSION["sessionbirthdate"]   	 = $usersignincheckrow['BIRTHdate'];
				$_SESSION["sessionbirthplace"]		 = $usersignincheckrow['BIRTHplace'];
				$_SESSION["sessionhanded"]			 = $usersignincheckrow['PLAYShanded'];
				$_SESSION["sessionclothing"]		 = $usersignincheckrow['CLOTHINGpref'];
				$_SESSION["sessionracketpref"]	     = $usersignincheckrow['RACKETpref'];
				$_SESSION["sessionhomecourts"]		 = $usersignincheckrow['HOMEcourts'];
				$_SESSION["sessionbestresults"]		 = $usersignincheckrow['BESTresults'];
				$_SESSION["sessioneaddress"]		 = $usersignincheckrow['eaddress'];
				$_SESSION["sessionpass"]		     = $usersignincheckrow['upassword'];
				$phpsessid = session_id();
				echo $_SESSION["sessionaid"];
			}
		}
	}
	
	if($_SESSION["mysetting"] == 1)
	{
		include("signin.php");
	}
?>

Open in new window

0
 
Ray PaseurCommented:
You might want to add something this to every page footer.  It will help while you are debugging.
</body>
<?php
echo "<!--\n\n";
var_dump($_SESSION);
echo "\n\n-->\n";
?>
</html>

Open in new window

0
 
Ray PaseurCommented:
I mean "something like this" - I am the King of Typos!

But in a different and hopefully productive vein... consider getting this book.  It teaches a lot, including how to set up the registration and login scheme so that all you need to do to password protect a page is add one line of code like this:

access_control();

http://www.sitepoint.com/books/phpmysql1/

You can get it in PDF format right now and they will send you the hardcopy when it is reprinted.  It's good as a tutorial and reference - a permanent part of my professional library.

Best regards, ~Ray
0
 
charlesweltonAuthor Commented:
Thanks Ray.  I will look into buying that book.  I can always use more tutorial and reference materials!!!!  I did change my session variables to match the database array names.
0
 
charlesweltonAuthor Commented:
Ray... I think I have it figured out.  I did some more looking around the Internet, and found the following:

http://www.munkiihouse.com/?p=111

I did some looking around on the website where the site is hosted, and found some additional, specific information in regards to setting up PHP for sessions on their systems.  This is something I should have done from the beginning.  Apparently... the php.ini file did not specify a path for "session.save_path".  Once I created a folder for my sessions, and then pointed "session.save_path" to that folder, it has been working correctly.

I also want to give you a lot of the credit.  You showed me some better ways of doing things.  I greatly appreciate it.  I am sure you will see me post more issues here!

Thanks again...
0
 
charlesweltonAuthor Commented:
Thank you...
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now