We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
4 days, 2 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
php Session issues
Posted on 2011-09-07
I am trying to control access to some web site "back end" pages via session & session variables.
I am using a technique I have used on other sites & it has always worked perfectly, until now.
Maybe there is a change in php 5?
See attached php files.
The chk_login.php is used to check the validity of the login & go to the admin menu. The admin_menu.php is self-explanatory.
But they don't work. After the timeout, the admin_menu page is just a blank page with the <!DocTYPE and <html tags at the top, rest of page completely blank.
What's wrong?
Thanks
admin-menu.php
chk-login.php
I am using a technique I have used on other sites & it has always worked perfectly, until now.
Maybe there is a change in php 5?
See attached php files.
The chk_login.php is used to check the validity of the login & go to the admin menu. The admin_menu.php is self-explanatory.
But they don't work. After the timeout, the admin_menu page is just a blank page with the <!DocTYPE and <html tags at the top, rest of page completely blank.
What's wrong?
Thanks
admin-menu.php
chk-login.php
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4
- +1
7 Comments
Active 4 days ago
The correct design pattern for PHP client authentication is available in this article.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
Please read it over and have a look at the code samples. It is intentionally simplistic, but it is the foundation of "how it's done."
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
Please read it over and have a look at the code samples. It is intentionally simplistic, but it is the foundation of "how it's done."
Make sure the webpages are all under the same domain level directory. Session variables do not persist across domains.
potential problems for the admin-menu.php page
you cannot have any type of output to the browser before you do the session_start(), try moving that to before the doctype declaration. It is the same with any header information from php.
Check your ini file to see if you have short tags enabled otherwise you have to start php scripting with <?php not just <?
you cannot have any type of output to the browser before you do the session_start(), try moving that to before the doctype declaration. It is the same with any header information from php.
Check your ini file to see if you have short tags enabled otherwise you have to start php scripting with <?php not just <?
Active 4 days ago
Here is the chk-login.php script annotated with some comments. Error checking is important when you are running queries. MySQL is not a black box -- it can and will fail for reasons that are outside of your control. You would want to trap these failures and take appropriate action.
<? // THIS USES THE SHORT-OPEN TAG. SUGGEST YOU CONVERT TO THE FULL TAG LIKE <?php
// THIS NEEDS TO BE THE FIRST LINE OF EVERY SCRIPT
error_reporting(E_ALL);
// set up database
$Host = "db380492857.db.1and1.com";
$User = "dbo380492857";
$Password = "abcxyz";
$DBName = "db380492857";
// THE FOLLOWING INSTRUCTION CAN FAIL, AND MUST BE TESTED FOR SUCCESS
$Link = mysql_connect ($Host, $User, $Password);
// THE FIELDS HERE NEED TO BE ESCAPED
$qry = "SELECT * from admin where code = '" . $_POST['uc'] . "' and password = '" . $_POST['pwd'] . "'";
// THIS FUNCTION IS DEPRECATED - CHANGE IT. http://php.net/manual/en/function.mysql-db-query.php
$res = mysql_db_query ($DBName, $qry, $Link);
// HOW DO YOU KNOW WHAT VALUE IN IN $res? YOU HAVE TO TEST IT BEFORE YOU TRUST IT IN ANOTHER FUNCTION
$n = mysql_num_rows($res);
// WHAT WOULD YOU DO IF $n == 3? MAYBE YOU NEED A LIMIT IN THE QUERY
if ($n == 0) {
header("Location: login.php?bad=1");
exit;
}
// THE SESSION IS NOT STARTED UNLESS THE LOGIN IS SUCCESSFUL? THAT IS A RECIPE FOR CONFUSION
session_start();
$_SESSION['vavusr'] = $_POST['pwd'];
$_SESSION['user'] = $_POST['uc'];
$_SESSION['alast_used'] = time();
header("Location: admin_menu.php");
exit;
// THE ZEND CODING STANDARD RECOMMENDS ELIMINATING THE CLOSING PHP TAG. OMIT IT.
?>
Active 4 days ago
Regarding this, Session variables do not persist across domains.
I think the issue might be across sub-domains? That may or may not be true. If you need session variables to persist across sub-domains, it is easy enough to make it happen. You just have to set the session cookie yourself. If you do not set the session cookie yourself, the PHP session handler will set a cookie that does not persist across sub-domains. No cookie persists across domains - cookies are domain-specific.
I think the issue might be across sub-domains? That may or may not be true. If you need session variables to persist across sub-domains, it is easy enough to make it happen. You just have to set the session cookie yourself. If you do not set the session cookie yourself, the PHP session handler will set a cookie that does not persist across sub-domains. No cookie persists across domains - cookies are domain-specific.
Active 4 days ago
Same general comments apply to admin-menu.php -- you need to use error_reporting(E_ALL) to see what might be going on. You need to replace the deprecated code, etc. You might want to ask yourself why you are testing $tdiff and mucking up the client session. PHP has its own session timeout mechanism. I think I would use that instead or trying to write my own.
Active today
To Ray_Paseur:
Thank you for all your comments & your impressive tutorial on this general subject.
However, I have been successfully using the technique I described on other sites.
As it turns out, the comment by haloexpertsexchange:solved
Thank you for all your comments & your impressive tutorial on this general subject.
However, I have been successfully using the technique I described on other sites.
As it turns out, the comment by haloexpertsexchange:solved
Featured Post
WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Deprecated and Headed for the Dustbin
By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems. This article discusses one of those, called register_globals. It is a thing you do not want. …
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month4 days, 2 hours left to enroll
691 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.