Wrox Programmer Forums
Go Back   Wrox Programmer Forums > PHP/MySQL > PHP How-To
|
PHP How-To Post your "How do I do this with PHP?" questions here.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the PHP How-To section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old January 25th, 2007, 01:34 PM
Registered User
 
Join Date: Jan 2007
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Ok, this should work but it is not

I am making a login system for my web site and I have almost everything in place. My only problem is that it seems that my session info is not being passed between pages. I start the session at the beginning of each page I need to use it on, and have a login that compares the information to a mysql database. What I am trying to prevent is someone just coming along and typing the address of a "protected" page directly into a browser and getting to it without logging in. Which can happen right now because there is nothing in place that will check if the user is logged in already or not. That is why I am trying to use sessions. Here is the code that I have in my login page:

Code:
<?php
session_start();

$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

if(isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
 header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "upload.php");
 exit();
} else { 
 $logmsg   = "";
 $_SESSION['logged'] = 0;

 if (isset($_POST['login'])) {

   $username = isset($_POST['username']) ? trim($_POST['username']) : "";
   $password = isset($_POST['password']) ? trim($_POST['password']) : "";

   if ($username == "" OR $password == "") {
       $logmsg = "You must enter both a user name and a password to login.";
   } else {
     require_once('mysql_config.php');

     $connect = mysql_connect(SQL_HOST,SQL_USER,SQL_PASS) or die('Could not connect to the Database.' .mysql_error());    
     mysql_select_db(SQL_DB,$connect);

     $hashpw = hash("sha512",$password);

     $query = "SELECT user_name FROM login_info WHERE user_name = '$username' AND password = '$hashpw' LIMIT 1;";
     $result = mysql_query($query) or die(mysql_error());

     if (mysql_num_rows($result) == 1) {
       $_SESSION['username'] = $username;
       $_SESSION['password'] = $password;       
       $_SESSION['logged'] = 1;
       //$record = "Session logged: " .$_SESSION['logged'];
       header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "upload.php");
       exit();
     } else {
       $_SESSION['logged'] = 0;
       $logmsg = "<p><span style='color:#CC0000'><strong>The Username and Password you entered does not exist.</strong></span><br/>";
       $logmsg .= "You can contact our <a href='mailto:[email protected]'>Customer Service</a> department if you need help with your account.";
     }
   }        
 }
}
?>
and this in the page I am trying to protect:

Code:
<?php
session_start();

//recored pages current directory
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

// set a max file size for the html upload form
$max_file_size = 209715200; // size in bytes

if(isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
    //do nothing, and let user upload a file 
} else {
    header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login.php");
    exit();    
}
?>
What is happening is that no matter what I am getting bounced back to the login page. If I add
Code:
elseif(isset($_SESSION['logged']) && $_SESSION['logged'] == 0)
I can get to the protected page, but I can get to it even if I don't log in. What is happening, for reasons I can not figure out, is that the session variables I set in the login page are not being passed to the protected page. I have posted this on webdeveloper.com but no one there seems able to help me out. It doesn't make any sense to me, I have gone through hundreds of examples from numerous sources and they are all telling me to do the same thing, which I am already doing, but it is not working. Can anyone see anything wrong with this code that would prevent the session variables from being passed to a different page, or prevent them from being stored in the session array in the first place? When I put print_r($_SESSION) into my login page it prints all the contents of the session and it shows everything i put into it, but when i do the same thing on my protected page it is showing that $_SESSION is empty.






Similar Threads
Thread Thread Starter Forum Replies Last Post
Chapter 1 Ctrl+F5 don't work, F5 does work? jimboak BOOK: Beginning ASP.NET 3.5 : in C# and VB BOOK ISBN: 978-0-470-18759-3 7 June 29th, 2008 03:46 AM
why it doesn't work sangfroid C# 2005 2 January 21st, 2008 02:38 PM
Able to Get it work !! rsrika C# 2005 0 March 8th, 2006 09:16 AM
Why this example doesn't work DietCoke ASP.NET 1.0 and 1.1 Basics 3 November 29th, 2004 01:17 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.