SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Thread: Managing Users

Hybrid View

  1. #1
    SitePoint Member djrob's Avatar
    Join Date
    Sep 2000
    Location
    Melbourne
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Managing Users

    I have spent some time trying to get user authentication going, based on Kevin Yank's article - "Managing users with PHP and MySQL".
    I have the database tables going and the scripts seem to check usernames and passwords OK but, I am having to log on for every page - it does not seem to be parsing the sessions data properly.
    The SID variable also seems to be empty - any ideas why ?????
    Is there another way ????
    session.use_trans_sid is set to 1 (presume this is enabled) on the .ini file, as is ;
    register_globals - also on.
    session.auto_start is set to off.
    session.use_cookies is on
    Appreciate any help.

  2. #2
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Post your code and we will be able to see what's going on.

    SID will not have a value if you are using cookies, it will only contain a value if the cookie could not be set or you put session.use_cookies off

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  3. #3
    SitePoint Member djrob's Avatar
    Join Date
    Sep 2000
    Location
    Melbourne
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Some of my code FYI

    The index page :

    <?php include("access_control.php"); ?>
    <head>
    <title>index.html</title>
    <meta name="description" content="Homepage of the ASA members only website">
    </head>
    <!-- etc ..... -->


    Another page in the same directory :

    <?php include("access_control.php"); ?>
    <head>
    <title>points.php</title>
    <meta name="description" content="Check points for the parsed user">
    </head>
    <!-- etc ...... -->


    Access_control.php :


    <?php session_start();
    // Access control - prevents access to pages by users not logged in
    include("../_includes/db.connect.inc");
    include("../_includes/commonerr.php3");

    if(!isset($uid) || !isset($pwd)) {
    ?>
    <html>
    <head>
    <title> Log-in required</title>
    </head> <!-- etc -->
    </html>
    <?php
    exit; }

    // The uid and password are set
    $valid_user = $uid;
    $password = $pwd;
    session_register("valid_user");
    session_register("password");
    // Check that supplied details are correct
    dbConnect("asa");
    $sql = "SELECT * FROM users WHERE userid = '$uid' AND password = '$pwd'";
    $result = mysql_query($sql);
    if (!$result) {
    echo("{access_control} : A database error occurred while checking your login details.<br>If this" .
    " error persists, please contact robdj@bigpond.com.au<br>");

    }

    if (mysql_num_rows($result) == 0) {
    // The userid and password cannot be found inb the user database.
    session_unregister("valid_user");
    session_unregister("password"); ?>
    <html>
    <head>
    <body>
    <h1> Access Denied </h1>
    <p>Your user name or password is incorrect, or you are not a registered user on this site.<br> To try logging in
    again, click [<a href="<?=$PHP_SELF?>">here</a>]. <br><a href="signon.php"><u>Register</u></a>! for instant access.
    </p>
    </body>
    </html>
    <?php
    exit; }

    $user = mysql_result($result,0,"userid");
    $since = mysql_result($result,0,"joined");
    ?>

    When I point my browser to index.php, I get the "you are not logged on" message. I logon with correct uname and pwd, and it displays the page just fine. When I then try to go to points.php, I am asked to logon again - the session variables do not seem to carry onto the next page - can't figure out why.

  4. #4
    SitePoint Enthusiast smashway's Avatar
    Join Date
    Sep 2001
    Location
    Lausanne, Switzerland
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    maybe it comes from the way php was compiled? did you ./configure --enable-trans-sid [other options] ?
    well that is you could try this if you're root on the server (and it runs Linux, otherwise it's not the problem I think).

    You could aslo try to session_start() explicitely before trying to register your variables?
    Try to check the path where you want to save your sessions too.

    Hope this helps,

    Smash

  5. #5
    SitePoint Member djrob's Avatar
    Join Date
    Sep 2000
    Location
    Melbourne
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Session save path

    session.save_path is /tmp
    session.use_cookies is on


    You could aslo try to session_start() explicitely before trying to register your variables?
    Huh?? Haven't I done that????

    session.auto_start is off by the way (I'm not the root user of the server)
    We have an installation of vBulletin which works a treat, so I can't see how config might be a problem - doesn't it use the same .ini if it's in our domain???
    And if SID does not have a value, where is the session id??

  6. #6
    SitePoint Enthusiast smashway's Avatar
    Join Date
    Sep 2001
    Location
    Lausanne, Switzerland
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Doh, I didn't see the session_start(); after the <?php tag :P

    I found your error:

    You are checking for unexisting variables:
    Code:
    if(!isset($uid) || !isset($pwd))
    the variables you registered were:
    Code:
    session_register("valid_user"); 
    session_register("password");
    so when you enter your second page, $uid and $pwd are NOT set, hence the error message

    Hope this helps,

    Smash

  7. #7
    SitePoint Member djrob's Avatar
    Join Date
    Sep 2000
    Location
    Melbourne
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    An interesting note.

    The problem I have is not with the variables, it is with the config.
    The answer can be found on [this] forum.
    I need to register session variables as globals first for them to be available across multiple pages.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •