SitePoint Sponsor

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 25 of 55
  1. #1
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    sessions propblem?

    Hi folks, I have searched the forum for a sessions problem I am getting, but cannot find the answer, if anyone can shed some light on this I can sleep soundly tonite.

    I want to restrict access to a page unless a user has logged in. Seems straight forward enough, or at least I thought.

    I am using session_start() to initialise the session, and test for the posted log in details which works fine, as follows:

    Code:
    //start the session
    session_start();
    
    // if username and password haven't been posted, redirect with message
    if((!$_session['username']=$_POST['username'])&&(!$_session['password']=$_POST['password']))
       {.... rest of page
    The problem I am now having, is using the state of this session for a subsequent page. I though by using session_start() on a new page would automatically recognise any session variables I had instantiated in the session but it isn't working.

    Code:
    session_start();
    if(isset($_SESSION['username']) && isset($_SESSION['password']))
    { ....... rest of page
    Please could any session gurus out there give me some advice? I realise this may be a trivial question, but I just can't seem to solve it.
    people in glass houses shouldn't walk around naked

  2. #2
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    75
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs up

    I've faced same kind of problem, here is my scenario,

    Code:
    Login.php  -> authenticate.php -> userIndex.php
    Where login.php is the login form page and you are posting the data to authenticate.php to validate the login. After the successful validation at authenticate.php you are assigning session values eg,
    Code:
    $_SESSION['valid'] = true;
    and you are redirecting to the userIndex.php. If your criteria matches the same,

    First check the authenticate.php called with the same prefix as userIndex.php which means if you are redirecting userIndex.php like

    Code:
    header(http://www.domain.com/userIndex.php);
    Call the authenticate.php also with the www prefix. Let say that you have given authenticate.php in form action without any prefix be sure that you are calling login.php like
    Code:
    http://www.domain.com/login.php
    Session created in
    Code:
    http://domain.com
    wont be available for the files called with
    Code:
     http://www.domain.com
    (with www prefix).

  3. #3
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I think your code

    PHP Code:
    if((!$_session['username']=$_POST['username'])&&(!$_session['password']=$_POST['password'])) { 
    should be

    PHP Code:
    if((!$_session['username']==$_POST['username'])&&(!$_session['password']==$_POST['password'])) { 
    your a right, starting a session on each page makes the session variables available.
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  4. #4
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    then why, if I have start the session, does session_start() not work on any subsequent pages?

    using session_Start() on the new page and trying to echo the values to the page is not working, for all intents and purposes, my session values are being lost. on echoing the values, the values appear blank. Can someone please tell me why? Or even give me an example as my code is evidently at fault.
    Last edited by chris davies; Feb 25, 2007 at 10:19.
    people in glass houses shouldn't walk around naked

  5. #5
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    This works fine, try it on your server

    PHP Code:
    <?php
    Session_start
    ();
    if (isset(
    $_GET['show'])) {
    echo 
    $_SESSION['variable'];
    exit;
    }
    $_SESSION['variable'] = 'This should be stored in sessions';
    echo 
    '<a href="' $_SERVER['PHP_SELF'] . '?show" >click here</a>';
    ?>
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  6. #6
    SitePoint Addict pkSML's Avatar
    Join Date
    Aug 2006
    Location
    Ohio
    Posts
    230
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by chris davies View Post
    The problem I am now having, is using the state of this session for a subsequent page. I though by using session_start() on a new page would automatically recognise any session variables I had instantiated in the session but it isn't working.
    PHP Code:
    <?php
    session_start
    ();
    echo 
    "<PRE>";
    print_r($_SESSION);
    echo 
    "</PRE>";
    ?>
    This will show you all $_SESSION variables. It helps me in debugging to see what session vars exist at the current moment. Put the code in your authentication php file.
    -Stephen

    Get a LitlURL to this page!

  7. #7
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have the session working from the log in page to an admin page, the session works fine there. What I can't get to work is from the admin page, if the user selects a certain link to another page, the session data is disappearing. I can get it to work by adding the variables to the url and can retrieve them with $_GET, but that echoes the username and password in the URL. WHat I need to find out is if I can do this with sessions only and not have to rePOST the variables and not have them displayed in the search bar.
    people in glass houses shouldn't walk around naked

  8. #8
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    OK Ive read your last post.

    Put pkSML's code at the top of one of your other pages, this should echo all the session data that exixts, this must be the first piece of sode in the script.

    Post back your results
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  9. #9
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    On putting the code
    Code:
    <?php 
    session_start(); 
    echo "<PRE>"; 
    print_r($_SESSION); 
    echo "</PRE>"; 
    ?>
    at the top of the page I get this:

    Array
    (
    )


    so no session data is available, what I dont understand is why. Any help with this would be recieved gratefully
    people in glass houses shouldn't walk around naked

  10. #10
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Chris

    Post your admin and other page scripts, if your getting sessions to work between login and admin there must be something specific to stop it working further. Remember to post any includes as well, and post you code within the [PHP ] [/PHP ] tags for readablility
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  11. #11
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok here goes, again here is admin.php

    Code:
    <?php
    //start the session
    SESSION_START();
    
    
    $_SESSION['username']=$_POST['username'];
    $_SESSION['password']=$_POST['password'];
    $_SESSION['initialised']=true;
    
    
    
    
    // if username and password haven't been posted, redirect with message
    if((!$_SESSION['username']=$_POST['username'])&&(!$_SESSION['password']=$_POST['password']))
       {
          echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
          echo "<div class=\"outer\">";
          echo "<div class=\"img\"><img src=\"images/valleys.jpg\" alt=\"Valleys Real Estate\"/></div>";
          echo " <div class=\"formstyle\"><h4>Sorry, incorrect login information, redirecting you...</h4>
          <img src=\"images\waiting.gif\"></div>";
          echo "<meta http-equiv=\"refresh\" content=\"5;url=http://localhost/mysql_client/simplesuggest/admin.htm\">";
          echo"</div></div></div>";
          exit();
       }
       //compare posted username and password, if no match, redirect
       if($_POST['username']!='admin'||$_POST['password']!='password')
            {
               echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
               echo "<div class=\"outer\">";
               echo "<div class=\"img\"><img src=\"images/valleys.jpg\" alt=\"Valleys Real Estate\"/></div>";
               echo " <div class=\"formstyle\"><h4>Sorry, wrong username and / or password..., <br />
                                               redirecting you...</h4>
                      <img src=\"images\waiting.gif\"></div>";
               echo "<meta http-equiv=\"refresh\" content=\"5;url=http://localhost/mysql_client/simplesuggest/admin.htm\">";
               echo"</div></div></div>";
               exit();
                   }else
                   session_register('username');
                   session_register('password');
            echo "<h4>Welcome ".$_SESSION['username']."</h4>"
                 ."Today's administrator is ". $_SESSION['username'];
    
                 if (isset($_SESSION['username']))
                 {
                 echo "<br />You are logged in as: ". $_SESSION['username'];
                 }
                 else {    echo "Log in please";}
    
    <!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    <title>Administration Page</title>
    <link rel="stylesheet" type="text/css" href="style.css"/>
    </head>
    <body >
    <div class="outer">
    <div class="img"><img src="images/valleys.jpg"/></div>
    <div class="formstyleleft">
    <h3 class="center">Welcome to the ValleysRealEstate administration page</h3>
    <p>Which task(s) do you wish to perform, please select from the following list:</p>
    <ul>
       <li>
       <?php
           echo"<form action =\"enterPropertyData.php\">";
           echo "<p><a href=\"enterPropertyData.php?username=".$_SESSION['username']."&password=".$_SESSION['password']."\"> Enter Property/Seller Information</a></p>";
           echo" <input type=\"hidden\" value=\"$username\" />";
           echo" <input type=\"hidden\" value=\"$password\" />";
           echo"</form> ";
       ?>
    
       </li>
       <li>
          <p><a href="houseType.htm">Search By House Type</a></p>
       </li>
       <li>
          <p><a href="suggest.html">Search By Location</a></p>
       </li>
    </ul>
    </div>
    <div>
    <p>
    <table>
       <tr>
          <td><a href="index.htm">Back to index page</a></td>
          <td><a href="ajax.htm">back to AJAX Search</a></td>
          <td><a href="admin.htm">Administrator Page</a></td>
       </tr>
    </table>
    </p>
    </div>
    </div>
    </body>
    </html>
    
    ?>
    Pleasee notice I have deliberately addthe username and passowrd so that I can get it on the insert data page

    and insertpropertydata.php

    Code:
    <?php
    //start the session
    session_start();
    $_SESSION['username']=$_GET['username'];
    $_SESSION['password']=$_GET['password'];
    
    // if username and password haven't been posted, redirect with message
    
    if(($_SESSION['username']!=$_GET['username'])&&($_SESSION['password']!=$_GET['password']))
       {
          echo "no session data<br />";
          echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
          echo "<div class=\"outer\">";
          echo "<div class=\"img\"><img src=\"images/valleys.jpg\" alt=\"Valleys Real Estate\"/></div>";
          echo " <div class=\"formstyle\"><h4>Sorry, incorrect login information, redirecting you...</h4>
          <img src=\"images\waiting.gif\"></div>";
          echo "<meta http-equiv=\"refresh\" content=\"5;url=http://localhost/mysql_client/simplesuggest/admin.htm\">";
          echo"</div></div></div>";
          exit();
       }
    
    
       //compare posted username and password, if no match, redirect
       if($_GET['username']!='admin'||$_GET['password']!='password')
            {
               echo"no posted data";
               echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
               echo "<div class=\"outer\">";
               echo "<div class=\"img\"><img src=\"images/valleys.jpg\" alt=\"Valleys Real Estate\"/></div>";
               echo " <div class=\"formstyle\"><h4>Sorry, wrong username and / or password..., <br />
                                               redirecting you...</h4>
                      <img src=\"images\waiting.gif\"></div>";
               echo "<meta http-equiv=\"refresh\" content=\"5;url=http://localhost/mysql_client/simplesuggest/admin.htm\">";
               echo"</div></div></div>";
               exit();
            }else
    
            echo "<h4>Welcome ".$_SESSION['username']."istrator</h4>"."Today's administrator is ". $_SESSION['username'];
    ?>
    
    
    <!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    <title>Enter Property Information</title>
    <link rel="stylesheet" type="text/css" href="style.css"/>
    </head>
    <body >
    <div class="outer">
    <div class="img"><img src="images/valleys.jpg" alt="Valleys Estate Agents"/></div>
    <form class="formstyle" action="propertyDataSaved.php" method="post">
    <table>
          <tr><th colspan ="3">Enter Property Information</th></tr>
          <tr><td>Seller Surname    </td><td><input type="text" name="surname" size="30"/>              </td></tr>
          <tr><td>Seller Forename(s)</td><td><input type="text" name="forename" size="30"/>             </td></tr>
          <tr><td>Seller Address    </td><td><input type="text" name="sellerAddress" size="30"/>        </td></tr>
          <tr><td>Seller Postcode   </td><td><input type="text" name="sellerPostcode" size="30"/>       </td></tr>
          <tr><td>Seller Telephone  </td><td><input type="text" name="sellerTelephone" size="30"/>      </td></tr>
          <tr><td>Property ID   (no, 1st 3 letters street, 1st 4 letters of location)</td>
          <td><input type="text" name="propertyID" size="30"/>              </td></tr>
          <tr><td>House Address     </td><td><input type="text" name="houseAddress" size="30"/>         </td></tr>
          <tr><td>House Description </td><td><input type="text" name="description" size="30"/>          </td></tr>
          <tr><td>House Price    (numbers only, no pound sign)</td>
          <td><input type="text" name="price" size="30"/></td></tr>
          <tr><td>House location  (village e.g. rhydyfelin)</td>
          <td><input type="text" name="location" size="30"/></td></tr>
          <tr><td>House Postcode</td>
          <td><input type="text" name="housePostcode" size="30"/></td></tr>
          <tr><td>House Status  (select from list)</td><td>
          <select name="statusID">
          <option value="1">for sale  </option>
          <option value="2">for rent  </option>
          <option value="3">sold  </option>
          </select></td></tr>
          <tr><td>Image Name    (name of image file)    </td>
          <td><input type="text" name="image" size="30"/>                </td></tr>
          <tr><td>House Type   (select from list)</td><td>
          <select name="housetypeID">
          <option value="1">semi  </option>
          <option value="2">detached  </option>
          <option value="3">apartment  </option>
          <option value="4">bungalow  </option>
          <option value="5">cottage  </option>
          <option value="6">mid link  </option>
          <option value="7">terrace  </option>
          <option value="8">mansion  </option>
    
          </select></td></tr>
          <tr><td>Submit Information</td>
          <td><input type="submit" value="     Submit Information    " size="30"/></td></tr>
       </table>
    </form>
    <div>
    <p>
    <table>
       <tr>
          <td><a href="index.htm">Back to index page</a></td>
          <td><a href="ajax.htm">back to AJAX Search</a></td>
          <td><a href="admin.htm">Administrator Page</a></td>
       </tr>
    </table>
    </p>
    </div>
    </div>
    
    <div class="center">Chris Davies Student No: 03131106</div>
    <div class="center">Final Year Project XML Technologies</div>
    <div class="center"><p>
        <a href="http://validator.w3.org/check?uri=referer"><img style="border:0"
            src="images/xhtml.bmp"
            alt="Valid XHTML 1.0 Transitional" height="31" width="88" /></a>
            <a href=" http://jigsaw.w3.org/css-validator/check/referer">
    <img style="border:0;width:88px;height:31px" src="images/css.bmp" alt="Valid CSS!"/></a>
      </p>
      </div>
    </body>
    </html>
    please be aware that I am not currently accessing a database for the username and password (I will be), I just want to be able to get the session data over WITHOUT using $_GET and without echoing the usename and password with the URL. IF can tell me where I am going wrong please, it driving me nuts lol
    people in glass houses shouldn't walk around naked

  12. #12
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    This line doesnt look right

    PHP Code:
    if((!$_SESSION['username']=$_POST['username'])&&(!$_SESSION['password']=$_POST['password'])) 
    You shouldnt be using session_register when using $_SESSION

    PHP Code:
    session_register('username');
    session_register('password'); 

    Also why are you rechecking login details in insertpropdata.php ?

    I'll look at cleaning your code up see if I can get anywhere
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  13. #13
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Sorry, there are so many errors with the code I havent got the time right now to rewrite it for you.
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  14. #14
    SitePoint Evangelist superuser2's Avatar
    Join Date
    Aug 2006
    Posts
    598
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mandes View Post
    I think your code

    PHP Code:
    if((!$_session['username']=$_POST['username'])&&(!$_session['password']=$_POST['password'])) { 
    should be

    PHP Code:
    if((!$_session['username']==$_POST['username'])&&(!$_session['password']==$_POST['password'])) { 
    your a right, starting a session on each page makes the session variables available.
    Yep. The first expression in the first sample would always evaluate to true. == is a comparator, not =.

  15. #15
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, I've changed the = to ==, but I still can't retrieve any session data. Let make this as plain as I can. I have a log in page, which then moves to an admin page where I set up the session with
    Code:
    SESSION_START()
    , after I set the
    Code:
    $_SESSION['username']= to $_POST['username']
    .
    So far so good, it all appears to be working correctly.

    My problem is moving to another secure page where I would have thought that
    Code:
    $_SESSION['username']
    would always be available to the session. I thought as long as I used
    Code:
    SESSION_START()
    at the top of every page I would always have access to
    Code:
    $_SESSION['username']
    people in glass houses shouldn't walk around naked

  16. #16
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok , I ahve tried to rewrite this after so many of you have tried to help and this is my new code for the admin page:

    Code:
    <?php
    //start the session
    session_start();
    
    
    //has the username and passowrd been posted?
    if (!isset($_POST['username']) && !isset($_POST['password']))
       {
          echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
          echo "<div class=\"outer\">";
          echo "<div class=\"img\"><img src=\"images/valleys.jpg\" alt=\"Valleys Real Estate\"/></div>";
          echo " <div class=\"formstyle\"><h4>Sorry, incorrect login information, redirecting you...</h4>
          <img src=\"images\waiting.gif\"></div>";
          echo "<meta http-equiv=\"refresh\" content=\"5;url=admin.htm\">";
          echo"</div></div></div>";
          exit();
       }
       //compare posted username and password, if no match, redirect
       if($_POST['username']!='admin'||$_POST['password']!='password')
            {
               echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
               echo "<div class=\"outer\">";
               echo "<div class=\"img\"><img src=\"images/valleys.jpg\" alt=\"Valleys Real Estate\"/></div>";
               echo " <div class=\"formstyle\"><h4>Sorry, wrong username and / or password..., <br />
                                               redirecting you...</h4>
                      <img src=\"images\waiting.gif\"></div>";
               echo "<meta http-equiv=\"refresh\" content=\"5;url=admin.htm\">";
               echo"</div></div></div>";
               exit();
                   }
                   else
                   $_SESSION['username']=$_POST['username'];
                   $_SESSION['password']=$_POST['password'];
    ?>
    and this is the new code for enterpropertydata.php, bearing in mind it still don't work arggggh" lol
    Code:
    <?php
    //start the session
    session_start();
    
    if(!isset($_SESSION['username']&& !isset($_SESSION['password']))
       {
       echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
          echo "<div class=\"outer\">";
          echo "<div class=\"img\"><img src=\"images/valleys.jpg\" alt=\"Valleys Real Estate\"/></div>";
          echo " <div class=\"formstyle\"><h4>Sorry, incorrect login information, redirecting you...</h4>
          <img src=\"images\waiting.gif\"></div>";
          echo "<meta http-equiv=\"refresh\" content=\"5;url=admin.htm\">";
          echo"</div></div></div>";
          exit();
       }
    
    ?>
    grief abounds lol
    people in glass houses shouldn't walk around naked

  17. #17
    SitePoint Addict Skookum's Avatar
    Join Date
    Sep 2006
    Location
    Idaho
    Posts
    375
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You stated something about using secure pages. I maybe wrong on this but I believe that session variables do not go back and forth between HTTPS and HTTP, that there are 2 seperate session arrays, 1 for HTTPS and 1 for HTTP.

    This could possibly your problem.

    Also you may try to over simplify your code for testing such as
    PHP Code:
    session_start();
    if(empty(
    $_SESSION['UserName'])){
    $_SESSION['UserName'] = $_POST['UserName']
    }

    var_dump($_SESSION);
    echo 
    "<a href='2ndpage'>2nd page</a>"
    Then on your second page just do a var_dump of $_SESSION and see if the variable survived.

    Rather than trying to clean up a big piece of code, try to eliminate a configuration problem that you may be having by using extremely basic code.

    Also have you tried checking the session id?

    Try echo'ing the session_id() and compare the strings together to see if your session is being reset by the garbage collector or something. You could also enable session.use_trans_sid in the PHP.ini and track the session id through the URL and see if it changes or dies.
    Paranoia is no longer a mental illness it is a way of life - Me

  18. #18
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    using your exact code I get:

    array(1) { ["username"]=> NULL }

    All I want to do is pass the session of the username over to a new page for secirty reasons so I don't have to echo the username (and/or password) in the URL. And I thought sessions were supposed to be relatively straight forward, huh
    people in glass houses shouldn't walk around naked

  19. #19
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Chris

    somethings just struck me as I read your new scripts. You originally stated that you had sessions working between the login and the admin pages, but now I read you new script your not actually passing any sessions there, all your checks are using $_post. I've always based my answers to you on the summise that you had sessions working on some pages.

    Therefore can you try my code way back in post no 5, just put it in a file called test.php and run it from a browser, report back what you get.
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  20. #20
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Misunderstanding here, the original login.htm to admin.php session is working fine. Thanks to the help here :O)

    The problem only arises when passing from admin.php to insertpropertydata.php, which obviously has to be secure. The session data does not pass to the new page even though my first piece of code is session_start(); I've added all sorts of suggested code over the last week and a half, to no avail. Hence the rewrite, it all got rather messy.

    The only way I have been able to make it work is by appending the variables to the anchor link from admin.php to insertpropertydata.php and using $_GET to retrieve the values in insert[ro[ertydata.php, which, rather unsecurely is posting the values at the end of the URL. This is what I want to avoid.

    I can't seem to grasp why session_start() doesn't do the job, I was under the impression that's all I needed at the top of any subsequent secure pages.
    people in glass houses shouldn't walk around naked

  21. #21
    SitePoint Addict Skookum's Avatar
    Join Date
    Sep 2006
    Location
    Idaho
    Posts
    375
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by chris davies View Post
    Misunderstanding here, the original login.htm to admin.php session is working fine. Thanks to the help here :O)

    The problem only arises when passing from admin.php to insertpropertydata.php, which obviously has to be secure. The session data does not pass to the new page even though my first piece of code is session_start(); I've added all sorts of suggested code over the last week and a half, to no avail. Hence the rewrite, it all got rather messy.

    The only way I have been able to make it work is by appending the variables to the anchor link from admin.php to insertpropertydata.php and using $_GET to retrieve the values in insert[ro[ertydata.php, which, rather unsecurely is posting the values at the end of the URL. This is what I want to avoid.

    I can't seem to grasp why session_start() doesn't do the job, I was under the impression that's all I needed at the top of any subsequent secure pages.
    You keep saying transferring to a secure page. Are you trying to pass session variables from http to https?
    Paranoia is no longer a mental illness it is a way of life - Me

  22. #22
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by chris davies View Post
    Misunderstanding here, the original login.htm to admin.php session is working fine.
    Then please show me what code in admin.php uses the session data that has been passed from your login script.

    Your login.htm is exactly that a html file, it cannot hold or create sessions, you need .php to do this.
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  23. #23
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,
    Code from admin.php
    Code:
    <?php
    //start the session
    session_start();
    
    
    //has the username and password been posted?
    if (!isset($_POST['username']) && !isset($_POST['password']))
       {
          echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
          echo "<div class=\"outer\">";
          echo "<div class=\"img\"><img src=\"images/valleys.jpg\" alt=\"Valleys Real Estate\"/></div>";
          echo " <div class=\"formstyle\"><h4>Sorry, incorrect login information, redirecting you...</h4>
          <img src=\"images\waiting.gif\"></div>";
          echo "<meta http-equiv=\"refresh\" content=\"5;url=admin.htm\">";
          echo"</div></div></div>";
          exit();
       }
       //compare posted username and password, if no match, redirect
       if($_POST['username']!='admin'||$_POST['password']!='password')
            {
               echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
               echo "<div class=\"outer\">";
               echo "<div class=\"img\"><img src=\"images/valleys.jpg\" alt=\"Valleys Real Estate\"/></div>";
               echo " <div class=\"formstyle\"><h4>Sorry, wrong username and / or password..., <br />
                                               redirecting you...</h4>
                      <img src=\"images\waiting.gif\"></div>";
               echo "<meta http-equiv=\"refresh\" content=\"5;url=admin.htm\">";
               echo"</div></div></div>";
               exit();
                   }
                   else{
                        $_SESSION['username']=$_POST['username'];
                        $_SESSION['password']=$_POST['password'];#
                        session_write_close();
    ?>
    people in glass houses shouldn't walk around naked

  24. #24
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Chris

    Your missing my point, there is no session data being passed to admin, therefore you cannot say that sessions are working between login and admin.

    I'll ask one more time, please try the code I posted in post No5 and report what happens.
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  25. #25
    SitePoint Enthusiast
    Join Date
    Feb 2005
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok, I tried that and I get a click here link, now what? please?
    people in glass houses shouldn't walk around naked


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •