| SitePoint Sponsor |
Hi all,
I have a page where I log in. It's called ac.php. I put this page on top of my first page, with an include. I log in, successfully, and arrive at my account information. If I click on my edit_account.php page link, I get prompted to log in again. Which is not the purpose off course. I should stay connected.
Why do I seem to lose my session over the first good page, and the second bad one?
Kind regards,
M
Do you have session_start() also in the beginning of the other file (assuming that you move to another page from your link)?
I'm actually using an include with the login information, where I do have the session_start(). Strange thing is it works on one page, and not on another.
I simply use include 'ac.php' in the beginning of every page.
Well how do you check on every page that if the user is logged then? This is pretty much guessing game unless you provide some code to look at.
I us e the below code as an include on every page where the user needs to login. I left out all unneccesary code, so I hope it makes it easier to read.
Code:<?php // ac.php session_start(); $uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid']; $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd']; if(!isset($uid)) { ?> Form... </body> </html> <?php exit; } $_SESSION['uid'] = $uid; $_SESSION['pwd'] = $pwd; dbConnect('...'); $sql = "SELECT klant_id, username, wachtwoord FROM klanten WHERE username = '$uid' AND wachtwoord = '$pwd'"; $result = mysql_query($sql); if (mysql_num_rows($result) == 0) { unset($_SESSION['uid']); unset($_SESSION['pwd']); ?> Unsuccessful login </body> </html> <?php exit; } $uid = mysql_result($result,0,'username'); $pwd = mysql_result($result,0,'wachtwoord'); ?>
I dont really see from that what is the reason for logouting. And I cannot test it now. But there is some repeating in your code and also some useless stuff like all the exits. You could try to build your code in more logical way maybe. Maybe something like this way..
And this was only the file you included on every page so have you double checked that you dont have something in the real page that would make user logout possibly?PHP Code:session_start();
if ($_GET['logout'])
{
$_SESSION['logged'] = false;
}
if (isset($_POST['uid']) && isset($_POST['pwd']))
{
$uid = htmlspecialchars($_POST['uid']);
$pwd = htmlspecalchars($_POST['pwd']);
// In here check from db. If user exists set logged to true else false.
// $_SESSION['logged'] = true / false
}
// Checkif logged or not and then do stuff according to that.
if ($_SESSION['logged'] === true)
{
// We are logged and we can do stuff.
}
else
{
$_SESSION['logged'] = false;
// Print html and login form.
}
Also prefer doing all executions before printing html (forms etc). It is a better that way and if you later will use redirects etc. they wont break your script.
@Tendola - Well, first of all the file is included at the top of every file, so the file can't touch anything until the ac.php has. Secondly, the exists are there so that the user can't access the information on the page including the ac.php.
Though it would be better to do a redirect to a login form, with the return page as a $_GET value so the user is redirected to their correct location.
The problem your suggested code has is that it doesn't keep checking that the users details remain correct - after all, if they are banned then they should be auto logged out.
I'd suggest something more like:
PHP Code:<?php // ac.php
session_start();
require('db_connect.php');
function loginScreen($unsuccessfulLogin = false){
header('location: login.php?redirect=' . $_SERVER['PHP_SELF'] . (($unsuccessfulLogin) ? '&unsuccessful=1' : ''));
exit;
}
if(isset($_POST['username'], $_POST['wachtwoord'])){
$_SESSION['user']['username'] = $_POST['username'];
$_SESSION['user']['wachtwoord'] = $_POST['wachtwoord'];
}
if(!array_key_exists('user', $_SESSION)){
loginScreen();
}
$username =& $_SESSION['user']['username'];
$wachtwoord =& $_SEESION['user']['wachtwoord'];
$result = mysql_query("SELECT klant_id, username, wachtwoord FROM klanten WHERE username = '{$uid}' AND wachtwoord = '{$pwd}'");
if (mysql_num_rows($result) < 1) {
unset($_SESSION['user']);
loginScreen(true);
}
$_SESSION['user'] = mysql_fetch_array($result);
?>
Jake Arkinstall
"Sometimes you don't need to reinvent the wheel;
Sometimes its enough to make that wheel more rounded"-Molona
What is the error given? Node not found or something like this? If so, are you saving a simpleXMLElement object in the session? Because if this is case, I'm sorry you will need to rewrite your code to avoid this situation. I haven't found why. I know is a bug so far, but saving a simpleXMLElment in the session will break the whole session structure.
I think we're on the wrong path here guys. The important thing is,thit it works on the first page. So the session is set, the login works. But if I go to antoher page, almost the same page, actually, it asks me again to login, like it did onthe first page. COuld it be a hosting setting ?
Already checked for cookies?
If the host doesn't send the session cookie or the browser doesn't accept it it's almost your part to add the session manually to each link unless it is automatically appended to each link by PHP which I personally would never use as it doesn't suite each situation (like when you pass parameters as path-info).
Clear your cookies, and log in. Now check your cookies, do you have a session cookie?
Next, make sure the browser is sending the cookie back to the server when it requests the next web page.
We can proceed from this point.PHP Code:print_r($_COOKIE);
I think the solution for this is very simple. Are you starting the session in every page?
By what you have written, you will need to start the session in the login page, at the login handler page and in all pages that you are checking if the user is logged. If you are not, just start the session in every page that you will not have any more issues.
One common reason for this is that the session is started at example.com and does not continue with www.example.com (note the www) or the other way around. If that's the case, have your server redirect all W pages to the non-W page - a good idea anyway aside from the session issue.
- Robert
Posting Permissions
Bookmarks