Sessions - This is my last resort

tohan

I have a login script which works fine. Starts session then moves user to a index page. The index page has about 4 includes. inside on of the included php files is the session_start(). It then checks to see if the username is set, if so continues to load the page otherwise throws user out to log back in.

The user logs in okay, then gets the logout page. Then logs in again and this time goes to the index page. In the c:\temp directory there are 2 session files for this user one has variables the other is empty.

I am using NT4 server, Apache & php4. It seems to start one session then when it gets to the index page start another code from pages is below. I would appreciate any assistance as I have been trying to resolve this all week

Cheers

<?php

function auth($userName='',$passwd='') {

session_start();
global $PHP_SELF, $sessionName;
$check=!empty($userName);

if ($check) {

$query="SELECT password FROM MEMBERS WHERE username='$userName'";
$result=odbc_do($connection, $query);
$storedPassword=odbc_result($result, 1);

	$passwd=md5($passwd);
	$storedPassword=trim($storedPassword);
	if($storedPassword == $passwd){
	$sessionName=$userName;
	session_register("sessionName");	
	}
	else
	{
	return false;
	//unset($sessionName);
	}
return true;
}
else
{
return false;
}

}

function loginform($error=false) {

<TITLE>PASD Login Page</TITLE>
</HEAD>
<BODY><h1>Login Page</H1>
<br><br>
<?php if($error) { ?>
The login information you provided was invalid.
Please log in again below:
<?php } //end of error check ?>

<FORM ACTION="<? echo $PHP_SELF ?>" METHOD=POST>
Username: <SELECT SIZE=1 NAME="username">
<OPTION NAME="username" VALUE="">
<?

$result4=odbc_exec($numero4, "select username FROM MEMBERS ORDER BY username ASC");
while( odbc_fetch_row( $result4 ) ) {
$nbrow++;
$member= odbc_result( $result4, 1 );
printf("<OPTION NAME=\"username\" VALUE=\"%s\">",$member);
printf("%s", $member);
}

odbc_close($numero4);

?></SELECT><BR>
Password: <INPUT TYPE="password" NAME="password"><BR>
<br>
<INPUT TYPE="submit" VALUE="Log in">
</FORM>
<br>
<br>
</BODY>

<?php
} //end of function

if( !auth($HTTP_POST_VARS['username'], $HTTP_POST_VARS['password'] )) {

loginform( isset ($HTTP_POST_VARS['username']));

}
else
{

$sessionKey="0";
session_register("sessionKey");

$today=date("Y-m-d H:i:s");

$insert_session="INSERT INTO PASD_SESSION (username, startTime, sessionId) VALUES ('$sessionName', '$today', '$PHPSESSID')"; 
$result=odbc_do($connection, $insert_session);
$query="SELECT max(sessionKey) FROM PASD_SESSION";
$result=odbc_do($connection, $query);
$sessionKey=odbc_result($result, 1);



Header("Location: http://index.php");

}

index.php

<?
$page="index.php";
//add to counter
$result=odbc_exec($numero, "UPDATE PASD_COUNTER SET counter=(counter + 1) WHERE webpage='".$page."'");
//echo $page;
odbc_close($numero);

include("table_start.php");

.....blah blah blah

table_start.php

<?
session_start();

if(!$sessionName){

Header("Location: http://logout.php");

}
?>

jjoske

So what goes wrong? I've had problems with cookies and includes which I'm assuming is what is going wrong with your code. Basically it seems that when you have and include or require it sends the headers to the browser which of course means you can't set a new cookie, or in this case start a session. Try starting your session before you get to your include statements.

tohan

john,

I have tried that

ie session_start() as the first line in index.php

but i still have the same problem

thanx