Sessions

wil

I am having a problem with being rejected the first time. I have

When I login I get my rejection page the first time. I go back and it allows me to login. It happens every time this way.

auth.php: 
<?php
@$name = $_POST ['usrname'];
@$pass = $_POST ['pword'];

//Assumes the login is false
$auth=false;

// Checks for a login name and passwword
if(isset($name) && isset($pass)) {

//Opens pasword file and reads contents
$filename = '/path/to/file/auth.txt';
$fp=fopen($filename,"r");
$file_contents=fread($fp, filesize($filename));
fclose($fp);

//Sorts file contents for use
$lines = explode("\n", $file_contents);

foreach ($lines as $line) {

list($usrname,$pword)= explode(':',$line);

//Checks for a match
if(($usrname == $name) && ($pword == $pass)) {

//Sets login to true
$auth=true;
break;

}
}

}
if(!$auth){

//Rejection notice and redirect
include ('reject.php');
exit();

}else{

//Starts a session var
session_start();
session_register("SESSION");
session_register("SESSION_UNAME");
$SESSION_UNAME = $usrname;


//Location for uploading
header ("Location: [url]http://mysite.com/usrupload.php[/url]");
exit();
}
?>

usrupload.php:
<?php
//Checks for session
session_start();

@$usrname = $_SESSION['SESSION_UNAME'];

if(!session_is_registered("SESSION"))
//Redirect for a login
include ('reject.php');

//Includes uploading file if a session was availiable
else (include "$usrname.php");
exit();

?>

Thanks in advance,
Wil

coditoergosum

Hi Wil,

Well, at first glance it appears that you might not be storing the usrname var correctly. I think your script would work if register_globals is on, but going off the first few lines in the script I'm assuming it isn't, since you're getting the var using $_POST['usrname'], which you asign to $name.

I think if you change this line: $SESSION_UNAME = $usrname;
to $SESSION_UNAME = $name;, it will work.

I just took a quick glance at it though... there might be something else. Here is a link to the source of my authentication script I use on http://gagon.net (minus the actual usernames/passwords of course: http://gagon.net/sessions.phps . Basically all this script does is check the username and password, and then set the session vars (there's a few things that need to be changed to make it more efficient, but it works for now). I include this script on the main page, and then check the variables to see what to display. Anyway, that might help you with your session problem. Also, I have register_globals on, as you'll notice in the script.

wil

I found a few more docs on $_SESSION. I have this new one working the first try except it will not pass the $username fron the auth.php to the usrupload.php page. Where am I not passing it on. The usrupload page has to have this var to have the include work.

auth.php
<?php
@$name = $_POST ['usrname'];
@$pass = $_POST ['pword'];

//Assumes the login is false
$auth=false;

// Checks for a login name and passwword
if(isset($name) && isset($pass)) {

//Opens pasword file and reads contents
$filename = '/path/to/mysite/some_file.txt';
$fp=fopen($filename,"r");
$file_contents=fread($fp, filesize($filename));
fclose($fp);

//Sorts file contents for use
$lines = explode("\n", $file_contents);

foreach ($lines as $line) {

list($usrname,$pword)= explode(':',$line);

//Checks for a match
if(($usrname == $name) && ($pword == $pass)) {

//Sets login to true
$auth=true;
break;

}
}

}
if(!$auth){

//Rejection notice and redirect
include ('reject.php');
exit();

}else{

//Starts a session var
session_start();
$_SESSION['name'] = $usrname;
$_SESSION['session'] = "session";




//Location for uploading
header ("Location: [url]http://mysite.com/usrupload2.php[/url]");
exit();
}
?>

usrupload.php
<?php
//Checks for session
session_start();

$usrname = $_SESSION ['name'];
$session = $_SESSION ['session'];
if (isset($session)) {
//Redirect for a login
include ('reject.php');

//Includes uploading file if a session was availiable
}else{ (include "$usrname.php");
exit();
}

?>

Thanks in advance,
Wil