sessions! argh!

zak

hi. I'm currently making a kind of sign-in system for an administrator, and i want to use sessions to allow only the logged in administrator to view admin pages. On the login page, i have this code:

$user = strtolower(trim(stripslashes($user)));
$pass = strtolower(trim(stripslashes($pass)));

//start the session
session_start();
session_register("SESSION");
session_register("SESSION_USERNAME");
session_register("SESSION_PASSWORD");

$SESSION_USERNAME = $user;
$SESSION_PASSWORD = $pass;

//redirect to the main admin page
header("Location: admin.php");

where $user and $pass are the variables passed by the login form. Admin.php (the page you are passed to) then has this code within it:

if (!session_is_registered("SESSION")) {
echo "The session is not registered";
exit;
}

I keep getting told that the session is not registered. I have checked the scripts - the header functions and sessions are called before any output and i have checked that sessions are enabled on phpinfo(). Anyone have any ideas what's wrong with it? Thanx.

rIkLuNd

try this:

$user = strtolower(trim(stripslashes($user))); 
$pass = strtolower(trim(stripslashes($pass))); 

#start the session 

$SESSION_USERNAME = $user; 
$SESSION_PASSWORD = $pass; 

session_start(); 
session_register("SESSION"); 
session_register("SESSION_USERNAME"); 
session_register("SESSION_PASSWORD"); 

#redirect to the main admin page 
header("Location: admin.php"); 

#where $user and $pass are the variables passed by the login 
#form. Admin.php (the page you are passed to) then has this 
#code within it: 

if (!session_is_registered("SESSION")) { 
echo "The session is not registered"; 
exit; 
}

zak

thanx. i tried that but still with no luck. 😕 is there any other reason why it may not be working? Or does anyone have an off-the-shelf solution already made up? any help would be greatly appreciated. btw, it's running on a linux box.

dustbuster

Hello,

I hope this is not to late.

You may be registering

session_register("SESSION");

but you are not assinging it a value. In order to have PHP recognize that it is set you have to assign it a value.

If you were to try:

if (!session_is_registered("SESSION_USERNAME")) { 
echo "The session is not registered"; 
exit;

}

it would probably not complain.

Check out:
http://www.php.net/manual/en/function.session-is-registered.php

and read the User Contributed Notes. It should help alot.

zak

thanks. after reading the php pages, i can see that what you said is completely right. 😃 However, my script still won't work even with these modifications. i am completely baffled. it looks simple enough. Is there something else i should be looking for? Does anyone know why it isn't working? Thanks.

rIkLuNd

Well, I don't use [man]is_registered_session[/man] to check if a session is set, but I do like this:


if(isset($_SESSION['bla']))
{
  echo "Logged In";
}
else
{
  echo "Not Logged In";
}

cahva

And you dont have to register the session variables. Just use:

session_start(); 
$_SESSION['session_user']=$user;
$_SESSION['session_password']=$pass;
...

Quote from php.net(http://fi.php.net/manual/en/ref.session.php):

Use of $SESSION (or $HTTP_SESSION_VARS with PHP 4.0.6 or less) is recommended for improved security and code readablity. With $SESSION, there is no need to use the session_register(), session_unregister(), session_is_registered() functions. Session variables are accessible like any other variables.

zak

Thanks for the help, guys. It's working perfectly now 🙂

rIkLuNd

you're welcome!