Problems with sessions

yeochins

I try to create a session and registering varibles. The varibles are vital to the function of user related areas. On two previous forums they never gave me a response to this problem. I hope you guys can provide a response :

function is_user() {
global $username;
session_start();
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
$result = mysql_query ("SELECT * FROM session WHERE username='$username'");
  IF(mysql_num_rows($result)==0) {
  	echo "You have failed to meet session standards please note cookies must be enabled!\n";
  	echo "<meta http-equiv=\"refresh\" content=\"3;URL=index.php?index=login\">\n";
  }
  //they have cleared authentication
  } ELSE {
 echo "session was never registered\n";
}
}

function login2($username, $passwd) {
global $username, $passwd;    //Global varibles needed to complete logins through index linking.
$result = mysql_query ("SELECT * FROM user WHERE username='$username'")
	or die ("Could Not retrieve files");
while ($user = mysql_fetch_array ($result)) {
        if($user[2]==$passwd) {
		srand((double)microtime()*1000000);        //seed the generator
		$session_id = md5(uniqid(rand()));         //Build the session ID.
		session_cache_limiter("private");
		$_SESSION['username']==$username;
		session_id($session_id);
		session_register($username);
		session_start();
		$ipuser = getenv ("REMOTE_ADDR"); // get the ip number of the user
		$ctime = time();
        	mysql_query("UPDATE session SET username='$username', time='$ctime', host_addr='$ipuser', guest='0', sid='$session_id' WHERE username='$ipuser'");
include("header.php");
tabletop();
	echo "You are logging in please wait...\n";
	echo "<meta http-equiv=\"refresh\" content=\"5;URL=index.php?index=act&action=usercp\">\n";
	echo "If you havent logged in please <a href=\"index.php?index=act&action=usercp\">Click Here</a>\n";
	} else {
include("header.php");
tabletop();
	echo "<CENTER><b><font size=\"2\" class=\"title\">Wrong Password<br><Br><br>\n";
	echo "<meta http-equiv=\"refresh\" content=\"2;URL=index.php?index=login\">\n";
	}
    }
tablebottom();
include("footer.php");
}

I call the is_user function in user related areas. When I access the area I get the message I put as 'Session was never registered (varible)' The error was defined when I used ISSET to find whether the session varible $_SESSION['username'] is empty or not and it returned False causing the error.

Could you help me? note: this contains where the session begins and the function used to check it

simulant

Well, for one thing, it looks like in your "login2" function, you accidentally used a boolean operator instead of an assignment operator:

$_SESSION['username']==$username;

should be

$_SESSION['username']=$username;

Also, you don't need to define the session variables that you are registering as "global". The $_SESSION array is a "superglobal" so whatever you put in there will be accessible throughout your application.

Hope this helps....

simulant

ALSO, you don't need to call session_register() if you are using the $_SESSION superglobal.

From the manual:

Please note when working with sessions that a record of a session is not created until a variable has been registered using the session_register() function or by adding a new key to the $_SESSION superglobal array. This holds true regardless of if a session has been started using the session_start() function.

More manual stuff:

Use of $SESSION (or $HTTP_SESSION_VARS with PHP 4.0.6 or less) is recommended for improved security and code readablity. With $SESSION, there is no need to use the session_register(), session_unregister(), session_is_registered() functions.

rinjani

Hi,

I think I can give you a few pointers.

I am pretty sure that if you register session variables within a function they have to be made global.

You are registering your session variables after they are given values, but I think that you have to register them first.

Within a function try something like this:

// if row exists - login/pass is correct

//have to register as globals from within a function!
global $SESSION_USERID;	
global $SESSION_USERPERM;
global $SESSION_USERNAME;
global $SESSION_SECURITY_ID;
// initiate a session
session_start();
// register the user's ID and permission level
session_register("SESSION_USERID");
session_register("SESSION_USERPERM");
session_register("SESSION_USERNAME");

list($userid, $userperm, $username) = mysql_fetch_row($result);
$SESSION_USERID = $userid;
$SESSION_USERPERM = $userperm;
$SESSION_USERNAME = $username;


//set up some security id, random number type thing
$current_time = time();
$random_string = $random_salt . $current_time;
$security_id = md5($random_string);
$SESSION_SECURITY_ID = $security_id ;                     
 session_register('SESSION_SECURITY_ID');

from outside a function it would be something like this:

// initiate a session
session_start();

// register the user's ID and permission level
session_register("SESSION_UID");
session_register("SESSION_UPERM");
session_register("SESSION_UNAME");

list($uid, $uperm, $uname) = mysql_fetch_row($result);
$SESSION_UID = $uid;
$SESSION_UPERM = $uperm;
$SESSION_UNAME = $uname;

I cut and pasted part of this so they are not exactly the same variables that you used.

I haven't tried session superglobals yet so I don't know if that changes things.

HTH

yeochins

I am experiementing with superglobals and it doesn't seem to work, I've corrected the boolean, etc but it makes no difference. About the session_register() function how does it work, like where do you place the varibles being registered, aswell as how would you retrieve them on another function ?

if you need reference to the active script then go to http://phpnetzero.sourceforge.net/?index=login

the user is demo and password is demo. Currently the authentication isn't 100% at peak in securety however I need to get the sessions done first as its one of the things I cant really play with after messing up the authentication. The CP doesn't call the function but by clicking Private Messages you call the is_user()