got an issue with sessions

ftrudeau

greetings. ive got a script with a form on it. simple authentication check through mysql. once the user is authenticated via the script, im registering various session vars, but the user remains on the same page, with a greetings message and some info about his account. Problem is, once session vars are registered, it seams I absolutelly need to reload to page to actually view the session data (throug a print_r($_SESSION) for instance). What gives ? Is this normal ? I can I avoid this ? Thanks for any pointers.

Weedpacket

My guess is because you sound like you're mixing session_register() and $_SESSION together.

Don't.

Forget about session_register() and use $_SESSION[] exclusively for setting and reading your session data.

ftrudeau

Im already using $_SESSION['var1'] = $value to register my session data, and not session_register.

paulsbooker

is it possible to take a look at the script ?

kind regards
paul

ftrudeau

Indeed. Design is a little complicated, but necessary for my work.

Ive got a page, index.php, where the form is located. This page, for now, includes only the form, with this code :

<SOME HTML>
<?php
@session_start();
print_r($_SESSION);
include_once '/path/to/includes/authentication_form.php';
?>
<SOME OTHER HTML>

authentication_form.php is :

@session_start();

include_once '/path/to/conf/conf.inc.php';

set_include_path ($conf[include_paths]);

include_once 'HTML/Template/PHPLIB.php';
include_once 'functions.inc.php';
include_once 'AUTH.php';

$tpl =& new Template_PHPLIB($conf['templates_path'], 'remove');
$auth = new AUTH;

$tpl->setFile(array(
        "main" => "authentication_form_main.html",
        "error_switch" => "authentication_form_error_switch.html",
        "success" => "authentication_form_success.html"
));

if  (isset($_POST['username']) && isset($_POST['password']) && ereg("index.php", $_ENV_['HTTP_REFERER'])) {


   $auth->doAuth($_POST['username'], $_POST['password']);

   if(AUTH::isError($auth)) {                                                           

      $error_message = $auth->error->message;
      parseOut('main');
   }                                                                                                    

   $tpl->setVar("USERNAME", $_POST['username]);    

   parseOut('success');
}
else {                                                                                                       

   parseOut('main');
}                                                                                                       

function parseOut($scope) {
   global $tpl, $error_message;
   $tpl->setVar("ERROR_MESSAGE", $error_message);
   $tpl->parse("ERROR_SWITCH", "error_switch");
   $tpl->parse("OUT", $scope);
   $tpl->p("OUT");
   exit;           

}

... and finally, part of the AUTH class ...

function doAuth($username, $password) {
   if(!$this->link_id) {
      $this->_connect();
   }
   $q = "SELECT * FROM authent WHERE username = '" . $username . "' LIMIT 1";
   if ($this->num_rows($this->query($q))) {
      $this->next_record();
      if($this->record['password'] != md5($password)) {
         $this->error->error = 'AUTH_FAILED';
         $this->error->message = "Le mot de passe fournit pour l'utilisateur '" . $username . "' est incorrect.";
         return $this;
      } else {
         $_SESSION['internauteid'] = $this->record['internaute_Id'];
         $_SESSION['username'] = $this->record['username'];
         $_SESSION['level'] = $this->record['level'];
         $_SESSION['ip'] = $_ENV['REMOTE_ADDR'];
      }
   }
}

Actually, in not really sure were to activate the session ... (session_start). In the class, the page that includes the script or in the script itself ? Does it actually changes anything ? I did not test those various possibilities yet.

Thanks a bunch for any help.

Weedpacket

Why are you supressing error messages (@) on session_start()? Take that off and you will see why sessions are failing.

<SOME HTML>
<?php
@session_start();
print_r($_SESSION);
include_once '/path/to/includes/authentication_form.php';
?>
<SOME OTHER HTML>