More session issues . . .

DeadFly

Everytime I create a session with my login script the session is created fine, but when I tell it to redirect to cpanel.php, it gets redirected but then doesn't recognize the session variables from login.php.

<?php ##### login.php Script

///// Include header and set page title
$PAGE_TITLE='Login';
include('inc_header.php');

if (isset($_POST['submit']))
{
	$message=NULL; ///// Empty variable	

///// Check for Username
if (empty($_POST['username']))
{
	$u=FALSE;
	$message .='You forgot to enter your username.<br>';
} else {
	$u=escape_data($_POST['username']);
}

///// Check for Username
if (empty($_POST['password']))
{
	$p=FALSE;
	$message .='You forgot to enter your password.<br>';
} else {
	$p=escape_data($_POST['password']);
}

if ($u && $p) ///// If everything is okay
{
	///// Retrieve the id and fname for that username/password combo
	$query="SELECT id, fname FROM $TBL_Mem WHERE alias='$u' AND password=PASSWORD('$p')";
	$result=@mysql_query($query); ///// Run the query
	$row=mysql_fetch_array($result, MYSQL_NUM); ///// Return a record if exists

	if ($row) ///// A record was pulled from the database
	{
		///// Set cookies and redirect
		session_name('YourVisitID');
		session_start();
		$_SESSION['fname'] = $row[1];
		$_SESSION['id'] = $row[0];
		header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/cpanel.php");
		exit(); ///// Quit the script	
	} else { ///// No record matched the query
		$message='The username and password did not match those on file';
	}

} else {
	$message .='Please try again';
}
} ///// End of the Submit conditional

///// Print message if there is one
if (isset($message))
{
	echo '<font color="#CC0000">'.$message.'</font>';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table width="318" border="0" cellspacing="0" cellpadding="2" align="center">
  <tr>
    <td>Member Login</td>
  </tr>
  <tr>
    <td>
<table width="100%" border="1" cellspacing="0" cellpadding="2"><tr><td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">  

  <tr>
    <td><b>User Name</b></td>
    <td><div align="right"><input type="text" name="username" size="25" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></div></td>
  </tr>
  <tr>
    <td><b>Password</b></td>
    <td><div align="right"><input type="password" name="password" size="25" maxlength="15" /></div></td>
  </tr>
</table>
</td></tr></table>
    </td>
  </tr>
  <tr>
    <td><div align="right"><input type="submit" name="submit" value="Submit" /></div></td>
  </tr>
</table>
</form>
<?php
include ('inc_footer.php'); // Include the HTML footer.
?>

<?php ##### cpanel.php Script

session_name('YourVisitID');
session_start();

///// If no session is present then redirect
if (!isset($_SESSION['fname']))
{
	header("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/index.php");
	exit(); ///// Quit the script	
}

///// Include header and set page title
$PAGE_TITLE='Logged In';
include('inc_header.php');

///// Print message
echo "You are now logged in, {$_SESSION['fname']} !";

include ('inc_footer.php'); // Include the HTML footer.
?>

Anyone got any suggestions ?

flatpooks

have u got ur session directory set up right in the php.ini file? and is it accessible from ur user account?

when i get goofy session stuff i delete all the sessions manually from the cmd line (or explorer on windoze) and then try again ... usually works

🙂

DeadFly

everything is set up correctly in the php.ini and it is accessible from my user account (its on my home pc under admin).

I think it might be something with session_start(); because it keeps making empty sessions in the session.save_path when it does the redirect.

flatpooks

i usually have the first lines of my files like this:

<?php
session_name("whatever");
session_start();
include 'common/useful_stuff.php';

$uid = chk_user("myaccount.php");

blah blah...
?>

the chk_user() function is defined like:

function chk_user($goto)
{
if (!isset($_SESSION['varname'])){
header("location: login.php?redir=" . $goto);
die();
}

$str = rtrim(my_decrypt($_SESSION['varname']));

if ($str != "keyvalue"){
header("location: login.php?redir=" . $goto);
die();
}

// get decrypted user_id
return my_decrypt($_SESSION['uid']);
}

and i never get the issues ur talking about
hope that helps some

DeadFly

I don't understand what you're doing with chk_user(); . . . according to the PHP manual I should be able to access the variables and whatnot just by using the session global ($_SESSION).

flatpooks

yes u can but obviously ur not having much luck so i thought maybe if u standardized the way u handled pages it would help

the chk_user() function is at the top of every page that needs a logged in user ... it checks if a user is logged in and returns thr user_id if so

if not it sends them to the login page with a redirect value of the page they wanted to get to ... so it works like this:

user tries to go to 'myaccount.php' but they're not logged in so the chk_user("myaccount.php") function sends them to 'login.php?redir=myaccount.php'

when login is successful it redirects them to the redir requested

always start ur sessions at the very top of the file and always name them before starting them

DeadFly

Well I finally got my script to work . . . by using ini_set('session.use_cookies', 0); and then passing the SID in the url.
A bit of a security issue isn't it ?

flatpooks

yes it is
try deleting all sessions from explorer (or whatever) and then start over

DeadFly

tried it . . .
still the only way that works is to use no cookies . . .
friggin weird . . .

flatpooks

sheesh
sorry i couldnt help more
:/

DeadFly

Thanks for all your help though !
I think I'll "borrow" your chk_user() function.
😉

flatpooks

😉

DeadFly

Hey I just found out something . . .
I checked to see if a cookie was actually sent to my browser for the sessions (when I had session.use_cookies NOT set to 0), and it turns out it wasn't sending it . . . weird . . .