login + globals

limichi

After an update to Php 4.3.3 I rewrote my loginscript by using super-globals, but now i have a problem.
On top of every protected page I made include('loginscript.php'); So when i login
then i get succesfully loggedin and it redirects me to the protected page .
But when I want to go further I have to log in again.So I think the sessions are not carried over!
What did I wrong?
Thanks for any help.

<?php

//this is loginscript.php
session_start();

$admin_user_name = "user";

$admin_password = "pass";

if(!isset($POST['ft_uid'])) {
?>

<html><head>
</head>

<body >
<form method="post" action="<?$SERVER['PHP_SELF'];?>">
<table width="60%">
<tr >
<td width="50%">Username:</td>
<td width="50%">
<input type="text" name="ft_uid" size="12">
</td>
</tr>
<tr>
<td width="50%">Password:</td>
<td width="50%">
<input type="password" name="ft_pwd" size="12">
</td>
</tr>
<tr >
<td colspan="2">
<br><div align="center">
<input type="submit" value="Log in" name="submit2">
</div>
</td>
</tr>
</table>
</form>
</body> </html>

<?php

$SESSION['ft_uid'];
$SESSION['ft_pwd'];

exit;
}

else

{

if($POST['ft_uid'] != $admin_user_name) //check username
{

echo "
<html><head>
</head>
<body>
Not allowed to .......
</body> </html>
";

session_unregister("ft_uid");
session_unregister("ft_pwd");

unset($ft_uid);

session_destroy();

exit;

}

if($POST['ft_pwd'] != $admin_password)//check password
{

echo "
<html><head>
</head>

<body>
Password not correct
</body> </html>
";

session_unregister("ft_uid");
session_unregister("ft_pwd");

unset($ft_uid);

session_unset();

session_destroy();

exit;

}

}

?>

dalecosp

You'll want to start the session, then check for the $_SESSION variable that says "this client is logged in...."

If you don't find it, then include the loginscript.

You can't just include() the login script on every page; in the abscence of the necessary POST vars, it'll send 'em to the login page every time ... which is what you say is happening, right?

dalecosp

Also, at what point in the login script are you assigning values to the SESSION array ... I don't see anything ....

limichi

What you say is right,I have to log in to every page.

I changed this:
$ft_uid = $POST["ft_uid"];
$ft_pwd = $POST["ft_pwd"];

$_SESSION["ft_uid"] = $ft_uid; 
$_SESSION["ft_pwd"] = $ft_pwd;

But it still does not work like it did before, I have to log in to every page.

Jea L.

dalecosp

So I'm right, fine; did I miscommunicate the other part of what's going on here?

Your script says "If $POST['whatever']" ... since you're using a $SESSION variable, you want to check that the $SESSION variable exists, not the $POST one, on each page.