PHP session help

tudorb

PHP session-help needed!

The variables I register in $_SESSION dissapear when I acces the next page.

I try to make a user authentication web page but all examples I tried fail to work, probabbly due to some wrong settings.

I use apache2, and php4 on a linux machine.

Thank you!

laserlight

Do you have a code sample?
And which version of PHP are you using?

Carello

You should be aware that Session information is lost when using
header(Location: url) to redirect to another page.

It's quite annoying, but there's an ugly work around, use:
<meta http-equiv="refresh" content="0;url=url">
instead of header().

tudorb

---------------index page-----------
<html>
<head>
<title>Login Page</title>
</head>
<body bgcolor="white">
<table width="400" align="center">
<tr>
<th valign=top> private area </th>
</tr>
<tr>
<td>
<p>This is a private area. </p>
<p>Please log in below if you have access to this area </p>
<?
//if no cookie is set then display the form
if(!isset($_COOKIE["this_cookie"])){
echo '<div align="center"><form action="validate.php" method="post">';
echo 'username : <input type="text" name="username"><br><br>';
echo 'password : <input type="password" name="password"><br><br>';
echo '<input type="submit" value="login"></form></div>';
}else{
echo "You are already logged in. <a href=\"1.php\">Continue</a>";
}
?>
</td>
</tr>
</table>
</body>
</html>

---------------------validate page-----------
----------included in all authenticated files--
<?
header("Pragma: ");
header("Cache-Control: ");
header("Expires: Mon, 26 Jul 1980 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
//set global variables
global $username,$password;

//header("Pragma: no-cache");
// EDIT HERE TO SUIT YOUR NEEDS
//set usernames and passwords
//only letters and numbers (no spaces) Known as can contain spaces
$uname[1] = "demo";
$upass[1] = "demo";
$known_as[1] = "demo user";
//additional users can be added
//$uname[2] = "demo";
//$upass[2] = "demo";
//$known_as[2] = "demo";

//the login page
$login_page = "index.php";
//where to go after login
$success_page = "1.php";
//the path to validate.php
$validate_path = "full path to validate.php";
//login failed error message
$login_err = '<div align="center">Your User Name or Password was incorrect</b></div>';
//no fields filled in
$empty_err = '<div align="center"><b>You need to login with your User Name and Password</b></div>';
//something entered that wasn't a letter or number error message
$chr_err = '<div align="center"><b>Please retry</b></div>';
// DO NOT EDIT BELOW HERE

//if the form is empty and the cookie isn't set
//then display error message the return to login
if($username == "" && $password == "" && !isset($_COOKIE["this_cookie"])){
print($empty_err);
include($login_page);
exit();
}

//if the form is not empty and the cookie isn't set
//then make sure that only letters and numbers are entered
//if there are then display error message the return to login
if($username != "" || $password != "" && !isset($_COOKIE["this_cookie"])){
if (preg_match ("/[^{a-zA-Z0-9]/",} $username.$password)){
print($chr_err);
include($login_page);
exit();
}
}

//if the cookie isn't set
if (!isset($_COOKIE["this_cookie"]) ){
$user_count = count($uname);
$user_exists = false;

// check through all the users to see if they exist
for ($i = 1; $i <= $user_count; $i++) {
if ($uname[$i] == $username && $upass[$i] == $password){
$user_id=$i;
//$welcome_name = $known_as[$i];
$user_exists = true;
}
}

if(!$user_exists){
print ($login_err);
include($login_page);
exit();
}

//if the login is correct then set the cookie
$cookie_val=crypt($uname[$user_id]);
//set the cookie so it dies when the browser is closed
setcookie ("name", $known_as[$user_id], 0);
setcookie ("this_cookie", $cookie_val, 0);
header("Location: $success_page");
exit();
}

//if a user tries to access validate.php directly and they are logged in
if($REQUEST_URI == $validate_path){
echo "<html>\n<head>\n";
echo "<title>Yor are logged in</title>\n";
echo "</head>\n";
echo "<body bgcolor=\"white\">\n";
echo "You are logged in. <a href=\"".$success_page."\">Continue</a>\n";
echo "</body>\n";
echo "</html>\n";

}

?>

weevil

So where is the part where you are registering these session variables? It doesn't look like you are using sessions.

razz

I agree with weevil in that there are no $_SESSION variable being set. Make sure you also start each page with:

session_start();

As to the comment by Carello... I have no session issues when using header redirects. In fact I use them all the time. I will gather user info from a form and send it to a validation page. The validation page sets the session variables from the POST data and does a header(location: url) redirect when all fields pass. Then it goes to a confirmation page where the user acn select 'Change' or 'Proceed' buttons. Proceed move to other forms keeping data in SESSION and Change goes back to the first form using SESSION to pre-fillin the form. After 2 forms , validations and confirmations the data from SESSION is entered into mysql and the un-needed SESSION variables are unset.

Last, you should be aware that SESSION's are not self contained. Meaning that the session id must follow you to all the pages. This is normally done thru cookies. Most think you choose between cookies and Sessions but the truth is the cookies may need to be turned on to use sessions. If they are not php can be configured to append the id to the url as in a GET. I have still had times though where I had to manually put the session id variable on the end of a url in a link. The session data is stored on the server.

razz

weevil

The validation page sets the session variables from the POST data and does a header(location: url) redirect when all fields pass.

How are you able to get the session id to pass through the header?
This was the only way I could get it to work:

header("Location: index.php?" .sid);

tudorb, check out the manual page on sessions

razz

Hey weevil,

I thought you might ask that...OK here is the deal. I use the following code and it goes for a few more pages but here are the first steps. The register form posts to itself which runs a function from an included file. The function validates the data and either returns an error code or header redirects to a confirmation page. The confirmation gives a choice and based on the choice uses a reg_redirect page to do another header redirect. Then I do it again to get the payment info. At the end SESSION info is used to enter into mySql and SESSION variables are unset. I had the problem you have at first and found that my cookie setting of 'ask first' was the problem. As soon as I set them ON I was fine with sticking the id on there manually. I created a function to check for cookies and if that fails it tells you to turn them on. You will need to make sure cookies are ON. If this does not all fit I will post 2 posts. Also, note the $_SESSION['userreg'] it used to prevent access out of order. by using an access_test() function I did.

register_form.php code:

<?php

/
Start Session and set REQUIRED files
/

header("Cache-control: private, no-cache");
session_start();

require_once('../required/cds_fns.inc');

/
From access_fns.inc to check for cookies
/

session_test();

/
From data_valid_fns.inc to validate after Submit
This checks for post to validate data otherwise the form loads
If the validation fails it returns error code
/

user_valid($_POST,'user');

/
From html_fns.inc to create header
/

do_html_header('User Registration');

?>
<br>
<center>

<?php

/
Test for POST and draw Error Message if it exists
If the validation fails the error code is set and
each code causes a response below
/

echo 'Session ID for this page: '.session_id().'<p>';
if(!$_POST["submit"] || $_SESSION['error'])
	{

	if ($_SESSION['error'])
		{
			if ($_SESSION['error'] == 'required')
			{
				echo '<font face="arial,helvetica" color="EE1D25">Please fill in all of the required fields.</font>';
				$_SESSION['error'] = '';
				unset ($_SESSION['error']);

			}else{

				switch($_SESSION['error'])
				{
					case 'zip':
						echo 'The <font face="arial,helvetica" color="EE1D25">Zip Code</font> appears invalid.';
						break;
					case 'hPhone':
						echo 'The <font face="arial,helvetica" color="EE1D25">Home Phone</font> appears invalid - xxx-xxx-xxx.';
						break;
					case 'wPhone':
						echo 'The <font face="arial,helvetica" color="EE1D25">Work Phone</font> appears invalid - xxx-xxx-xxx.';
						break;
					case 'fax':
						echo 'The <font face="arial,helvetica" color="EE1D25">Fax Phone</font> appears invalid - xxx-xxx-xxx.';
						break;
					case 'email':
						echo 'The <font face="arial,helvetica" color="EE1D25">Email</font> address appears invalid.';
						break;
					case 'pass_match':
						echo 'The <font face="arial,helvetica" color="EE1D25">Passwords</font> did not match.';
						break;
					case 'pass_length':
						echo 'Please check that the <font face="arial,helvetica" color="EE1D25">Password</font> is 6 to 10 characters.';
						break;
					case 'dup':
						echo '<font face="arial,helvetica" color="EE1D25">'.$_SESSION['fName'].' '.$_SESSION['lName'].', with a home phone of '.$_SESSION['hPhone'].' is already registered.</font>';
						$_SESSION['error'] = '';
						unset($_SESSION['error']);
						break;
				}


			}
		}

/
DISPLAY SESSION ERROR FOR TEST ONLY
/

	if ($_SESSION['error'])
		{
		echo '<p>session error is :'.$_SESSION['error'];
		}else{
		echo '<p>no session error';
		}

/
Registration Form sent to itself
Fields are empty to start but then populated with SESSION
info for an error or change. SESSION errors cause
the field text to change color
/

<p>
<br>
<font face='arial,helvetica' size='-1'>Items with the <font color="EE1D25">*</FONT> are required:</font>

</center>

<TABLE width="100%" border="0" cellpadding="5" cellspacing="0">
<tr>
<td align="right" valign="top" width="50%">
<font face="arial,helvetica" size="-1">First Name <font color="EE1D25">*</FONT></font>
</td>
<td align="left" valign="top" width="50%">
<INPUT type="text" name="fName" value="<?php echo isset($SESSION['fName']) ? $SESSION['fName'] : ''; ?>" size="20">
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1">Middle Initial  </font>
</td>
<td align="left" valign="top">
<INPUT type="text" name="mInt" value="<?php echo isset($SESSION['mInt']) ? $SESSION['mInt'] : ''; ?>" size="20">
</td>
</tr>

<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1">Street Address <font color="EE1D25"></FONT></font>
</td>
<td align="left" valign="top">
<INPUT type="text" name="street" value="<?php echo isset($SESSION['street']) ? $SESSION['street'] : ''; ?>" size="20">
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1">City <font color="EE1D25"></FONT></font>
</td>
<td align="left" valign="top">
<INPUT type="text" name="city" value="<?php echo isset($SESSION['city']) ? $SESSION['city'] : ''; ?>" size="20">
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1">State <font color="EE1D25"></FONT></font>
</td>
<td align="left" valign="top">
<SELECT NAME="state" SIZE="1">
<OPTION VALUE="" selected>Select One...</OPTION>
<OPTION VALUE="CA" <?php if ($SESSION["state"] == 'CA')echo 'selected'; ?>>CA</OPTION>
<OPTION VALUE="CO" <?php if ($SESSION["state"] == 'CO')echo 'selected'; ?>>CO</OPTION>
<OPTION VALUE="CT" <?php if ($SESSION["state"] == 'CT')echo 'selected'; ?>>CT</OPTION>
</SELECT>
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1" <?php if ($SESSION["error"] == 'zip') {echo 'color="EE1D25"'; $SESSION['error'] = ''; unset ($SESSION['error']);} ?>>Zip <font color="EE1D25"></FONT></font>
</td>
<td align="left" valign="top">
<INPUT type="text" name="zip" value="<?php echo isset($SESSION['zip']) ? $SESSION['zip'] : ''; ?>" size="10" maxlength=5>
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1" <?php if ($SESSION["error"] == 'hPhone') {echo 'color="EE1D25"'; $SESSION['error'] = ''; unset ($SESSION['error']);} ?>>Home Phone <i><font size = '2'>(10 digits) </font></i><font color="EE1D25"></FONT></font>
</td>
<td align="left" valign="top">
<INPUT type="text" name="hPhone" value="<?php echo isset($SESSION['hPhone']) ? $SESSION['hPhone'] : ''; ?>" size="15" maxlength=14>
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1" <?php if ($SESSION["error"] == 'wPhone') {echo 'color="EE1D25"'; $SESSION['error'] = ''; unset ($SESSION['error']);} ?>>Work Phone <i><font size = '2'>(10 digits)  </font></i></font>
</td>
<td align="left" valign="top">
<INPUT type="text" name="wPhone" value="<?php echo isset($SESSION['wPhone']) ? $SESSION['wPhone'] : ''; ?>" size="15" maxlength=14>
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1">Ext.  </font>
</td>
<td align="left" valign="top">
<INPUT type="text" name="wPhoneExt" value="<?php echo isset($SESSION['wPhoneExt']) ? $SESSION['wPhoneExt'] : ''; ?>" size="15">
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1" <?php if ($SESSION["error"] == 'fax') {echo 'color="EE1D25"'; $SESSION['error'] = ''; unset ($SESSION['error']);} ?>>Fax Phone <i><font size = '2'>(10 digits)  </font></i></font>
</td>
<td align="left" valign="top">
<INPUT type="text" name="fax" value="<?php echo isset($SESSION['fax']) ? $SESSION['fax'] : ''; ?>" size="15" maxlength=14>
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1" <?php if ($SESSION["error"] == 'email') {echo 'color="EE1D25"'; $SESSION['error'] = ''; unset ($SESSION['error']);} ?>>E-Mail <font color="EE1D25"></FONT></font>
</td>
<td align="left" valign="top">
<INPUT type="text" name="email" value="<?php echo isset($SESSION['email']) ? $SESSION['email'] : ''; ?>" size="20">
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1" <?php if ($SESSION["error"] == 'pass_match' || $SESSION["error"] == 'pass_length') {echo 'color="EE1D25"';} ?>>Password <i><font size = '2'>(6 - 10 characters) </font></i><font color="EE1D25"></FONT></font>
</td>
<td align="left" valign="top">
<INPUT type="password" name="pass" value="" size="15" maxlength=10>
</td>
</tr>
<tr>
<td align="right" valign="top">
<font face="arial,helvetica" size="-1" <?php if ($SESSION["error"] == 'pass_match' || $SESSION["error"] == 'pass_length') {echo 'color="EE1D25"'; $SESSION['error'] = ''; unset ($SESSION['error']);} ?>>Confirm Password <font color="EE1D25"></FONT></font>
</td>
<td align="left" valign="top">
<INPUT type="password" name="pass2" value="" size="15" maxlength=10>
</td>
</tr>

<INPUT type="submit" name="submit" value="Submit">
</td>
</tr>
</table>
</FORM>
<?php
}

?>
<?php

/
From html_fns.inc to Create Footer
/

do_html_footer();

The rest will come soon

razz

Here is the rest:

Here is the validation function from html_fns.inc

function user_valid($POST, $type)
{
if($POST["submit"])
{
$SESSION['fName'] = ucwords($POST['fName']);
$SESSION['mInt'] = ucwords($POST['mInt']);
$SESSION['lName'] = ucwords($POST['lName']);
$SESSION['street'] = ucwords($POST['street']);
$SESSION['city'] = ucwords($POST['city']);
$SESSION['state'] = $POST['state'];
$SESSION['zip'] = $POST['zip'];
$SESSION['hPhone'] = $POST['hPhone'];
$SESSION['wPhone'] = $POST['wPhone'];
$SESSION['wPhoneExt'] = $POST['wPhoneExt'];
$SESSION['fax'] = $POST['fax'];
$SESSION['email'] = strtolower($POST['email']);
$SESSION['pass'] = $POST['pass'];
$SESSION['pass2'] = $POST['pass2'];

	$fName = $_SESSION['fName'];
	$lName = $_SESSION['lName'];
	$street = $_SESSION['street'];
	$city = $_SESSION['city'];
	$state = $_SESSION['state'];
	$zip = $_SESSION['zip'];
	$hPhone = $_SESSION['hPhone'];
	$wPhone = $_SESSION['wPhone'];
	$fax = $_SESSION['fax'];
	$email = $_SESSION['email'];
	$pass = $_SESSION['pass'];
	$pass2 = $_SESSION['pass2'];

	if ($type == 'edit')
	{
		$_SESSION['userID'] = $_POST['userID'];
		$_SESSION['admin'] = $_POST['admin'];
		$_SESSION['completed'] = $_POST['completed'];
		$userID = $_SESSION['userID'];
		$admin = $_SESSION['admin'];
		$completed = $_SESSION['completed'];

		if($admin == 'YES')
		{
			$reqphone = $wPhone;
			$reqphonename = 'wPhone';
			$optphone = $hPhone;
			$optphonename = 'hPhone';
		}
		else
		{
			$reqphone = $hPhone;
			$reqphonename = 'hPhone';
			$optphone = $wPhone;
			$optphonename = 'wPhone';
		}

	}

	if ($type == 'admin')
	{
		$_SESSION['admin'] = 'YES';
		$_SESSION['completed'] = 'YES';

		$reqphone = $wPhone;
		$reqphonename = 'wPhone';
		$optphone = $hPhone;
		$optphonename = 'hPhone';
	}
	else
	{
		$reqphone = $hPhone;
		$reqphonename = 'hPhone';
		$optphone = $wPhone;
		$optphonename = 'wPhone';
	}

	if (!filled_out($fName, $lName, $street, $city, $state, $zip, $reqphone, $email, $pass, $pass2))
	{
		$_SESSION['error'] = "required";
		return;

	}else{

		if (!ziptest($zip))
		{
			$_SESSION['error'] = "zip";
			return;
		}

		if (!valid_phone($reqphone))
		{
			$_SESSION['error'] = $reqphonename;
			return;
		}
			$_SESSION[$reqphonename] = format_phone($reqphone);

		if ($optphone)
		{
			if (!valid_phone($optphone))
			{
				$_SESSION['error'] = $optphonename;
				return;
			}
			$_SESSION[$optphonename] = format_phone($optphone);
		}

		if ($fax)
		{
			if (!valid_phone($fax))
			{
				$_SESSION['error'] = "fax";
				return;
			}
			$_SESSION['fax'] = format_phone($fax);
		}

		if (!valid_email($email))
		{
			$_SESSION['error'] = "email";
			return;
		}

		if (!pass_length($pass))
		{
			$_SESSION['error'] = "pass_length";
			return;
		}

		if (!pass_match($pass, $pass2))
		{
			$_SESSION['error'] = "pass_match";
			return;
		}

		if ($type != 'edit')
		{
			$dup = check_dup_user($fName, $lName, $hPhone);
			if ($dup)
			{
				$_SESSION['error'] = "dup";
				return;
			}
		}

		if (!$SESSION['error'])
		{
			if ($type =='admin')
			{
				$_SESSION['add_admin'] = 1;
				header('LOCATION: admin_confirm.php');
				exit;
			}

			if ($type =='user')
			{
				$_SESSION['user_reg'] = 1;
				header('LOCATION: register_confirm.php');
				exit;
			}
			if ($type =='edit')
			{
				return true;
			}
		}
	}
}

}

Here is the code for the reg_confirm.php

<?php

/
Start Session and set required files
/

session_start();
require_once('../required/cds_fns.inc');

/
From access_fns.inc to check for set session flags and make sure
the user has filled in the register_form.php page
FORMAT is access_test(variable_name, variable_value, required_value)
/

access_test('user_reg',$_SESSION['user_reg'],1);

/
From html_fns.inc to create header
/

do_html_header('Registration Confirmation');

/
SESSION ID FOR TESTING ONLY
/

echo '<center>Session ID for this page: '.session_id().'<p></center>';

/
Display entered data from SESSION variables and direct to reg_redirect.php
/

<center>
<p>
<font face='arial,helvetica' size='-1'><h5>You have entered the following information:</h5></font>
<p>
<table border='0' cellpadding='5'>
<tr>
<td align='right' valign='middle'>
<font face="arial,helvetica" size="-1">Full Name:</font>
</td>
<td align='left' valign='middle'>
<font face='arial,helvetica' size='-1'><?php echo $SESSION['fName']; ?> <?php if ($SESSION["mInt"]) echo $SESSION['mInt']; ?> <?php echo $SESSION['lName']; ?></font>
</td>
</tr>
<tr>
<td align='right' valign='middle'>
<font face="arial,helvetica" size="-1">Street Address:</font>
</td>
<td align='left' valign='middle'>
<font face='arial,helvetica' size='-1'><?php echo $SESSION['street']; ?></font>
</td>
</tr>
<tr>
<td align='right' valign='middle'>
<font face="arial,helvetica" size="-1">City, State Zip:</font>
</td>
<td align='left' valign='middle'>
<font face='arial,helvetica' size='-1'><?php echo $SESSION['city']; ?>, <?php echo $SESSION['state']; ?> <?php echo $SESSION['zip']; ?></font>
</td>
</tr>
<tr>
<td align='right' valign='middle'>
<font face="arial,helvetica" size="-1">Home Phone:</font>
</td>
<td align='left' valign='middle'>
<font face='arial,helvetica' size='-1'><?php echo $_SESSION['hPhone']; ?></font>

	<?php if ($_SESSION["wPhone"]) echo "</td></tr><tr><td  align='right' valign='middle'><font face='arial,helvetica' size='-1'>Work Phone:</font></td><td  align='left' valign='middle'><font face='arial,helvetica' size='-1'>".$_SESSION['wPhone']."</font></td></tr>"; ?><?php if ($_SESSION["wPhoneExt"]) echo "<tr><td  align='right' valign='middle'><font face='arial,helvetica' size='-1'>Ext.</font></td><td  align='left' valign='middle'><font face='arial,helvetica' size='-1'>".$_SESSION['wPhoneExt']."</font></td></tr>"; ?>

	<?php if ($_SESSION["fax"]) echo "</td></tr><tr><td  align='right' valign='middle'><font face='arial,helvetica' size='-1'>Fax Phone:</font></td><td  align='left' valign='middle'><font face='arial,helvetica' size='-1'>".$_SESSION['fax']."</font>"; ?>
	</td>
</tr>
<tr>
	<td  align='right' valign='middle'>
		<font face="arial,helvetica" size="-1">Email:</font>
	</td>
	<td  align='left' valign='middle'>
		<font face='arial,helvetica' size='-1'><?php echo $_SESSION['email']; ?></font>
	</td>
</tr>
<tr>
	<td colspan='2' align='center'>
		<FORM name="regconfirm" method="post" action="reg_redirect.php">
			<INPUT type="submit" name="change" value="Change">
			<INPUT type="submit" name="proceed" value="Proceed">
		</form>
	</td>
</tr>

</table>
<p>
</center>
<?php

/
From html_fns.inc to Create Footer
/

do_html_footer();

This is the code for reg_redirect.php

<?php

/
Start Session and set required files
/

session_start();
require_once('../required/cds_fns.inc');

/
From access_fns.inc to check for set session flags and make sure
the user has filled in the register_form.php page
FORMAT is access_test(variable_name, variable_value, required_value)
/

access_test('user_reg',$_SESSION['user_reg'],1);

/
Redirect the client back to change data or forward to get payment info
/

if ($_POST['change'])
{
	unset($_SESSION['error']);
	header('LOCATION: register_form.php');

}elseif ($_POST['proceed']){

	$_SESSION['user_reg'] = 2;
	header('LOCATION: cc_form.php');

}

Hope it helps,

razz

weevil

Whoa! Looks pretty serious. Thanks for the code.