I got problem with session.

ngu_tri

Hello everyone. I hope you can help me out session problem. Tha nks

1)log in page(loggin.php):

<?
include("dbconnect.php");
$submit = $POST["submit"];
$user = $POST["brukernavn"];
$pass = $POST["passord"];
#session_start();
#if(!isset($db_user)){$db_user = false;}
if(!isset($SESSION['user'])){$SESSION['user']=false;}
#if(!isset($db_pass)){$db_pass = false;}
if(!isset($SESSION['pass'])){$_SESSION['pass']=false;}

mysql_connect($dbhost,$dbuser,$dbpass) or die("Cannot connect to the database.<br>" . mysql_error());
mysql_select_db("book") or die("Cannot select the database.<br>" . mysql_error());
$result = mysql_query("SELECT brukernavn,passord FROM bruker WHERE brukernavn='$user' and passord='$pass'");
while ($row = mysql_fetch_array($result, MYSQL_BOTH))
{
    $db_user = $row["brukernavn"];
    $db_pass = $row["passord"];
}

if(!$user|| !$pass)
    {
       echo "Could not connect. <a href=admin.html>Try again</a>";
    }
[U]else if($db_user == $user && $db_pass == $pass)[/U]
    {
       $_SESSION['brukernavn'] = $user;
       $_SESSION['passord'] = $pass;
       echo "$user";
       echo "You have Admin Access <a href=admin.php>click here to continue</a>";
    }
[U]else if ($db_user <> $user || $db_pass <> $pass)[/U]
    {
        echo "You do not have permission to access this area, sorry <a href=admin.html>click here to go back</a>";
    }
mysql_free_result($result);

?>

When I tast in wrong username and password(username or password). So I got error message:

Notice: Undefined variable: db_user in c:\inetpub\wwwroot\guestbook\loggin.php on line 79

Notice: Undefined variable: db_user in c:\inetpub\wwwroot\guestbook\loggin.php on line 86

2)when i want to log out(logout.php)

<?
$SESSION['brukernavn'] = false;
$SESSION['passord'] = false;
session_destroy();

?>

I also got error message:

Warning: session_destroy(): Trying to destroy uninitialized session in c:\inetpub\wwwroot\guestbook\loggut.php on line 4

3)I put this piece code on the top of any page which I wish to protect with a login
<?
if(!$_SESSION['brukernavn']){header("Location: loggin.php");}
?>

It does not work.

zhabala

ad 1) If the can't be found in DB you have to initialize variables $db_user and $db_pass to some value like this:

$db_user = '';
$db_pass = '';

ad 2) each page (php script) should start with session_start();

ad 3) try to use isset and or empty function to check whether the session variable is set like

if ( !isse($_SESSION['brukernavn']) ) {
   // do the redirect
}

Header Location usually needs absolute (not relative) URL like http://myhost.mydomain.com/script.php

Zdenek

ngu_tri

1)loggin.php(with session)

<?
include("dbconnect.php");
$submit = $POST["submit"];
$user = $POST["brukernavn"];
$pass = $_POST["passord"];
$db_user='';
$db_pass='';

$result = mysql_query("SELECT brukernavn,passord FROM bruker WHERE brukernavn='$user' and passord='$pass'");
while ($row = mysql_fetch_array($result, MYSQL_BOTH))
{
    $db_user = $row["brukernavn"];
    $db_pass = $row["passord"];
}
if(!isset($db_user)){$db_user = false;}
#if(!isset($_SESSION['user'])){$_SESSION['user']=false;}
if(!isset($db_pass)){$db_pass = false;}
#if(!isset($_SESSION['pass'])){$_SESSION['pass']=false;}

if(!$user|| !$pass)
    {
       echo "Task inn brukernavn eller passord. <a href=admin.html>Prøv igjen</a>";
    }
else if($db_user == $user&& $db_pass == $pass)
    {
       $_SESSION['brukernavn'] = $db_user;
       #$_SESSION['passord'] = $pass;
       echo "<a href=slett.php>Du er admin tilgang til å slette</a>";
       echo "<br>";
       echo "<a href=listeopp.php>Du er admin tilgang til å vise</a>";
       echo "<br>";
       echo "<a href=sok.php>Du er admin tilgang til å søke</a>";
       echo "<br>";
       echo "<a href=legginn.php>Du er admin tilgang til å legg inn</a>";
    }
else if ($db_user <> $user || $db_pass <> $pass)
    {
        echo "Beklage!! Du har ikke rettigheter til siden. <a href=admin.html>Prøv igjen</a>";
    }
mysql_free_result($result);

?>

2)listopp.php

<?php
session_start();
if(!$_SESSION['brukernavn']){header("Location: loggin.php");}
?>

<?php include("dbconnect.php"); ?>

<h2>View My Guest Book!!</h2>

<?php
$result = mysql_query("select * from guestbook");
if ($result)
{
while ($row = mysql_fetch_array($result))
{
print "Entry_ID:";
print $row["entry_id"];
print " \n";
print "Name:";
print $row["name"];
print " \n";
print "Location:";
print $row["location"];
print " \n";
print "Email:";
print $row["email"];
print " \n";
print "URL:";
print $row["url"];
print " \n";
print "Comments:";
print $row["comments"];
print " \n";
print " \n";
print " \n";
}
mysql_free_result($result);
}

?>

I got problem to put session on each page. Error message:

Warning: session_start(): open(C:\Program Files\php\sessiondata\sess_9b8782e14f1d549c976c714fff070f20, O_RDWR) failed: Permission denied (13) in c:\inetpub\wwwroot\media\listeopp.php

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at c:\inetpub\wwwroot\media\listeopp.php:9) in c:\inetpub\wwwroot\media\listeopp.php

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at c:\inetpub\wwwroot\media\listeopp.php:9) in c:\inetpub\wwwroot\media\listeopp.php

Notice: Undefined index: brukernavn in c:\inetpub\wwwroot\media\listeopp.php

zhabala

It means that PHP is not able to start session ( it means create a file in which the session data reside ) because PHP does not have the right permitions to the directory where it wanted to store the session files. You should check, whether the directory C:\Program Files\php\sessiondata\ exists and whether your PHP has the right permition. Usually the session data files are create in so called TEMP directory c:\temp or something like that where all users are able to create files. You can set the path in php.ini.

Zdenek

ngu_tri

Sorry! I could not understand what you mean, but I did permission to session directory. I got new error and hope you can help me out. Thank you very much. Regards Tri

1)login.php( log in page)

<?php
include("dbconnect.php");
$user = $POST["username"];
$pass = $POST["password"];
$db_user='';
$db_pass='';

$result = mysql_query("SELECT username,password FROM user WHERE username='$user' and password='$pass'");
while ($row = mysql_fetch_array($result, MYSQL_BOTH))
{
$db_user = $row["username"];
$db_pass = $row["password"];

if(!isset($db_user)){$db_user = false;}

#if(!isset($_SESSION['user'])){$_SESSION['user']=false;}

if(!isset($db_pass)){$db_pass = false;}

#if(!isset($_SESSION['pass'])){$_SESSION['pass']=false;}
}

Is that correct coding?

if(!isset($db_pass)){$db_pass = false;}
or
if(!isset($SESSION['pass'])){$SESSION['pass']=false;}
==========================================0
2) delete.php (protect this page by inputting this piece of coding)
<?php
session_start();
if(!isset($db_user))
{
echo"<a href=admin.php>Have to log in</a>";
}
?>

Is that correct coding?

3) New error:

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at c:\inetpub\wwwroot\media\backup\delete.php:9) in c:\inetpub\wwwroot\media\backup\delete.php on line 55

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at c:\inetpub\wwwroot\media\backup\delete.php:9) in c:\inetpub\wwwroot\media\backup\delete.php on line 55

logout.php ( when you want to log out)

<?php
$_SESSION['username'] = false;
session_destroy();
?>

Is that correct coding?

zhabala

It could be like you have it. The new error means that there was some output to the browser before the session_start(); function call. Please check whether your script does not begin with empty row or any other output or any echo statement or so.

Zdenek