Message driven game: problems with sessions & including

PHPVortex

Hello all,

I have a question regarding a coding problem that I can't seem to fix. I am creating a message-driven RPG site. Coding PHP is a new hobby, so I apologize if not all code is as optimal as it could be 😉.

The site is based around a template page (index.php). It contains a navigation menu and loads content by including the required pages. Default content is an introduction page. Also index.php facilitates user authentication, by means of a login form.

The coding problem relates to session variables being lost when browsing around the site.

index.php -> all_matches.php -> view_match.php -> add_post.php

The player logs in on index.php (a login form is located there), then browses to all_matches.php where he selects a match where he wants to post. In view_match.php, the selected match is displayed. I want to display a hyperlink in view_match.php to an 'add post form' (add_post.php). But this hyperlink may only be displayed if the player is logged in and is authorized to post in the match. Of course, I later check this again in add_post.php for security reasons.

Index.php creates a session with the $Name (user name), $access (allowed access) and $login (set to 1 if logged in). Because the template page stays the same, the data is retained. When going to all_matches, session data is retained. But when I go to view_match, session data is lost.

Remember that all_matches.php, view_match.php and add_post.php are all loaded as content in index.php!

If anyone knows how to solve this problem, I am eternally grateful. Note that I use session_register, instead of $_SESSION. This isn't the problem as on the other pages it works. But I'll probably change this in the future. Some excerpts of the scripts are below.

Index.php:

<?
  session_start();

  // Specify the base URL for view_match.php:
  $b_url='http://www.mysite.org/';

  // Get the desired page from the URL if provided, otherwise open introduction page as default:
  $page=$_GET['p'];

  // Get the desired match to display from the URL if provided:
  $mid=$_GET['m'];

  ... // Display basic layout in HTML.
  ... // If the player is logged in, the index.php will display "You are logged in as ...".

  // Display the desired page in the main table of the HTML layout.
  switch($page) {
    case "intro":
      include 'intro.php';
      break;
    case "all_matches":
      include 'all_matches.php';
      break;
    case "view_match":
      include $b_url.'view_match.php?m='.$mid;
      // I use this because include() can only use URL variables with absolute URL's.
      break;
    ... // More options.
    default: 
      include 'intro.php';
    }
?>
  ... // Display the HTML navigation bar. One of the links is:
  <A HREF="index.php?p=all_matches">View All Matches</A><BR>
  ...
<?
  // Display the login form on the page and execute the following code if authentication is succesfull:
  // Register login variables:
  $login  = "1";
  $access = $l_info['access'];

  session_register("login");
  session_register("Name");
  session_register("access");

  // Redirect back to index.php:
  session_write_close();
  $insertGoTo="http://www.mysite.org/index.php?p=intro";

  print "<script language=\"JavaScript\">";
  print "window.location = '$insertGoTo' ";
  print "</script>";
  exit();
?>

All_matches.php:

This page gives an overview of all available matches. The only important thing here is the link to view_match.php. The variable $details['match_id'] is retrieved from a MySQL database.

<A HREF="index.php?p=view_match&m=<? echo $details['match_id']; ?>"><? echo $details['match_id']; ?></A>

View_match.php:

<?
 // Get the desired match to display from the URL if provided:
 $mid=$_GET['m'];

 ... // Display match posts.

 // Check if the player may post in this match. THIS IS WHERE THE SESSION VARIABLES ARE LOST!!!
 echo $Name;
 echo $login;
 echo $access;
 if (empty($access)) {
    echo "No access specified!";
 } else {
    echo "Access specified!";
 }

 ... // Some further HTML to display the rest of the page.
?>

Conclusion:

I always get "No access specified!" in view_match.php, I don't know why. Perhaps, this is because the code [include $b_url.'view_match.php?m='.$mid;] in index.php is an absolute URL and PHP drops the session for security reasons ???? Any help is appreciated. Thanks for reading this far.

Edit: added PHP code highlighting

rehfeld

please us [ php ] [ /php ] bbcode tags so your code is formatted nicely and easy to read.

the reason your losing the session in view_match.php is because of the way you are including it.

because you are including it via url, and not filesystem, php actually does a SEPERATE page request to your server, just like you would if you typed that url into your browser. so if you wouldnt expect it to work if you just went to that url via your browser, dont expect it to work by including it via url.

but you shouldnt be including an absolute url anyway, at least in this situation.

including is basically like cutting and pasting the code into the parent script.

any variables you define in the parent script, will be avaiable to the included file as well.

take this example

<?php
// index.php
$foo = 'bar';
include 'echo_foo.php';
echo $var_from_include; // works
?>

<?php
// echo_foo.php
echo $foo; // works
$var_from_include = 'something';
?>

the reason it works is because this is essentially how php sees it

<?php
// index.php
$foo = 'bar';
echo $foo;
$var_from_include = 'something';
echo $var_from_include;
?>

the above example only works if your including via filesystem, not via url.

read these pages

http://www.php.net/variables.scope
http://www.php.net/include

PHPVortex

Thanks for your quick reply. I have edited the message to have PHP highlighting.

If I include from the local filesystem, how can I transmit the match id ($mid) to view_match.php, so that it can retrieve the appropriate posts from the database and then include everything in index.php?

I decided on this construction, because the PHP manual says:

// Works.
include 'http://www.example.com/file.php?foo=1&bar=2';

Perhaps it wasn't a good idea. Any examples on how to change the script to accomplish what I wanted to achieve?

rehfeld

do you not understand what i posted for you?

if you understand it the answer should be very obvious(hint- stop including via urls)