php login/session issue

ace21

I have written a simple script for logging into a secure section of my website. Form, process page that continues on if correct (sets session) or displays a message on failure. Everything worked fine for a few days but now it doesnt.

Logins incorrectly will display the error message and kick you to the login page but correct logins will display no message and kick you back to the login page. Now it seems like if I make any change to the process page it work for a few days and then break again.

Any ideas as to what might be going on.

ace21

toplay

It could be lots of things, but it's best for you to post relevant code snippets (using this forum's PHP tags) so members can help you better.

maxpup979

with the information you have provided I can tell you with great assurance....something is broken. 🙂

ace21

Here is the code for the login process

<?
session_start();
if($uName == "name" && $uPass == "pass")
{
$ses_uID = 12;
session_register('ses_uID');
header('location: index.php');
}
else
{
header('location: login.php?message=incorrect login');
}
?>

here is the code for the main page after login
<?
session_start();

if($ses_uID == '')
{

header('location: login.php');
}
?>
//else continue with the main page

It always goes through to the second page but never sees the variable as having a value

AbusiveWombat

Instead of using "session_register" try:

$_SESSION["ses_uID"] = 12;

On main page:
session_start();
if (!isset($_SESSION["ses_uID"]))
{
header...
}

toplay

Yes, I agree with AbusiveWombat. If you have PHP version 4.1.0 or higher then just use $SESSION. The session_register() function requires register_globals to be on (which is a security risk). Just use $SESSION instead.

You cannot have a space in this like so:

?message=incorrect login

You should urlencode() it first!

Please note that the header() with location command does not redirect right there and then when it's executed. It actually redirects when your script ends or an exit is reached. So, to ensure no logic flow problems in your script, you should have an exit right after every header() with location to force redirection to occur immediately.

oneboy

Can you display the error it appears?Then we may know more about the problem🙂