Topic: PHP and sessions (Page 1 of 1)

I know this is a bit of stuff, but here is what I have. Very simple login script that uses sessions and authenticates to users in a database.

It works on my system here, but when I tested it on the hosts server, it does nothing. No errors, just goes right back to the index page.

index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>PHP Log In</title>
<meta name="generator" content="MAX's HTML Beauty++ 2004" />
<link rel="stylesheet" type="text/css" href="css/stylin.css" />
</head>

<body>

<div id="login">

<form name="form1" class="form1" method = "post" action = "checklogin.php">
	<fieldset>
		<legend>User Log In</legend>
			<ol>
				<li>
					<label for = "uname">User Name : </label>
					<input name = "uname" type = "text" id = "uname" />
				</li>
				<li>
					<label for = "usrpass">Password : </label>
					<input name = "usrpass" type = "password" id = "usrpass" />
				</li>
				<li>
					<input type="submit" name="Submit" value="Login">
				</li>
			</ol>
	</fieldset>
</form>

</div>

</body>
</html>

checklogin.php

<?php
/*
*	checklogin.php
*/


require("constants.php");


 // username and password sent from form
$myusername=$_POST['uname'];
$mypassword=$_POST['usrpass'];

// encrypt password
$encrypted_mypassword=md5($mypassword);

$sql="SELECT * FROM " . TBL_NAME . " WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to the admin page
	session_register("myusername");
	session_register("mypassword");
	//can change this to the location where the authorized user can go to.
	//change this to go to the gallery upload page
	header("location:login_success.php");
}else {
	echo "Wrong Username or Password";
}

?>

I see where in the php manual, that session_register is deprecated but I am having problems switching it over to $_SESSION to see if that is the issue.

Register Globals is turned off on my machine here and it still works.

Thanks in advance!

Later,

C:\

I've never used the 'session_register'
Setting the variables using $_SESSION is just as easy -

$_SESSION['myusername'] = $myusername;

Is about all there is to it...

However, I believe you need to start each page that will deal with a session with this:

<?php
session_start();
?>

I don't have enough experience with sessions to say much else about it....

well, I tried to do exactly what you have there, but it still didn't work. I was testing it by sending it to another page from the form and just printing out the session information. Nothing was there

Was looking at the Zend tutorials but it shows to use session_register.

thanks for the info.

Later,

C:\

And you did call session_start() both in checklogin.php and the other test file?

Without that, setting variables through session_register or $_SESSION[...] wouldn't have had an effect, so there probably couldn't have been anything that was there on the test page when you tried printing them.

Yeah, remember to start the session on each page that will need to check the session info, not just the pages that set or update the info...

yeah, I started each page with session_start() each time. Now...I didn't put it into the checklogin.php page you see above. That page was there to do the registering of the session.

I have it working on my linux box at home which is running php5 and apache2. However the hosts server is running apache and php4

Thanks for the help.

Later,

C:\

quote:

---

CPrompt said:

Now...I didn't put it into the checklogin.php page you see above. That page was there to do the registering of the session.

---

Hmm.. without starting the session beforehand, that shouldn't have worked, not even on your local box.


What you could check is whether your local php.ini file enables a setting like 'session_auto_start'... it's not common, but might be it

quote:

---

kuckus said:

What you could check is whether your local php.ini file enables a setting like 'session_auto_start'... it's not common, but might be it

---

nope. It's off on both my box and the host server I'm not sure if using $_SESSION will work any better than what I have now but I'll change it over and see if that will work.

Later,

C:\

From PHP.NET

quote:

---

Note: HTTP/1.1 requires an absolute URI as argument to Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. You can usually use $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself:

---

I am guessing that the reason you're not getting the redirect is because your header isn't generating the absolute URI, but isn't passing an error for some reason. For this very purpose, I wrote a simple redirect function that generates the complete uri:

function redirect($url = "") 
{  
	ob_clean();
	$host=$_SERVER['HTTP_HOST'];
	$uri=rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
	Header("Location: http://$host$uri/$url"); 
	exit; 
}

Try using something similar to that. Might clear it all up.

-svd