473,800 Members | 2,586 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

session problem - login screen continually reloads after pressing the login button

I am trying to get sessions to work on a log in screen to give certain
users access to certain pages/directories. The problem is that when
the login button is pushed (or the enter key pressed) the login screen
redraws, never loading the next page. I don't get any error messages.
I am using FreeBSD-5.1/Apache-2.0.46/MySQL-4.1.0.1/PHP-4.4.3.4

Thanks,
Chip

I have pasted the code below -

This is at the top of the page login.php -
-------------
<?
session_start() ;
session_registe r("userid","pas sword");
if ($submit)
{
$db=mysql_conne ct("localhost", "user","") or die ("Error in this query
$sql<< : " .mysql_error()) ;

mysql_select_db ("simradusa",$d b) or die ("Error in this query >>$sql<<
: " .mysql_error()) ;
$result=mysql_q uery("select * from user where userid = '$userid'",$db)
or die ("Error in this query >>$sql<< : " .mysql_error()) ;
while ($row=mysql_fet ch_array($resul t))
{
if ($row["userpasswo rd"]==$password)
{

header('Locatio n:
http://xxx.xxx.xxx.xx/auth_dealers/dealers_page.ph p');
}
}
}
?>
------------

This is at the top of all pages, before any html tags -
-------------
<?
session_start() ;
if(!isset($user id)) {
header('Locatio n: http://xxx.xxx.xxx.xx/auth_dealers/login2.php');
exit;
}
?>
Jul 17 '05 #1
1 3942
Chip <ca***********@ yahoo.com> schrieb:
I am trying to get sessions to work on a log in screen to give certain
users access to certain pages/directories. The problem is that when
the login button is pushed (or the enter key pressed) the login screen
redraws, never loading the next page. I don't get any error messages.
I am using FreeBSD-5.1/Apache-2.0.46/MySQL-4.1.0.1/PHP-4.4.3.4
And you're using code from the times of PHP 4.0.x.
<?
Don't use short tags. The are not portable. Use <?php.
session_start() ;
Seems OK. :-)
session_registe r("userid","pas sword");
That's not good. In fact it is bad style. Read the documentation at
http://www.php.net/manual/en/functio...n-register.php.
if ($submit)
You rely on register_global s=on. Since PHP 4.2.0, the default value for
register_global s is off.
This is at the top of all pages, before any html tags -
-------------
<?
session_start() ;
if(!isset($user id)) {
header('Locatio n: http://xxx.xxx.xxx.xx/auth_dealers/login2.php');
exit;
}
?>


Ouch. What is $userid? You might believe that it contains a variable
from your session. If register_global s is off, then it doesn't and PHP
will always send you back to login2.php. You'll find the value in
$_SESSION['userid'] instead. If register_global s is on, then it _might_
contain the id from the session. On the other hand it could be a clever
intruder who just calls your page with page.php?userid =42. So, don't
work with activated register_global s.

This leaves you with some work to do. Check the setting of
register_global s in the php.ini. If it's on, then switch it off. With
activated register_global s you have to work hard to make your code
secure. With deactivated register_global s you have to work to make it
insecure.

To find errors from uninitialized variables set the error_reporting to
E_ALL, so that you get all notices and warnings during the development
of your code.

Write data to a session with:
$_SESSION['example'] = $value;

Access data in a session with:
echo ($_SESSION['example']);

Access data from a form with:
$_POST['username']
or
$_GET['username']
according to your posting method.

Check http://www.php.net/manual/en/languag...predefined.php for
details about these "supergloba ls".

Regards,
Matthias
Jul 17 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
30
3991
Session theft?
by: Robert Tweed | last post by:
Does anyone know a good resource discussing the issues involved in session theft? I've read a couple, but none that really address the problem apart from acknowledging that it is a problem; you just don't seem to be able to do much about it. Does anyone have some tried-and-tested measures for preventing session theft, that aren't already built into PHP? For that matter, what measures _are_ already built into PHP? Are there significant...
PHP
2
5476
Session tracking
by: David Frauzel | last post by:
I'm writing a rough draft of a suite of small Perl apps that will, combined, serve as a web site's user sign-up, login, management, and customized content engine. I'm having trouble with the concept of one particular part of the "application" (as it were) - session tracking. Perl itself is handling user authentication (since I've no idea how Perl could "ask" the server who just authenticated to htaccess), so the login script will have an...
Perl
9
2456
Session and Application Variables dissappearing
by: William LaMartin | last post by:
I have a problem, mentioned here before, of Session and Application variables disappearing at one site but not at others or on my development computer. The problem is illustrated by an example at http://www.lamartin.com/dotnet/sessiontestset.aspx, were I set Session, Application and Cache variables on the first page and then on the second page view them as the second page is refreshed every five seconds. Before 10 refreshes, the...
ASP.NET
3
2736
Saving Form Data Across a Session Timeout
by: Mike | last post by:
Hello: I was not able to find a regular ASP group, so I posted this here instead. I have a web app which is actually just ASP using VBScript as the server-side language, running on IIS6. Users will log into the site and enter in large amounts of data in forms and submit this data to be saved to the database. Problem is, sometimes they submit the data after the session has timed out. This makes them very angry when they have just...
ASP.NET
7
4485
user enter key to control my login form
by: Grant Merwitz | last post by:
Hi I am trying to get the enter key to submit my login form The login form is currently in a control on the page and uses an asp:imagebutton as it's login button. If a user presses enter currently, the page just reloads. I have tried to use some javascript to set the enter key on the button, but this script only seems to work for an asp:button and not the asp:imagebutton.
ASP.NET
3
6054
Session abandon. New page loaded but not new SessionID
by: James | last post by:
My web application is comprised of a Login page and then several other pages nested in a masterpage. I am using a cookiless="UseUri" session configuration. I have a linkbutton on the masterpage for logout and when the user clicks this, code is run that does Session.Abandon() and Server.Transfer("Login. aspx"). This runs fine, but the url still reflects the old SessionID. Because of this, if the user decides to login again, the page reloads...
ASP.NET
2
2065
session problem with login script
by: Tom | last post by:
I hope someone can help me figure out what's going on here. I've re-read the section on sessions at php.net and Googled this high and low but I haven't found anything that quite explains my problem. The basic problem: session data (e.g. $_SESSION) gets dropped after visitor logs in and reloads the page via a form once or twice (it seems to vary), requiring the visitor to re-login, whereupon the problem repeats itself. An outline of...
PHP
17
4984
How to allow a webbrowser to restart a session after it has expired?
by: Riaan | last post by:
Hi guys! I have an issue that needs urgent resolution. Imagine this scenario: You have: 1 production server running Windows Server 2003, IIS6 and an instance of MSDE 2000. There is an asp.net app (written in C#) running which has the only purpose of rendering a page with a "Next" button on it and some status info. When the user clicks the next button, an event is written to the
ASP.NET
3
2735
Session Timeout isn't working correctly.
by: Mufasa | last post by:
Folks, I'm having problems with my session timeout. People using my website leave it just sitting there while they do other things. They have logged in ( using Forms Authentication ) and will be doing other things will a page of mine is up on the screen. But the session times out so that when I try and use a session variable, it crashes saying Object reference not set to an instance of an object. So I put <sessionState timeout="4800" />
ASP.NET
0
10507
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10279
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10255
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9092
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7582
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5473
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5607
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
3765
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2948
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us