473,695 Members | 2,820 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

.htaccess to enable sessions

Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_global s being on.

I have looked everywhere for info on this and I mean everywhere
including the php.net manual.

In the manual it said to include something like the following:

php_flag register_global s off;
php_value session.save_pa th C:\home\user\si teroot\sess\use rs
php_value session.cookie_ time 3600
php_value session.gc_maxl ifetime 3600
php_value include_path .;C:\home\user\ siteroot\sess
php_value auto_prepend C:\home\user\si teroot\sess\pat h_file.php

I did that and then someone in here said that it was wrong and I
needed to include all these other things and have other files in
different places as well.

To start with, I was informed in this group that all I needed was a
..htaccess file nothing else.

I am running locally, I have Windows XP Pro. I have Apache 2.0.49, PHP
4.37.

What exactly do I need to have in this .htaccess file (and elsewhere)
to get sessions to work? What am I doing wrong? All I have done is
followed what people in here and the advice in the manual said.

Is asp or coldfusion as complicated and troublesome to use as php is?

Are there any "good php" books that have recently been published that
explain clearly how to enable sessions without register_blobal s being
on? This book I am working through is pretty new, it is for learning
asp, coldfusion or php with mysql in dreamweaver mx 2004! It has only
recently been published but is still going with the old method of
globals being on! I have four other books on php as well, and none of
them deal with this.

Help please before I pull all my hair out! (whats left of it!)

John
Jul 17 '05 #1
7 7523
Bob
On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:
Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_global s being on.


I use sessions with register_global s off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_global s set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...

The key idea is to use the $_SESSION superglobal array. Here is a
simplified example from the php web site:

<?php
// page1.php
session_start() ;
echo 'Welcome to page #1';
$_SESSION['favcolor'] = 'green';

// Works if session cookie was accepted
echo '<br /><a href="page2.php ">page 2</a>';

// Or maybe pass along the session id, if needed
echo '<br /><a href="page2.php ?' . SID . '">page 2</a>';
?>

<?php
// page2.php
session_start() ;
echo 'Welcome to page #2<br />';
echo $_SESSION['favcolor']; // green
?>

Jul 17 '05 #2
On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam. me> wrote:
On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:
Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_global s being on.


I use sessions with register_global s off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_global s set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...


I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.

If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?

Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?

When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('C onnections/conn_newland.ph p'); ?>
<?php
// *** Validate request to login to this site.
session_start() ;

$loginFormActio n = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername= $_POST['username'];
$password=$_POS T['pwd'];
$MM_fldUserAuth orization = "userGroup" ;
$MM_redirectLog inSuccess = "index.php" ;
$MM_redirectLog inFailed = "login_failed.p hp";
$MM_redirecttoR eferrer = true;
mysql_select_db ($database_conn _newland, $conn_newland);

$LoginRS__query =sprintf("SELEC T username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quote s_gpc() ? $loginUsername :
addslashes($log inUsername), get_magic_quote s_gpc() ? $password :
addslashes($pas sword));

$LoginRS = mysql_query($Lo ginRS__query, $conn_newland) or
die(mysql_error ());
$loginFoundUser = mysql_num_rows( $LoginRS);
if ($loginFoundUse r) {

$loginStrGroup = mysql_result($L oginRS,0,'userG roup');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");

if (isset($_SESSIO N['PrevUrl']) && true) {
$MM_redirectLog inSuccess = $_SESSION['PrevUrl'];
}
header("Locatio n: " . $MM_redirectLog inSuccess );
}
else {
header("Locatio n: ". $MM_redirectLog inFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt d">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newlan d Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet " type="text/css" />
<script language="JavaS cript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf ("?"))>0&&paren t.frames.length ) {
d=parent.frames[n.substring(p+1 )].document; n=n.substring(0 ,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.fo rms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.l ayers&&i<d.laye rs.length;i++)
x=MM_findObj(n, d.layers[i].document);
if(!x && d.getElementByI d) x=d.getElementB yId(n); return x;
}

function MM_validateForm () { //v4.0
var
i,p,q,nm,test,n um,min,max,erro rs='',args=MM_v alidateForm.arg uments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj( args[i]);
if (val) { nm=val.name; if ((val=val.value )!="") {
if (test.indexOf(' isEmail')!=-1) { p=val.indexOf(' @');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val) ;
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf(' inRange') != -1) { p=test.indexOf( ':');
min=test.substr ing(8,p); max=test.substr ing(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+er rors);
document.MM_ret urnValue = (errors == '');
}
//-->
</script>
</head>

<body>
<a href="#top"><im g src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0" >
<tr>
<td><img src="images/banner_left.jpg " width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><im g src="images/banner_right.jp g" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbar Map" alt="Navigation Bar"
/></td>
<td><img name="copyright _bar" src="images/copyright_bar.g if"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login " id="frm_login" method="POST" action="<?php
echo $loginFormActio n; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3" >
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_val idateForm('user name','','RisEm ail','pwd','',' R');return
document.MM_ret urnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register. php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap " id="navbarMap" >
<area shape="rect" coords="1,0,62, 20" href="index.php " alt="Home" />
<area shape="rect" coords="71,0,11 7,20" href="about.php " alt="About"
/>
<area shape="rect" coords="129,0,1 96,20" href="tours.php " alt="Find
Tours" />
<area shape="rect" coords="209,0,3 11,20" href="profiles. php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,4 34,20" href="contact.p hp"
alt="Contact An Agent" />
</map>
</body>
</html>


John

Jul 17 '05 #3
John wrote:
On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam. me> wrote:

On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:

Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_global s being on.

I use sessions with register_global s off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_global s set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...

I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.

If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?

Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?

When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('C onnections/conn_newland.ph p'); ?>
<?php
// *** Validate request to login to this site.
session_start() ;

Session_start needs to be the first line. That means it needs to go
before the include you've got here. To the best of my knowledge, you
don't need an .htaccess file to get this to work. I've never used one.

Steve
$loginFormActio n = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername= $_POST['username'];
$password=$_POS T['pwd'];
$MM_fldUserAuth orization = "userGroup" ;
$MM_redirectLog inSuccess = "index.php" ;
$MM_redirectLog inFailed = "login_failed.p hp";
$MM_redirecttoR eferrer = true;
mysql_select_db ($database_conn _newland, $conn_newland);

$LoginRS__query =sprintf("SELEC T username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quote s_gpc() ? $loginUsername :
addslashes($log inUsername), get_magic_quote s_gpc() ? $password :
addslashes($pas sword));

$LoginRS = mysql_query($Lo ginRS__query, $conn_newland) or
die(mysql_error ());
$loginFoundUser = mysql_num_rows( $LoginRS);
if ($loginFoundUse r) {

$loginStrGroup = mysql_result($L oginRS,0,'userG roup');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");

if (isset($_SESSIO N['PrevUrl']) && true) {
$MM_redirectLog inSuccess = $_SESSION['PrevUrl'];
}
header("Locatio n: " . $MM_redirectLog inSuccess );
}
else {
header("Locatio n: ". $MM_redirectLog inFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt d">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newlan d Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet " type="text/css" />
<script language="JavaS cript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf ("?"))>0&&paren t.frames.length ) {
d=parent.frames[n.substring(p+1 )].document; n=n.substring(0 ,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.fo rms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.l ayers&&i<d.laye rs.length;i++)
x=MM_findObj(n, d.layers[i].document);
if(!x && d.getElementByI d) x=d.getElementB yId(n); return x;
}

function MM_validateForm () { //v4.0
var
i,p,q,nm,test,n um,min,max,erro rs='',args=MM_v alidateForm.arg uments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj( args[i]);
if (val) { nm=val.name; if ((val=val.value )!="") {
if (test.indexOf(' isEmail')!=-1) { p=val.indexOf(' @');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val) ;
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf(' inRange') != -1) { p=test.indexOf( ':');
min=test.substr ing(8,p); max=test.substr ing(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+er rors);
document.MM_ret urnValue = (errors == '');
}
//-->
</script>
</head>

<body>
<a href="#top"><im g src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0" >
<tr>
<td><img src="images/banner_left.jpg " width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><im g src="images/banner_right.jp g" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbar Map" alt="Navigation Bar"
/></td>
<td><img name="copyright _bar" src="images/copyright_bar.g if"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login " id="frm_login" method="POST" action="<?php
echo $loginFormActio n; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3" >
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_val idateForm('user name','','RisEm ail','pwd','',' R');return
document.MM_ret urnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register. php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap " id="navbarMap" >
<area shape="rect" coords="1,0,62, 20" href="index.php " alt="Home" />
<area shape="rect" coords="71,0,11 7,20" href="about.php " alt="About"
/>
<area shape="rect" coords="129,0,1 96,20" href="tours.php " alt="Find
Tours" />
<area shape="rect" coords="209,0,3 11,20" href="profiles. php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,4 34,20" href="contact.p hp"
alt="Contact An Agent" />
</map>
</body>
</html>


John


Jul 17 '05 #4
I noticed that Message-ID: <o9************ *************** *****@4ax.com>
from John contained the following:
I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

True enough.

I think you are trying to do too much at once. Why not get something
simple working first?

Try this: Username: John Password: php
or Username: Geoff Password: php

Now, copy the following and save it as login.php

<?php
session_start() ;
$_SESSION['logged_in']="";

//enter username-password pairs here
$userpass=array ("geoff-php","john-php");

if(isset($_POST['Submit'])){
$username=$_POS T['username'];
$input=strtolow er($_POST['username'])."-".strtolower($_ POST['password']);

if(in_array($in put,$userpass)) {
$_SESSION['logged_in']=1;
}
}
else{$username= "";}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>Login page</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

</HEAD>
<BODY BGCOLOR="#fffff f" TEXT="#000000">

<h2>Login page</h2>
<h3>Login to access administrative options</h3>
<form name="form1" method="post" action="">

<table width="30%" border="0" cellspacing="0" cellpadding="2" >
<tr>
<td align="right">U sername: </td>
<td>
<input type="text" name="username" value="<?php print $username;
?>">
</td>
</tr>
<tr>
<td align="right">P assword:</td>
<td>
<input type="password" name="password" >
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<input type="submit" name="Submit" value="Submit">
</td>
</tr>
</table></form>
<?php
if($_SESSION['logged_in']==1)
{
?>
<h3>Login successful!</h3>
<!--do stuff - show links, whatever...-->
<?php }
elseif(isset($_ POST['username'])||isset($_POST['password'])){
print "<h3>Incorr ect username or password. Go away.</h3>";
}
?>
</div>
</BODY>
</HTML>
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #5
<?php require_once('C onnections/conn_newland.ph p'); ?>
<?php
// *** Validate request to login to this site.
session_start() ;

Session_star t needs to be the first line. That means it needs to go
before the include you've got here. To the best of my knowledge, you
don't need an .htaccess file to get this to work. I've never used one.

Steve


Steve.

How should I break this down and change it?

Would the following work...?
<?php
// *** Validate request to login to this site.
session_start() ;
?>

<?php require_once('C onnections/conn_newland.ph p'); ?>

<?php
$loginFormActio n = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}
etc etc.... ?>

Or should I just leave it all open?

<?php
// *** Validate request to login to this site.
session_start() ;

php require_once('C onnections/conn_newland.ph p');

$loginFormActio n = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}
etc etc.... ?>

Cheers

John
Jul 17 '05 #6
"John" <du*@ula.com> wrote in message
news:l4******** *************** *********@4ax.c om...
Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_global s being on.

I have looked everywhere for info on this and I mean everywhere
including the php.net manual.

In the manual it said to include something like the following:

php_flag register_global s off;
php_value session.save_pa th C:\home\user\si teroot\sess\use rs
php_value session.cookie_ time 3600
php_value session.gc_maxl ifetime 3600
php_value include_path .;C:\home\user\ siteroot\sess
php_value auto_prepend C:\home\user\si teroot\sess\pat h_file.php

I did that and then someone in here said that it was wrong and I
needed to include all these other things and have other files in
different places as well.

To start with, I was informed in this group that all I needed was a
.htaccess file nothing else.

I am running locally, I have Windows XP Pro. I have Apache 2.0.49, PHP
4.37.

What exactly do I need to have in this .htaccess file (and elsewhere)
to get sessions to work? What am I doing wrong? All I have done is
followed what people in here and the advice in the manual said.

Is asp or coldfusion as complicated and troublesome to use as php is?

Are there any "good php" books that have recently been published that
explain clearly how to enable sessions without register_blobal s being
on? This book I am working through is pretty new, it is for learning
asp, coldfusion or php with mysql in dreamweaver mx 2004! It has only
recently been published but is still going with the old method of
globals being on! I have four other books on php as well, and none of
them deal with this.

Help please before I pull all my hair out! (whats left of it!)

John


Most default PHP installs I see have sessions enabled already. What does
phpinfo() say when you don't have any .htaccess file in place? What evidence
do you have that sessions are not working? You haven't shown any code where
you attempt to use sessions, so it may well be that you simply aren't coding
correctly and your configurations are correct.

Show a short and complete example that demonstrates the problem, describe
the symptoms, and perhaps we can help you retain a few hairs.

As pointed out by Bob the primary key is to use $_SESSION array to access
session variables. That, and issue a session_start() function call at the
beginning of your script.

- Virgil
Jul 17 '05 #7
"John" <du*@ula.com> wrote in message
news:o9******** *************** *********@4ax.c om...
On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam. me> wrote:

I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.
Not necessary.
If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?
Probably.
Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?
Comments in code below.
When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('C onnections/conn_newland.ph p'); ?>
<?php
// *** Validate request to login to this site.
session_start() ;
Contrary to Steve's posting, it is *not* necessary to have session_start
before the require_once call. Leave it alone.
$loginFormActio n = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}
Where is $accesscheck set? I don't see it anywhere.

Replace $GLOBALS with $_SESSION.

Remove session_registe r(whatever). You are not supposed to use the
session_registe r function with $_SESSION.
if (isset($_POST['username'])) {
$loginUsername= $_POST['username'];
$password=$_POS T['pwd'];
$MM_fldUserAuth orization = "userGroup" ;
$MM_redirectLog inSuccess = "index.php" ;
$MM_redirectLog inFailed = "login_failed.p hp";
$MM_redirecttoR eferrer = true;
mysql_select_db ($database_conn _newland, $conn_newland);

$LoginRS__query =sprintf("SELEC T username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quote s_gpc() ? $loginUsername :
addslashes($log inUsername), get_magic_quote s_gpc() ? $password :
addslashes($pas sword));

$LoginRS = mysql_query($Lo ginRS__query, $conn_newland) or
die(mysql_error ());
$loginFoundUser = mysql_num_rows( $LoginRS);
if ($loginFoundUse r) {

$loginStrGroup = mysql_result($L oginRS,0,'userG roup');

file://declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
Replace $GLOBALS with $_SESSION.
file://register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");
Drop these two lines of code. session_registe r is not for use with $_SESSION
if (isset($_SESSIO N['PrevUrl']) && true) {
$MM_redirectLog inSuccess = $_SESSION['PrevUrl'];
}
header("Locatio n: " . $MM_redirectLog inSuccess );
}
else {
header("Locatio n: ". $MM_redirectLog inFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt d">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newlan d Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet " type="text/css" />
<script language="JavaS cript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { file://v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf ("?"))>0&&paren t.frames.length ) {
d=parent.frames[n.substring(p+1 )].document; n=n.substring(0 ,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.fo rms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.l ayers&&i<d.laye rs.length;i++)
x=MM_findObj(n, d.layers[i].document);
if(!x && d.getElementByI d) x=d.getElementB yId(n); return x;
}

function MM_validateForm () { file://v4.0
var
i,p,q,nm,test,n um,min,max,erro rs='',args=MM_v alidateForm.arg uments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj( args[i]);
if (val) { nm=val.name; if ((val=val.value )!="") {
if (test.indexOf(' isEmail')!=-1) { p=val.indexOf(' @');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val) ;
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf(' inRange') != -1) { p=test.indexOf( ':');
min=test.substr ing(8,p); max=test.substr ing(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+er rors);
document.MM_ret urnValue = (errors == '');
}
file://-->
</script>
</head>

<body>
<a href="#top"><im g src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0" >
<tr>
<td><img src="images/banner_left.jpg " width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><im g src="images/banner_right.jp g" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbar Map" alt="Navigation Bar"
/></td>
<td><img name="copyright _bar" src="images/copyright_bar.g if"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login " id="frm_login" method="POST" action="<?php
echo $loginFormActio n; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3" >
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_val idateForm('user name','','RisEm ail','pwd','',' R');return
document.MM_ret urnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register. php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap " id="navbarMap" >
<area shape="rect" coords="1,0,62, 20" href="index.php " alt="Home" />
<area shape="rect" coords="71,0,11 7,20" href="about.php " alt="About"
/>
<area shape="rect" coords="129,0,1 96,20" href="tours.php " alt="Find
Tours" />
<area shape="rect" coords="209,0,3 11,20" href="profiles. php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,4 34,20" href="contact.p hp"
alt="Contact An Agent" />
</map>
</body>
</html>


See if that cleans things up.

- Virgil
Jul 17 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
13177
by: Marko Lahtinen | last post by:
Hello! A part of my website is protected with a .htaccess file. Can I somehow bypass the username/password dialog ?? Can I somehow "hardcode" the authentication name and password in my php-file or can I use for example a html form/mysql authentication and at the same time set some variables or headers (or something) so the user can access the ..htaccess part ? A stupid example: if user presses a button, user gets transferred to the...
6
16438
by: somaboy mx | last post by:
Hello I need people to be able to complete long text blocks in my cms before their session times out. From the php documentation I gather that ini directive session.gc_maxlifetime would be the one to adjust here. I am on shared hosting, so I can't change the php_ini settings directly. If I use ini_set, should I do that on every page in my cms, or would it suffice to do it on the login page? Or could I do it in a .htaccess file (which...
1
2260
by: awebguynow | last post by:
My shared-host doesn't allow php_value directives in .htaccess I was using an "auto_prepend_file" on my local development machine, that helped me implement a Session based authentication system. Host said: "PHP is running as SuEXEC-CGI for security reasons" and auto_prepend_file can only be put in php.ini ( system wide, out of my control ) Now I'm back to Square 0. I'd prefer not to get stuck rewriting my
1
2368
by: asllearner | last post by:
I have an htaccess file protected folder. In that folder I have several php files that generate some simple html. When I am logged out, cache cleared, sessions info cleared, I navigate to one of the php scripts, and the login screen shows up. so far so good. But now, even if i enter invalid information in the login screen, or cancel out of it, my php script seems to be running, and my information is showing up in the browser. what:s up...
1
18229
by: jonathan184 | last post by:
Hi I would like to enable these two features for one of the websites on a server, How would i put this in an .htaccess doc? ;; Enable output character encoding conversion for all PHP pages ;; Enable Output Buffering output_buffering = On ;; Set mb_output_handler to enable output conversion output_handler = mb_output_handler
5
10189
by: Nosferatum | last post by:
I am in need of a solution on how to solve this problem: I need to limit access to six different folders. My users are validated in a system which check their prescence with a couple of variables in a db and then forwards them if they exist. Based upoen their status they are redirected to one of six folders. Users belonging to group A shall get access to folder A, but not B, C etc. It must be possible to limit access in this order by...
0
2169
by: xiaawan | last post by:
Hi All, Can Anyone help me to solve this problem. Actually I have two urls and I want both of them to work at the same time for different urls. here is my .htaccess code. AddHandler application/x-httpd-php5 .php AddType x-mapp-php5 .php Options +FollowSymLinks RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} -d
5
7277
by: =?Utf-8?B?QWxla3MgS2xleW4=?= | last post by:
I test asp.net 2.0 application on virtual PC for studio Orcas 2.0. When I start application I get error in line session("aa")="bb" Error tells that I need to enable session state. I found in @page directive option enableSessionState which has values false, readonly and true. I put this value true, however it did not help. it is possible to put this value into web.config, but i did not find where. Also i need to add appropriate module...
2
2219
by: knkk | last post by:
I want to redirect a url http://abc.xyz.com/123 to http://www.xyz.com. So the file that will be accessed will be index.php of xyz.com. That index.php should have available to it both abc and 123 (so 123 will be $_SERVER, and abc will come out of $_SERVER) to enable appropriate processing. http://abc.xyz.com already goes to http://www.xyz.com (though configuration by my service provider), and abc can be extracted out of $_SERVER. However,...
0
8631
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8572
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9115
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
8984
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8847
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
1
6491
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5839
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4579
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3003
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.