By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,528 Members | 1,326 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,528 IT Pros & Developers. It's quick & easy.

PHP Sessions lost after new post

P: n/a
Hi,

I have simple web with authentication.
My main page looks like this:

<?php
include ("nav.htm");
include ("auth.php");

$menu = $_GET['menu'];
switch($menu)
{
case 1:
include "menu1.htm";
global $ROOTDIR;
break;

case 2:
include "menu2.htm";
global $ROOTDIR;
break;

case 3:
include "menu3.htm";
global $ROOTDIR;
break;

case 4:
include "menu4.htm";
global $ROOTDIR;
break;

case 5:
include "menu5.htm";
global $ROOTDIR;
break;

default:
include "menudef.htm";
break;
}

include ("footer.htm");
?>

</td>
</tr>
</table>
</body>
</html>

My auth script:
<?
// auth.php
include_once 'common.php';
include_once 'db.php';
dbConnect("corporate");
// start session
session_start();

// convert username and password from _POST or _SESSION
if($_POST){
$_SESSION['username']=$_POST["username"];
$_SESSION['password']=$_POST["password"];
}

// query for a user/pass match
$result=mysql_query("select * from users
where username='" . $_SESSION['username'] . "' and password='" .
$_SESSION['password'] . "'");

// retrieve number of rows resulted
$num=mysql_num_rows($result);

// print login form and exit if failed.
if($num < 1){

echo "<center><BR><BR>You are not authenticated. Please login.<br><br>
<form method=POST action=main.php>
username: <input type=text name=\"username\"> <BR>
password: <input type=password name=\"password\"> <BR>
<input value=login type=submit>
</form></center>";

exit;
}
$Firstname = mysql_result($result,0,'FirstName');
$Lastname = mysql_result($result,0,'Lastname');
$phonenumber = mysql_result($result,0,'phonenumber');

mysql_close();
?>
I have the menu3.htm which looks like this:
<?php
include_once 'common.php';
include_once 'db.php';
dbConnect("corporate");

$mysql = "select * from users WHERE phonenumber = $phonenumber";
$rs = mysql_query($mysql);
$row = mysql_fetch_array($rs);

echo ("
<center>
<table width='500' border='0'>
<tr>
<td><img src='../images/calllogsvoip.gif'></td>
</tr>
</center>
");

$limit = $_POST['limit'] ;
if ($limit == null) $limit = 10;
mysql_close();
dbConnect("asteriskcdrdb");
$num_row = "select count(*) from cdr where src=$phonenumber";
$result = mysql_query($num_row);
$row = mysql_fetch_row($result);
$numrow = $row[0];
$a = ($numrow - $limit);
$get = "select * from cdr where src=$phonenumber limit $a,$numrow ";
$rs = mysql_query($get);

if(( $rs ) && ( mysql_errno() == 0 )) {

// query was successful
if( mysql_num_rows( $rs ) > 0 ) {

echo ("

<center>

<table bgcolor=red width='' border='1' bordercolor='white' >
<tbody>
<tr>
<td width='100'>
<b>src</b>

</td>

<td width='100'>
<b>dst</b>

</td>

<td width='120'>
<b>dcontext</b>

</td>

<td width='200'>
<b>calldate</b>

</td>

<td width='100'>
<b>duration</b>

</td>

</tr>
</tbody>
</table>

<br>

");

while ($row = mysql_fetch_array($rs)) {

echo ("
<hr width='100%' color=black size='1' noshade align='center'>
<table border=0 width='' >
<tr>
<td width='100'>
$row[src]

</td>

<td width='100'>
$row[dst]

</td>

<td width='120'>
$row[dcontext]

</td>

<td width='200'>
$row[calldate]

</td>

<td width='100'>
$row[duration]

</td>

</tr></table><center>");
}

}

} else {

}



mysql_close();
?>
<form action="" method="post" name="limit">
<div align="center">
<hr>
Set filter to show
<input name="limit" type="text" value="" size="10">
calls
<input type="submit" name="Submit" value="SET">
(default 10)</div>
</form>
My problem is that when ever I tried to sumbit the limit value, the page
needs to be authenticated again. Looks like the session data is lost.
How can I fix it?

Thanks
Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Bartosz Wegrzyn (bt**@sbcglobal.net) wrote:
: Hi,

: I have simple web with authentication.
: My main page looks like this:

: <?php
: include ("nav.htm");
: include ("auth.php");

(snip)

: My auth script:
: <?
: // auth.php
: include_once 'common.php';
: include_once 'db.php';
: dbConnect("corporate");
: // start session
: session_start();

: // convert username and password from _POST or _SESSION
: if($_POST){
: $_SESSION['username']=$_POST["username"];
: $_SESSION['password']=$_POST["password"];

It looks to me as if every time your script gets post data, it resets the
username and password. Therefore any form that doesn't pass in the
username and password will delete the session username and password (i.e
it logs the user out).

Either every form needs to contain the login data, or (better) you must
detect when the user is logging in and only set the session data when they
are logging in.

On easy way might be to check whether your form has sent any login data,
and only use it when you have it, otherwise just use whatever the session
already has.

pseudo code

if $_POST["username"] is not blank
then $_SESSION['username']=$_POST["username"]
--

This space not for rent.
Jul 17 '05 #2

P: n/a
I don't have enought time to look at full source, but the main error
is the following:

// convert username and password from _POST or _SESSION
if($_POST){
$_SESSION['username']=$_POST["username"];
$_SESSION['password']=$_POST["password"];
}
The error is that when you post the limit, $_post is true, and your
$_SESSION['username'] get NULL value, and password as well.

The correct source code is:

if((isset($_POST["username"]))&&(isset($_POST["password"]))){
$_SESSION['username']=$_POST["username"];
$_SESSION['password']=$_POST["password"];
}
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.