I was wondering if someone could help me with a problem that I'm having
in retrieving session variables on a site I am working on for a friend.
I have made the site more developer friendly by passing the filename for
the page body through the URL, e.g www.mysite.com?page=body1.php. This
works well allowing simply writing the code for the body without having
to change the page header, footer and sidebar. For example, the index.php
looks something like this:
################
<?php
include_once($path.'/includes/phpBB_session.php');
include_once($path.'/includes/common.php');
include_once($path.'/includes/functions.php');
?>
<html>
<head>
<title></title>
</head>
<table>
<tr>
<td colspan="4"> <?php include('header.php'); ?></td>
</tr>
<tr>
<td>
<?php include ($path.$page); ?>
</td>
<td> </td>
<td><?php include('rightmenu.php'); ?> </td>
</tr>
<tr>
<td colspan="3"><?php include('footer.php'); ?> </td>
</tr>
</table>
</body>
</html>
################
I have also integrated phpBB sessions throughout the site - fairly
straightforward as well. This is phpBB_session.php:
################
define('IN_PHPBB', true);
$phpbb_root_path = $_SERVER['DOCUMENT_ROOT'].'/phpbb/';
require_once($phpbb_root_path . 'extension.inc');
require_once($phpbb_root_path . 'common.php');
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
//
// End session management
//
#################
Now I can tailor the content of the page body depending on whether users
are logged in or not and based on their group membership in phpBB. This
has worked very well.
I now want to implement a classified ad system and need to securely
capture users credit card details. The certificate is working. The
problem starts when I call the page "https://www.mysite.com?
page=classifieds.php". When I try to echo $userdate['username'] in
classifieds.php nothing shows up. All of the session variables are empty.
Strangely if i put $userdate['username'] in headers.php and footer.php it
appears. If i stick the code for classifieds.php in index.php, $userdate
['username'] appears.
I suspect that because I am passing the body of the page dynamically
through the URL it is somehow filtered or reset when using ssl.
I would still like to use my dynamic way of calling page body content
rather than have to resort to a less dynamic solution. Is it just the
nature of the beast (ssl) that I can't do it this way? Not having used
ssl before I'm a bit lost. I have tried passing the session id to the new
page through the URL but I can't seem get it working that way either
(again not sure why).
Any help appreaciated.