By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,255 Members | 2,717 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,255 IT Pros & Developers. It's quick & easy.

session problem - login screen continually reloads after pressing the login button

P: n/a
I am trying to get sessions to work on a log in screen to give certain
users access to certain pages/directories. The problem is that when
the login button is pushed (or the enter key pressed) the login screen
redraws, never loading the next page. I don't get any error messages.
I am using FreeBSD-5.1/Apache-2.0.46/MySQL-4.1.0.1/PHP-4.4.3.4

Thanks,
Chip

I have pasted the code below -

This is at the top of the page login.php -
-------------
<?
session_start();
session_register("userid","password");
if ($submit)
{
$db=mysql_connect("localhost","user","") or die ("Error in this query
$sql<< : " .mysql_error());

mysql_select_db("simradusa",$db) or die ("Error in this query >>$sql<<
: " .mysql_error());
$result=mysql_query("select * from user where userid = '$userid'",$db)
or die ("Error in this query >>$sql<< : " .mysql_error());
while ($row=mysql_fetch_array($result))
{
if ($row["userpassword"]==$password)
{

header('Location:
http://xxx.xxx.xxx.xx/auth_dealers/dealers_page.php');
}
}
}
?>
------------

This is at the top of all pages, before any html tags -
-------------
<?
session_start();
if(!isset($userid)) {
header('Location: http://xxx.xxx.xxx.xx/auth_dealers/login2.php');
exit;
}
?>
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Chip <ca***********@yahoo.com> schrieb:
I am trying to get sessions to work on a log in screen to give certain
users access to certain pages/directories. The problem is that when
the login button is pushed (or the enter key pressed) the login screen
redraws, never loading the next page. I don't get any error messages.
I am using FreeBSD-5.1/Apache-2.0.46/MySQL-4.1.0.1/PHP-4.4.3.4
And you're using code from the times of PHP 4.0.x.
<?
Don't use short tags. The are not portable. Use <?php.
session_start();
Seems OK. :-)
session_register("userid","password");
That's not good. In fact it is bad style. Read the documentation at
http://www.php.net/manual/en/functio...n-register.php.
if ($submit)
You rely on register_globals=on. Since PHP 4.2.0, the default value for
register_globals is off.
This is at the top of all pages, before any html tags -
-------------
<?
session_start();
if(!isset($userid)) {
header('Location: http://xxx.xxx.xxx.xx/auth_dealers/login2.php');
exit;
}
?>


Ouch. What is $userid? You might believe that it contains a variable
from your session. If register_globals is off, then it doesn't and PHP
will always send you back to login2.php. You'll find the value in
$_SESSION['userid'] instead. If register_globals is on, then it _might_
contain the id from the session. On the other hand it could be a clever
intruder who just calls your page with page.php?userid=42. So, don't
work with activated register_globals.

This leaves you with some work to do. Check the setting of
register_globals in the php.ini. If it's on, then switch it off. With
activated register_globals you have to work hard to make your code
secure. With deactivated register_globals you have to work to make it
insecure.

To find errors from uninitialized variables set the error_reporting to
E_ALL, so that you get all notices and warnings during the development
of your code.

Write data to a session with:
$_SESSION['example'] = $value;

Access data in a session with:
echo ($_SESSION['example']);

Access data from a form with:
$_POST['username']
or
$_GET['username']
according to your posting method.

Check http://www.php.net/manual/en/languag...predefined.php for
details about these "superglobals".

Regards,
Matthias
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.