473,320 Members | 1,845 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

session problem - login screen continually reloads after pressing the login button

I am trying to get sessions to work on a log in screen to give certain
users access to certain pages/directories. The problem is that when
the login button is pushed (or the enter key pressed) the login screen
redraws, never loading the next page. I don't get any error messages.
I am using FreeBSD-5.1/Apache-2.0.46/MySQL-4.1.0.1/PHP-4.4.3.4

Thanks,
Chip

I have pasted the code below -

This is at the top of the page login.php -
-------------
<?
session_start();
session_register("userid","password");
if ($submit)
{
$db=mysql_connect("localhost","user","") or die ("Error in this query
$sql<< : " .mysql_error());

mysql_select_db("simradusa",$db) or die ("Error in this query >>$sql<<
: " .mysql_error());
$result=mysql_query("select * from user where userid = '$userid'",$db)
or die ("Error in this query >>$sql<< : " .mysql_error());
while ($row=mysql_fetch_array($result))
{
if ($row["userpassword"]==$password)
{

header('Location:
http://xxx.xxx.xxx.xx/auth_dealers/dealers_page.php');
}
}
}
?>
------------

This is at the top of all pages, before any html tags -
-------------
<?
session_start();
if(!isset($userid)) {
header('Location: http://xxx.xxx.xxx.xx/auth_dealers/login2.php');
exit;
}
?>
Jul 17 '05 #1
1 3908
Chip <ca***********@yahoo.com> schrieb:
I am trying to get sessions to work on a log in screen to give certain
users access to certain pages/directories. The problem is that when
the login button is pushed (or the enter key pressed) the login screen
redraws, never loading the next page. I don't get any error messages.
I am using FreeBSD-5.1/Apache-2.0.46/MySQL-4.1.0.1/PHP-4.4.3.4
And you're using code from the times of PHP 4.0.x.
<?
Don't use short tags. The are not portable. Use <?php.
session_start();
Seems OK. :-)
session_register("userid","password");
That's not good. In fact it is bad style. Read the documentation at
http://www.php.net/manual/en/functio...n-register.php.
if ($submit)
You rely on register_globals=on. Since PHP 4.2.0, the default value for
register_globals is off.
This is at the top of all pages, before any html tags -
-------------
<?
session_start();
if(!isset($userid)) {
header('Location: http://xxx.xxx.xxx.xx/auth_dealers/login2.php');
exit;
}
?>


Ouch. What is $userid? You might believe that it contains a variable
from your session. If register_globals is off, then it doesn't and PHP
will always send you back to login2.php. You'll find the value in
$_SESSION['userid'] instead. If register_globals is on, then it _might_
contain the id from the session. On the other hand it could be a clever
intruder who just calls your page with page.php?userid=42. So, don't
work with activated register_globals.

This leaves you with some work to do. Check the setting of
register_globals in the php.ini. If it's on, then switch it off. With
activated register_globals you have to work hard to make your code
secure. With deactivated register_globals you have to work to make it
insecure.

To find errors from uninitialized variables set the error_reporting to
E_ALL, so that you get all notices and warnings during the development
of your code.

Write data to a session with:
$_SESSION['example'] = $value;

Access data in a session with:
echo ($_SESSION['example']);

Access data from a form with:
$_POST['username']
or
$_GET['username']
according to your posting method.

Check http://www.php.net/manual/en/languag...predefined.php for
details about these "superglobals".

Regards,
Matthias
Jul 17 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

30
by: Robert Tweed | last post by:
Does anyone know a good resource discussing the issues involved in session theft? I've read a couple, but none that really address the problem apart from acknowledging that it is a problem; you...
2
by: David Frauzel | last post by:
I'm writing a rough draft of a suite of small Perl apps that will, combined, serve as a web site's user sign-up, login, management, and customized content engine. I'm having trouble with the...
9
by: William LaMartin | last post by:
I have a problem, mentioned here before, of Session and Application variables disappearing at one site but not at others or on my development computer. The problem is illustrated by an example...
3
by: Mike | last post by:
Hello: I was not able to find a regular ASP group, so I posted this here instead. I have a web app which is actually just ASP using VBScript as the server-side language, running on IIS6. ...
7
by: Grant Merwitz | last post by:
Hi I am trying to get the enter key to submit my login form The login form is currently in a control on the page and uses an asp:imagebutton as it's login button. If a user presses enter...
3
by: James | last post by:
My web application is comprised of a Login page and then several other pages nested in a masterpage. I am using a cookiless="UseUri" session configuration. I have a linkbutton on the masterpage for...
2
by: Tom | last post by:
I hope someone can help me figure out what's going on here. I've re-read the section on sessions at php.net and Googled this high and low but I haven't found anything that quite explains my...
17
by: Riaan | last post by:
Hi guys! I have an issue that needs urgent resolution. Imagine this scenario: You have: 1 production server running Windows Server 2003, IIS6 and an instance of MSDE 2000. There is an...
3
by: Mufasa | last post by:
Folks, I'm having problems with my session timeout. People using my website leave it just sitting there while they do other things. They have logged in ( using Forms Authentication ) and will be...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.