By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,847 Members | 2,321 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,847 IT Pros & Developers. It's quick & easy.

Sessions (another why doesn't it work)

P: n/a
Hi Everyone,

I'll just start, and say I am not a PHP developer (I'm a sysadmin, who
has gotten lumped with a non-working website). But since I like to do
this type of stuff, I though I might just learn WTF is going on? :)

Basically, sessions are being created, but no info in being stored in
the session, and if data is stored (about 1 in 20 goes), it doesn't
follow-on on a page redirect.

The environment is Win2K Svr SP3, IIS5, PHP4.3.2 (CGI), MySQL 4.0.13.
AFAICT everything is working, as the PHP pages get rendered correctly,
and when user authentication (to MySQL) occurs, no errors are reported
in either PHP logs or MySQL. I've doubled checked the PHP setup, and
php.ini is being read correctly (and varified using phpinfo(); ). All
the session directories are read/write for IUSER_Machine.

Now the interesting thing is, when I first installed PHP about a week
ago, sessions were working fine. Sessions stopped working when I
modified the smtp field in php.ini? (it was the only field I did
modify). The other interesting thing is that when the user goes to the
login page, 3 session files are created?

So any clues?

Chewy509...

PS. Code is as follows: (login.php). (index.php, checks for a session
variables, if not comes here, else goes to the start page of the
system).

<?
// Include the database parameters
include "mysqldb.inc";

// Start a session
session_start();

// Has the employee entered a username and password?
if (empty($user) || empty($password))
{

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>InterHealth HRM Login</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<h2><label>Local System</label></h2>
<hr>
<form action="login.php" method="POST">
<table width="30%" border="0" align="center" class="table">
<tr>
<td colspan="2"><h2><label>Log in</label></h2></td>
</tr>
<tr>
<td colspan="2"><hr></td>
</tr>
<tr>
<td class="table_text"><label>Username:</label></td>
<td><input name="user" title="Enter your username here" type="text"
id="user"></td>
</tr>
<tr>
<td class="table_text"><label>Password:</label></td>
<td><input name="password" title="Enter your password here"
type="password" id="password"></td>
</tr>
<tr>
<td></td>
<td><input name="submit" title="Log in" type="submit" class="button"
value="Log in"></td>
</tr>
</table>
</form>
<hr>
<?

} else
{

// Connect to the database
if (!($connection = @ mysql_pconnect($dbhost, $dbuser,
$dbpassword)))
showerror();

if (!mysql_select_db($database, $connection))
showerror();

$res = mysql_query("LOCK TABLES users READ;", $connection);
if (!$res) {
echo "LOCK failed!";
exit;
}
// Create a query to find any rows that match the username the user
entered
$query = "SELECT * FROM users WHERE username = \"{$user}\"";
$res = mysql_query("UNLOCK TABLES;", $connection);
if (!$res) {
echo "UNLOCK failed!";
exit;
}
// Run the query through the connection
if (!($result = @ mysql_query($query, $connection)))
showerror();

// Were there any matching rows?
if (mysql_num_rows($result) == 0)
{
$message = "The username or password you entered was not found in
the database.";
header("Location: password_finder.php?message=$message");
exit;
} else
{
// Yes. So fetch the matching row
$row = @ mysql_fetch_array($result);

// Does the user-supplied password match the password in the table?
if ($password != $row['password'])
{
// Now, redirect the browser to the current page
header("Location: password_finder.php?message=$message");
exit;
}
}
$type = $row['user_type'];
// Save the user's login name in the session
if (!session_is_registered("user"))
{
session_register("user");
session_register("type");
}
// Everything went ok. Redirect to the next page
header("Location: index.php");
}
?>
</body>
</html>
Jul 16 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
"Agelmar" wrote in message...
Chewy509 wrote:
Hi Everyone,

I'll just start, and say I am not a PHP developer (I'm a sysadmin, who
has gotten lumped with a non-working website). But since I like to do
this type of stuff, I though I might just learn WTF is going on? :)

Basically, sessions are being created, but no info in being stored in
the session, and if data is stored (about 1 in 20 goes), it doesn't
follow-on on a page redirect.

The environment is Win2K Svr SP3, IIS5, PHP4.3.2 (CGI), MySQL 4.0.13.
AFAICT everything is working, as the PHP pages get rendered correctly,
and when user authentication (to MySQL) occurs, no errors are reported
in either PHP logs or MySQL. I've doubled checked the PHP setup, and
php.ini is being read correctly (and varified using phpinfo(); ). All
the session directories are read/write for IUSER_Machine.

Now the interesting thing is, when I first installed PHP about a week
ago, sessions were working fine. Sessions stopped working when I
modified the smtp field in php.ini? (it was the only field I did
modify). The other interesting thing is that when the user goes to the
login page, 3 session files are created?


One guess... you are using really old code (session_register()) which
depends on register_globals = On;
if you have register_globals = Off in php.ini, this will not work. Was there
a php.ini before you added in the bit about smtp and saved it? And is
Register_globals now set to on or off?

Try just using $_SESSION and see if it works.
http://www.php.net/session_register for info on the old method and a bit on
using $_SESSION


Globals has always been off, (as per the 4.3.2 default). I've tried
turning it on, without any effect.

In regard to the php.ini file, there has only been 1 file, which I
made a backup of, and editted the the file. After restoring the backup
copy, it still did not work.

By the way, thanks for the link...
Jul 16 '05 #2

P: n/a
"Agelmar" wrote in message...
Chewy509 wrote:
Hi Everyone,

I'll just start, and say I am not a PHP developer (I'm a sysadmin, who
has gotten lumped with a non-working website). But since I like to do
this type of stuff, I though I might just learn WTF is going on? :)

Basically, sessions are being created, but no info in being stored in
the session, and if data is stored (about 1 in 20 goes), it doesn't
follow-on on a page redirect.

The environment is Win2K Svr SP3, IIS5, PHP4.3.2 (CGI), MySQL 4.0.13.
AFAICT everything is working, as the PHP pages get rendered correctly,
and when user authentication (to MySQL) occurs, no errors are reported
in either PHP logs or MySQL. I've doubled checked the PHP setup, and
php.ini is being read correctly (and varified using phpinfo(); ). All
the session directories are read/write for IUSER_Machine.

Now the interesting thing is, when I first installed PHP about a week
ago, sessions were working fine. Sessions stopped working when I
modified the smtp field in php.ini? (it was the only field I did
modify). The other interesting thing is that when the user goes to the
login page, 3 session files are created?


One guess... you are using really old code (session_register()) which
depends on register_globals = On;
if you have register_globals = Off in php.ini, this will not work. Was there
a php.ini before you added in the bit about smtp and saved it? And is
Register_globals now set to on or off?

Try just using $_SESSION and see if it works.
http://www.php.net/session_register for info on the old method and a bit on
using $_SESSION


Also as another followup, I've turned register_globals = On, and also
added in the php code to "echo (session_id());" at the top of the
login page. However when I attempt to login, the session ID keeps
changing, and 3 session files are being created per login attempt. Is
this normal behaviour?

PS. Sessions are still not working, even with register_globals = On;
Jul 16 '05 #3

P: n/a
Chewy509 wrote:
<snip>
Try just using $_SESSION and see if it works.
http://www.php.net/session_register for info on the old method and a
bit on using $_SESSION


Globals has always been off, (as per the 4.3.2 default). I've tried
turning it on, without any effect.

In regard to the php.ini file, there has only been 1 file, which I
made a backup of, and editted the the file. After restoring the backup
copy, it still did not work.

By the way, thanks for the link...


Have you tried testing sessions separately?

e.g.
page1.php:

<?php
session_start();
$_SESSION['blah'] = "This is stored in the session";
echo 'Click <a href="page2.php">here</a> to go to page 2.';
?>

page2.php
<?php
session_start();
echo 'The value of blah stored in the session is ', $_SESSION['blah'];
?>

If this doesn't work, I'd suspect that it's a permissions problem somewhere
/ somehow. If it does work, I guess I'd take another look at the script.

One other thing I'd check in php.ini - session.use_cookies should be = On;
session.use_trans_sid should also be on just in case a person's browser is
set to reject cookies.

And just out of curiosity, try the following as an alternate to page1.php if
it does not work - (this version explicitly passes the session ID if the
cookie is rejected)

<?php
session_start();
$_SESSION['blah'] = "This is stored in the session";
echo 'Click <a href="page2.php?', strip_tags(SID), '">here</a> to go to page
2.';
?>
Jul 16 '05 #4

P: n/a
Chewy509 wrote:
Also as another followup, I've turned register_globals = On, and also
added in the php code to "echo (session_id());" at the top of the
login page. However when I attempt to login, the session ID keeps
changing, and 3 session files are being created per login attempt. Is
this normal behaviour?

PS. Sessions are still not working, even with register_globals = On;


No, certainly not normal. Try my suggestion in my 7:49pm post to see if
sessions are working at all, but before doing so, I suggest that you clear
out all your temporary internet files and cookies, and try again. I have
seen browsers do wierd things regarding cookies after the cache grows beyond
a certain point. After clearing cache, try closing all browser windows
before making another attempt at it.
Jul 16 '05 #5

P: n/a
also...put this on the second page...

if (isset($_COOKIE["PHPSESSID"]))
{
echo $_COOKIE["PHPSESSID"];
}
else
{
echo "Cookies not turned on in the browser";
}

unless I missed this point in a previous post...maybe you just have cookies
turned off in your browser
--
Chris Mosser

Jul 16 '05 #6

P: n/a
Chewy509 wrote:
After trying your suggestion, sessions are working correctly, so it's
something in the php file I posted. After going over it again, and
triple-checking the php.ini file, found it was a misconfiguration? in
the configuration file (php.ini). In particular the include_path
variable. By default it's set to ".\", however when I set it to
"e:\HRM", sessions started working. (E:\HRM is where the website is
stored on the local machine). So it seems that several includes where
not being included, which was breaking the session handling code... :(

Just like to thank everyone who posted in response to this query. :)


LOL... I dont think I would have thought of that one... :-) Then again,
whenever I do includes, I always supply a full path (usually via the use of
$_SERVER['DOCUMENT_ROOT']) unless it's in the same directory, in which case
I do ./filename

Glad you found the problem and have it working :-)
// Ian
Jul 16 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.