Hi Everyone,
I'll just start, and say I am not a PHP developer (I'm a sysadmin, who
has gotten lumped with a non-working website). But since I like to do
this type of stuff, I though I might just learn WTF is going on? :)
Basically, sessions are being created, but no info in being stored in
the session, and if data is stored (about 1 in 20 goes), it doesn't
follow-on on a page redirect.
The environment is Win2K Svr SP3, IIS5, PHP4.3.2 (CGI), MySQL 4.0.13.
AFAICT everything is working, as the PHP pages get rendered correctly,
and when user authentication (to MySQL) occurs, no errors are reported
in either PHP logs or MySQL. I've doubled checked the PHP setup, and
php.ini is being read correctly (and varified using phpinfo(); ). All
the session directories are read/write for IUSER_Machine.
Now the interesting thing is, when I first installed PHP about a week
ago, sessions were working fine. Sessions stopped working when I
modified the smtp field in php.ini? (it was the only field I did
modify). The other interesting thing is that when the user goes to the
login page, 3 session files are created?
So any clues?
Chewy509...
PS. Code is as follows: (login.php). (index.php, checks for a session
variables, if not comes here, else goes to the start page of the
system).
<?
// Include the database parameters
include "mysqldb.inc";
// Start a session
session_start();
// Has the employee entered a username and password?
if (empty($user) || empty($password))
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>InterHealth HRM Login</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<h2><label>Local System</label></h2>
<hr>
<form action="login.php" method="POST">
<table width="30%" border="0" align="center" class="table">
<tr>
<td colspan="2"><h2><label>Log in</label></h2></td>
</tr>
<tr>
<td colspan="2"><hr></td>
</tr>
<tr>
<td class="table_text"><label>Username:</label></td>
<td><input name="user" title="Enter your username here" type="text"
id="user"></td>
</tr>
<tr>
<td class="table_text"><label>Password:</label></td>
<td><input name="password" title="Enter your password here"
type="password" id="password"></td>
</tr>
<tr>
<td></td>
<td><input name="submit" title="Log in" type="submit" class="button"
value="Log in"></td>
</tr>
</table>
</form>
<hr>
<?
} else
{
// Connect to the database
if (!($connection = @ mysql_pconnect($dbhost, $dbuser,
$dbpassword)))
showerror();
if (!mysql_select_db($database, $connection))
showerror();
$res = mysql_query("LOCK TABLES users READ;", $connection);
if (!$res) {
echo "LOCK failed!";
exit;
}
// Create a query to find any rows that match the username the user
entered
$query = "SELECT * FROM users WHERE username = \"{$user}\"";
$res = mysql_query("UNLOCK TABLES;", $connection);
if (!$res) {
echo "UNLOCK failed!";
exit;
}
// Run the query through the connection
if (!($result = @ mysql_query($query, $connection)))
showerror();
// Were there any matching rows?
if (mysql_num_rows($result) == 0)
{
$message = "The username or password you entered was not found in
the database.";
header("Location: password_finder.php?message=$message");
exit;
} else
{
// Yes. So fetch the matching row
$row = @ mysql_fetch_array($result);
// Does the user-supplied password match the password in the table?
if ($password != $row['password'])
{
// Now, redirect the browser to the current page
header("Location: password_finder.php?message=$message");
exit;
}
}
$type = $row['user_type'];
// Save the user's login name in the session
if (!session_is_registered("user"))
{
session_register("user");
session_register("type");
}
// Everything went ok. Redirect to the next page
header("Location: index.php");
}
?>
</body>
</html>
