By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,190 Members | 1,469 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,190 IT Pros & Developers. It's quick & easy.

Authentication session variable being lost between pages

P: n/a
This is quite a bit of problem I am facing, and I cannot point exactly
where I am going wrong. I have been lurking around at several forums
with regard to login and user authentication scripts and I have got as
far as this:

- Starting a session
- Registering a session variable
- Using the variable to check if the user is authenticated or not.
- Authenticating the user through MySQL database
- Logging of the user, by setting the session variable to
un-authenticated

I have been able to achive the following things too that I think is not
related to this problem:
- Encapsulate the database handling to a seperate source file
- Use a templating system of my own.
- Handle everything in only one page using the querying through URL
(this is my requirement due to the templating system I use) - I want
only one file (index.php) to be called with appropriate action requests
(?q=login or ?q=logout)

Here is the code I have so far:

----------------------------------------------------------------------------------------------------------

<?php
session_start();
session_register('auth');

require_once('database.inc');

// These $d_<somethingvariables will be placed in the template
$d_html_head = 'Some portal DART';
$d_header = 'The header - DART';
$d_status = NULL;
$d_content = NULL;
$d_nav = '<h2>Link set 1</h2><ul><li><a href="#">Link 1</a></li><li><a
href="#">Link 2</a></li><li><a href="#">Link 3</a></li></ul><h2>Link
set 2</h2><ul><li><a href="#">Link 4</a></li><li><a href="#">Link
5</a></li><li><a href="#">Link 6</a></li></ul><h2>Link set
3</h2><ul><li><a href="#">Link 7</a></li><li><a href="#">Link
8</a></li><li><a href="#">Link 9</a></li></ul>';
$d_footer = 'copyright info';
$q = '';

// Database handling part
$dartdb = new dbhandler;
$connection = $dartdb->setconnection( 'dbadmin', 'dbpassword',
'localhost');
if(!$connection)
$d_status .= "Unable to get a connection <BR /$dartdb->errorstring
<BR />";
$connection = $dartdb->setdatabase('dartdb');
if(!$connection)
$d_status .= "Unable to select DART database <BR />
$dartdb->errorstring <BR />";
if ( isset($_GET['q']) )
$q = $_GET['q'];
if ( $q == 'login')
{
// Check the 'user' and 'pass' against database and set
// 'auth' based on the result
$loginmessage = "The Employee number or the password given is wrong.
Please try again.";
$_SERVER['auth'] = 'NO';

$user = NULL;
$pass = NULL;
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = "SELECT * FROM dart_emp WHERE empid = '".$user."'";
$dartdb->query($query);
if ( $user != NULL && $dartdb->result != NULL )
{
$array = $dartdb->fetch_object();
if( isset($array->empid)
&& $array->empid == $user
&& $array->password == $pass )
{
$loginmessage = "Login successful.";
$_SERVER['auth'] = 'YES';
}
}
$d_status .= $loginmessage;
}
else if ($q == 'logout')
{
// User has logged out. Hence set the 'auth' to 'NO'
$_SERVER['auth'] = 'NO';
$d_status .= 'Logged out. <BR />';
}

if( isset($_SERVER['auth']) && $_SERVER['auth'] == 'YES' )
{
$d_status .= 'Authorized access <BR />';
$d_content .= 'Content, content. <BR />Logout <A
href="?q=logout">link</A>.';
}
else
{
//Show the login form
if ($q != 'logout')
$d_status .= 'Not logged in. <BR />';
$d_content .= '<form action="?q=login" method="post" name="login">
Employee Number: <input type="text" name="user" size="6"
maxlength="6" id="user" /<BR />
Password: <input type="password" name="pass" size="30" maxlength="30"
id="pass" /<BR />
<input type="submit" name="login" value="Login" id="login" />
</form>';
}

// This is the templating system I use. The above $d_<something>
values
// are replaced in the appropriate places
require 'template/page.tpl';
?>

----------------------------------------------------------------------------------------------------------

Now, here is my problem. Once I log in, the URL will be:
http://localhost/index.php?=login

After successful login, it will show the content.
Now, if I type the http://locahost/index.php, it should still be
showing the content. But it does not. For some reason, I am loosing
the $_SERVER['auth'] variable. I am not sure, where in the flow I am
doing wrong.

Could some one please check this up and let me know what I am doing
wrong, or what more should I be including?

Please let me know, if you need anything more, or want me to explain
why I put the code as I put it there.

Regards,
Mahesh a.k.a Vyoma
http://k.mahesh.bhat.googlepages.com

Jul 30 '06 #1
Share this Question
Share on Google+
6 Replies


P: n/a

Vyoma wrote:
This is quite a bit of problem I am facing, and I cannot point exactly
where I am going wrong. I have been lurking around at several forums
with regard to login and user authentication scripts and I have got as
far as this:

- Starting a session
- Registering a session variable
- Using the variable to check if the user is authenticated or not.
- Authenticating the user through MySQL database
- Logging of the user, by setting the session variable to
un-authenticated

I have been able to achive the following things too that I think is not
related to this problem:
- Encapsulate the database handling to a seperate source file
- Use a templating system of my own.
- Handle everything in only one page using the querying through URL
(this is my requirement due to the templating system I use) - I want
only one file (index.php) to be called with appropriate action requests
(?q=login or ?q=logout)

Here is the code I have so far:

----------------------------------------------------------------------------------------------------------

<?php
session_start();
session_register('auth');

require_once('database.inc');

// These $d_<somethingvariables will be placed in the template
$d_html_head = 'Some portal DART';
$d_header = 'The header - DART';
$d_status = NULL;
$d_content = NULL;
$d_nav = '<h2>Link set 1</h2><ul><li><a href="#">Link 1</a></li><li><a
href="#">Link 2</a></li><li><a href="#">Link 3</a></li></ul><h2>Link
set 2</h2><ul><li><a href="#">Link 4</a></li><li><a href="#">Link
5</a></li><li><a href="#">Link 6</a></li></ul><h2>Link set
3</h2><ul><li><a href="#">Link 7</a></li><li><a href="#">Link
8</a></li><li><a href="#">Link 9</a></li></ul>';
$d_footer = 'copyright info';
$q = '';

// Database handling part
$dartdb = new dbhandler;
$connection = $dartdb->setconnection( 'dbadmin', 'dbpassword',
'localhost');
if(!$connection)
$d_status .= "Unable to get a connection <BR /$dartdb->errorstring
<BR />";
$connection = $dartdb->setdatabase('dartdb');
if(!$connection)
$d_status .= "Unable to select DART database <BR />
$dartdb->errorstring <BR />";
if ( isset($_GET['q']) )
$q = $_GET['q'];
if ( $q == 'login')
{
// Check the 'user' and 'pass' against database and set
// 'auth' based on the result
$loginmessage = "The Employee number or the password given is wrong.
Please try again.";
$_SERVER['auth'] = 'NO';

$user = NULL;
$pass = NULL;
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = "SELECT * FROM dart_emp WHERE empid = '".$user."'";
$dartdb->query($query);
if ( $user != NULL && $dartdb->result != NULL )
{
$array = $dartdb->fetch_object();
if( isset($array->empid)
&& $array->empid == $user
&& $array->password == $pass )
{
$loginmessage = "Login successful.";
$_SERVER['auth'] = 'YES';
}
}
$d_status .= $loginmessage;
}
else if ($q == 'logout')
{
// User has logged out. Hence set the 'auth' to 'NO'
$_SERVER['auth'] = 'NO';
$d_status .= 'Logged out. <BR />';
}

if( isset($_SERVER['auth']) && $_SERVER['auth'] == 'YES' )
{
$d_status .= 'Authorized access <BR />';
$d_content .= 'Content, content. <BR />Logout <A
href="?q=logout">link</A>.';
}
else
{
//Show the login form
if ($q != 'logout')
$d_status .= 'Not logged in. <BR />';
$d_content .= '<form action="?q=login" method="post" name="login">
Employee Number: <input type="text" name="user" size="6"
maxlength="6" id="user" /<BR />
Password: <input type="password" name="pass" size="30" maxlength="30"
id="pass" /<BR />
<input type="submit" name="login" value="Login" id="login" />
</form>';
}

// This is the templating system I use. The above $d_<something>
values
// are replaced in the appropriate places
require 'template/page.tpl';
?>

----------------------------------------------------------------------------------------------------------

Now, here is my problem. Once I log in, the URL will be:
http://localhost/index.php?=login

After successful login, it will show the content.
Now, if I type the http://locahost/index.php, it should still be
showing the content. But it does not. For some reason, I am loosing
the $_SERVER['auth'] variable. I am not sure, where in the flow I am
doing wrong.

Could some one please check this up and let me know what I am doing
wrong, or what more should I be including?

Please let me know, if you need anything more, or want me to explain
why I put the code as I put it there.

Regards,
Mahesh a.k.a Vyoma
http://k.mahesh.bhat.googlepages.com
I was having this problem too, and still am, but I think it is more of
my computer than anything. Also, I hope you check your posted data
before using it in your sql.

Jul 30 '06 #2

P: n/a
Vyoma wrote:
After successful login, it will show the content.
Now, if I type the http://locahost/index.php, it should still be
showing the content. But it does not. For some reason, I am loosing
the $_SERVER['auth'] variable. I am not sure, where in the flow I am
doing wrong.
Should be $_SESSION['auth'], not $_SERVER['auth']. :-)

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Jul 30 '06 #3

P: n/a
In article <11**********************@i3g2000cwc.googlegroups. com>,
Vyoma <k.***********@gmail.comwrote:
>This is quite a bit of problem I am facing, and I cannot point exactly
where I am going wrong. I have been lurking around at several forums
with regard to login and user authentication scripts and I have got as
far as this:

- Starting a session
- Registering a session variable
Use of session_register() is deprecated, according to the documentation
at http://us2.php.net/manual/en/functio...n-register.php

It's also a good idea to call statements similar to these before you
call session_start():

session_save_path(/usr/home/my_account/public_html/sessions");
session_name('login_ID');

....where the path is a path on your server to your directory space, and
the login ID is something that describes the cookie being set on the
visitor's browser.
><?php
session_start();
session_register('auth');
session_register() isn't needed, or if you want you could say
$_SESSION['auth'] = NULL;
here instead.

Later on you have this:
$_SERVER['auth'] = 'YES';
That should be
$_SESSION['auth'] = 'YES';

and here:
>if( isset($_SERVER['auth']) && $_SERVER['auth'] == 'YES' )
Replace SERVER with SESSION.

-Alex
Jul 30 '06 #4

P: n/a
Ah! I feel so dumb. I should have used that _SESSION instead of
_SERVER. It is working like a clockwork now, and I do not have any
problems.

As stated above, I checked the PHP.net site for the session_register()
fucntion. It is indeed deprecated. Now, I have a couple of questions
more:

So, how should I proceed?
If I do not call the session_register('auth'), can I still use
_SESSION['auth']?

And if I am not using session_register(), should I be calling
session_start()?

Regards,
Vyoma

Aug 1 '06 #5

P: n/a

Vyoma wrote:
Ah! I feel so dumb. I should have used that _SESSION instead of
_SERVER. It is working like a clockwork now, and I do not have any
problems.

As stated above, I checked the PHP.net site for the session_register()
fucntion. It is indeed deprecated. Now, I have a couple of questions
more:

So, how should I proceed?
If I do not call the session_register('auth'), can I still use
_SESSION['auth']?

And if I am not using session_register(), should I be calling
session_start()?

Regards,
Vyoma
Oops again. I did not read the last mail before replying.

Thanks Alex. You have answered to all the questions I posted last.

-Vyoma

Aug 1 '06 #6

P: n/a
Vyoma wrote:
If I do not call the session_register('auth'), can I still use
_SESSION['auth']?
Yes -- session_register() effectively does nothing these days.
And if I am not using session_register(), should I be calling
session_start()?
Yes -- session_start() is still needed.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Aug 2 '06 #7

This discussion thread is closed

Replies have been disabled for this discussion.