472,358 Members | 1,733 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,358 software developers and data experts.

.htaccess to enable sessions

Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.

I have looked everywhere for info on this and I mean everywhere
including the php.net manual.

In the manual it said to include something like the following:

php_flag register_globals off;
php_value session.save_path C:\home\user\siteroot\sess\users
php_value session.cookie_time 3600
php_value session.gc_maxlifetime 3600
php_value include_path .;C:\home\user\siteroot\sess
php_value auto_prepend C:\home\user\siteroot\sess\path_file.php

I did that and then someone in here said that it was wrong and I
needed to include all these other things and have other files in
different places as well.

To start with, I was informed in this group that all I needed was a
..htaccess file nothing else.

I am running locally, I have Windows XP Pro. I have Apache 2.0.49, PHP
4.37.

What exactly do I need to have in this .htaccess file (and elsewhere)
to get sessions to work? What am I doing wrong? All I have done is
followed what people in here and the advice in the manual said.

Is asp or coldfusion as complicated and troublesome to use as php is?

Are there any "good php" books that have recently been published that
explain clearly how to enable sessions without register_blobals being
on? This book I am working through is pretty new, it is for learning
asp, coldfusion or php with mysql in dreamweaver mx 2004! It has only
recently been published but is still going with the old method of
globals being on! I have four other books on php as well, and none of
them deal with this.

Help please before I pull all my hair out! (whats left of it!)

John
Jul 17 '05 #1
7 7298
Bob
On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:
Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.


I use sessions with register_globals off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_globals set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...

The key idea is to use the $_SESSION superglobal array. Here is a
simplified example from the php web site:

<?php
// page1.php
session_start();
echo 'Welcome to page #1';
$_SESSION['favcolor'] = 'green';

// Works if session cookie was accepted
echo '<br /><a href="page2.php">page 2</a>';

// Or maybe pass along the session id, if needed
echo '<br /><a href="page2.php?' . SID . '">page 2</a>';
?>

<?php
// page2.php
session_start();
echo 'Welcome to page #2<br />';
echo $_SESSION['favcolor']; // green
?>

Jul 17 '05 #2
On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam.me> wrote:
On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:
Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.


I use sessions with register_globals off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_globals set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...


I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.

If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?

Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?

When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('Connections/conn_newland.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['pwd'];
$MM_fldUserAuthorization = "userGroup";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "login_failed.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_conn_newland, $conn_newland);

$LoginRS__query=sprintf("SELECT username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quotes_gpc() ? $loginUsername :
addslashes($loginUsername), get_magic_quotes_gpc() ? $password :
addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $conn_newland) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'userGroup');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newland Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++)
x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_validateForm() { //v4.0
var
i,p,q,nm,test,num,min,max,errors='',args=MM_valida teForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
}
//-->
</script>
</head>

<body>
<a href="#top"><img src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0">
<tr>
<td><img src="images/banner_left.jpg" width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><img src="images/banner_right.jpg" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbarMap" alt="Navigation Bar"
/></td>
<td><img name="copyright_bar" src="images/copyright_bar.gif"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login" id="frm_login" method="POST" action="<?php
echo $loginFormAction; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_validateForm('username','','RisEmail', 'pwd','','R');return
document.MM_returnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register.php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap" id="navbarMap">
<area shape="rect" coords="1,0,62,20" href="index.php" alt="Home" />
<area shape="rect" coords="71,0,117,20" href="about.php" alt="About"
/>
<area shape="rect" coords="129,0,196,20" href="tours.php" alt="Find
Tours" />
<area shape="rect" coords="209,0,311,20" href="profiles.php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,434,20" href="contact.php"
alt="Contact An Agent" />
</map>
</body>
</html>


John

Jul 17 '05 #3
John wrote:
On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam.me> wrote:

On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:

Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.

I use sessions with register_globals off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_globals set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...

I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.

If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?

Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?

When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('Connections/conn_newland.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

Session_start needs to be the first line. That means it needs to go
before the include you've got here. To the best of my knowledge, you
don't need an .htaccess file to get this to work. I've never used one.

Steve
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['pwd'];
$MM_fldUserAuthorization = "userGroup";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "login_failed.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_conn_newland, $conn_newland);

$LoginRS__query=sprintf("SELECT username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quotes_gpc() ? $loginUsername :
addslashes($loginUsername), get_magic_quotes_gpc() ? $password :
addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $conn_newland) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'userGroup');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newland Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++)
x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_validateForm() { //v4.0
var
i,p,q,nm,test,num,min,max,errors='',args=MM_valida teForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
}
//-->
</script>
</head>

<body>
<a href="#top"><img src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0">
<tr>
<td><img src="images/banner_left.jpg" width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><img src="images/banner_right.jpg" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbarMap" alt="Navigation Bar"
/></td>
<td><img name="copyright_bar" src="images/copyright_bar.gif"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login" id="frm_login" method="POST" action="<?php
echo $loginFormAction; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_validateForm('username','','RisEmail', 'pwd','','R');return
document.MM_returnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register.php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap" id="navbarMap">
<area shape="rect" coords="1,0,62,20" href="index.php" alt="Home" />
<area shape="rect" coords="71,0,117,20" href="about.php" alt="About"
/>
<area shape="rect" coords="129,0,196,20" href="tours.php" alt="Find
Tours" />
<area shape="rect" coords="209,0,311,20" href="profiles.php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,434,20" href="contact.php"
alt="Contact An Agent" />
</map>
</body>
</html>


John


Jul 17 '05 #4
I noticed that Message-ID: <o9********************************@4ax.com>
from John contained the following:
I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

True enough.

I think you are trying to do too much at once. Why not get something
simple working first?

Try this: Username: John Password: php
or Username: Geoff Password: php

Now, copy the following and save it as login.php

<?php
session_start();
$_SESSION['logged_in']="";

//enter username-password pairs here
$userpass=array("geoff-php","john-php");

if(isset($_POST['Submit'])){
$username=$_POST['username'];
$input=strtolower($_POST['username'])."-".strtolower($_POST['password']);

if(in_array($input,$userpass)){
$_SESSION['logged_in']=1;
}
}
else{$username="";}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>Login page</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

</HEAD>
<BODY BGCOLOR="#ffffff" TEXT="#000000">

<h2>Login page</h2>
<h3>Login to access administrative options</h3>
<form name="form1" method="post" action="">

<table width="30%" border="0" cellspacing="0" cellpadding="2">
<tr>
<td align="right">Username: </td>
<td>
<input type="text" name="username"value="<?php print $username;
?>">
</td>
</tr>
<tr>
<td align="right">Password:</td>
<td>
<input type="password" name="password">
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<input type="submit" name="Submit" value="Submit">
</td>
</tr>
</table></form>
<?php
if($_SESSION['logged_in']==1)
{
?>
<h3>Login successful!</h3>
<!--do stuff - show links, whatever...-->
<?php }
elseif(isset($_POST['username'])||isset($_POST['password'])){
print "<h3>Incorrect username or password. Go away.</h3>";
}
?>
</div>
</BODY>
</HTML>
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #5
<?php require_once('Connections/conn_newland.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

Session_start needs to be the first line. That means it needs to go
before the include you've got here. To the best of my knowledge, you
don't need an .htaccess file to get this to work. I've never used one.

Steve


Steve.

How should I break this down and change it?

Would the following work...?
<?php
// *** Validate request to login to this site.
session_start();
?>

<?php require_once('Connections/conn_newland.php'); ?>

<?php
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
etc etc.... ?>

Or should I just leave it all open?

<?php
// *** Validate request to login to this site.
session_start();

php require_once('Connections/conn_newland.php');

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
etc etc.... ?>

Cheers

John
Jul 17 '05 #6
"John" <du*@ula.com> wrote in message
news:l4********************************@4ax.com...
Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.

I have looked everywhere for info on this and I mean everywhere
including the php.net manual.

In the manual it said to include something like the following:

php_flag register_globals off;
php_value session.save_path C:\home\user\siteroot\sess\users
php_value session.cookie_time 3600
php_value session.gc_maxlifetime 3600
php_value include_path .;C:\home\user\siteroot\sess
php_value auto_prepend C:\home\user\siteroot\sess\path_file.php

I did that and then someone in here said that it was wrong and I
needed to include all these other things and have other files in
different places as well.

To start with, I was informed in this group that all I needed was a
.htaccess file nothing else.

I am running locally, I have Windows XP Pro. I have Apache 2.0.49, PHP
4.37.

What exactly do I need to have in this .htaccess file (and elsewhere)
to get sessions to work? What am I doing wrong? All I have done is
followed what people in here and the advice in the manual said.

Is asp or coldfusion as complicated and troublesome to use as php is?

Are there any "good php" books that have recently been published that
explain clearly how to enable sessions without register_blobals being
on? This book I am working through is pretty new, it is for learning
asp, coldfusion or php with mysql in dreamweaver mx 2004! It has only
recently been published but is still going with the old method of
globals being on! I have four other books on php as well, and none of
them deal with this.

Help please before I pull all my hair out! (whats left of it!)

John


Most default PHP installs I see have sessions enabled already. What does
phpinfo() say when you don't have any .htaccess file in place? What evidence
do you have that sessions are not working? You haven't shown any code where
you attempt to use sessions, so it may well be that you simply aren't coding
correctly and your configurations are correct.

Show a short and complete example that demonstrates the problem, describe
the symptoms, and perhaps we can help you retain a few hairs.

As pointed out by Bob the primary key is to use $_SESSION array to access
session variables. That, and issue a session_start() function call at the
beginning of your script.

- Virgil
Jul 17 '05 #7
"John" <du*@ula.com> wrote in message
news:o9********************************@4ax.com...
On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam.me> wrote:

I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.
Not necessary.
If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?
Probably.
Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?
Comments in code below.
When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('Connections/conn_newland.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();
Contrary to Steve's posting, it is *not* necessary to have session_start
before the require_once call. Leave it alone.
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
Where is $accesscheck set? I don't see it anywhere.

Replace $GLOBALS with $_SESSION.

Remove session_register(whatever). You are not supposed to use the
session_register function with $_SESSION.
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['pwd'];
$MM_fldUserAuthorization = "userGroup";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "login_failed.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_conn_newland, $conn_newland);

$LoginRS__query=sprintf("SELECT username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quotes_gpc() ? $loginUsername :
addslashes($loginUsername), get_magic_quotes_gpc() ? $password :
addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $conn_newland) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'userGroup');

file://declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
Replace $GLOBALS with $_SESSION.
file://register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
Drop these two lines of code. session_register is not for use with $_SESSION
if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newland Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { file://v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++)
x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_validateForm() { file://v4.0
var
i,p,q,nm,test,num,min,max,errors='',args=MM_valida teForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
}
file://-->
</script>
</head>

<body>
<a href="#top"><img src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0">
<tr>
<td><img src="images/banner_left.jpg" width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><img src="images/banner_right.jpg" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbarMap" alt="Navigation Bar"
/></td>
<td><img name="copyright_bar" src="images/copyright_bar.gif"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login" id="frm_login" method="POST" action="<?php
echo $loginFormAction; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_validateForm('username','','RisEmail', 'pwd','','R');return
document.MM_returnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register.php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap" id="navbarMap">
<area shape="rect" coords="1,0,62,20" href="index.php" alt="Home" />
<area shape="rect" coords="71,0,117,20" href="about.php" alt="About"
/>
<area shape="rect" coords="129,0,196,20" href="tours.php" alt="Find
Tours" />
<area shape="rect" coords="209,0,311,20" href="profiles.php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,434,20" href="contact.php"
alt="Contact An Agent" />
</map>
</body>
</html>


See if that cleans things up.

- Virgil
Jul 17 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Marko Lahtinen | last post by:
Hello! A part of my website is protected with a .htaccess file. Can I somehow bypass the username/password dialog ?? Can I somehow "hardcode" the authentication name and password in my php-file...
6
by: somaboy mx | last post by:
Hello I need people to be able to complete long text blocks in my cms before their session times out. From the php documentation I gather that ini directive session.gc_maxlifetime would be the...
1
by: awebguynow | last post by:
My shared-host doesn't allow php_value directives in .htaccess I was using an "auto_prepend_file" on my local development machine, that helped me implement a Session based authentication...
1
by: asllearner | last post by:
I have an htaccess file protected folder. In that folder I have several php files that generate some simple html. When I am logged out, cache cleared, sessions info cleared, I navigate to one of the...
1
by: jonathan184 | last post by:
Hi I would like to enable these two features for one of the websites on a server, How would i put this in an .htaccess doc? ;; Enable output character encoding conversion for all PHP pages ;;...
5
by: Nosferatum | last post by:
I am in need of a solution on how to solve this problem: I need to limit access to six different folders. My users are validated in a system which check their prescence with a couple of...
0
by: xiaawan | last post by:
Hi All, Can Anyone help me to solve this problem. Actually I have two urls and I want both of them to work at the same time for different urls. here is my .htaccess code. AddHandler...
5
by: =?Utf-8?B?QWxla3MgS2xleW4=?= | last post by:
I test asp.net 2.0 application on virtual PC for studio Orcas 2.0. When I start application I get error in line session("aa")="bb" Error tells that I need to enable session state. I found in...
2
by: knkk | last post by:
I want to redirect a url http://abc.xyz.com/123 to http://www.xyz.com. So the file that will be accessed will be index.php of xyz.com. That index.php should have available to it both abc and 123 (so...
2
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and efficiency. While initially associated with cryptocurrencies...
0
by: Naresh1 | last post by:
What is WebLogic Admin Training? WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge required to effectively administer and manage Oracle...
0
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was proposed, which integrated multiple engines and...
1
by: Matthew3360 | last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function. Here is my code. header("Location:".$urlback); Is this the right layout the...
2
by: Matthew3360 | last post by:
Hi, I have a python app that i want to be able to get variables from a php page on my webserver. My python app is on my computer. How would I make it so the python app could use a http request to get...
0
by: AndyPSV | last post by:
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and...
0
by: Arjunsri | last post by:
I have a Redshift database that I need to use as an import data source. I have configured the DSN connection using the server, port, database, and credentials and received a successful connection...
0
hi
by: WisdomUfot | last post by:
It's an interesting question you've got about how Gmail hides the HTTP referrer when a link in an email is clicked. While I don't have the specific technical details, Gmail likely implements measures...
0
BLUEPANDA
by: BLUEPANDA | last post by:
At BluePanda Dev, we're passionate about building high-quality software and sharing our knowledge with the community. That's why we've created a SaaS starter kit that's not only easy to use but also...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.