By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
458,127 Members | 1,343 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 458,127 IT Pros & Developers. It's quick & easy.

.htaccess to enable sessions

P: n/a
Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.

I have looked everywhere for info on this and I mean everywhere
including the php.net manual.

In the manual it said to include something like the following:

php_flag register_globals off;
php_value session.save_path C:\home\user\siteroot\sess\users
php_value session.cookie_time 3600
php_value session.gc_maxlifetime 3600
php_value include_path .;C:\home\user\siteroot\sess
php_value auto_prepend C:\home\user\siteroot\sess\path_file.php

I did that and then someone in here said that it was wrong and I
needed to include all these other things and have other files in
different places as well.

To start with, I was informed in this group that all I needed was a
..htaccess file nothing else.

I am running locally, I have Windows XP Pro. I have Apache 2.0.49, PHP
4.37.

What exactly do I need to have in this .htaccess file (and elsewhere)
to get sessions to work? What am I doing wrong? All I have done is
followed what people in here and the advice in the manual said.

Is asp or coldfusion as complicated and troublesome to use as php is?

Are there any "good php" books that have recently been published that
explain clearly how to enable sessions without register_blobals being
on? This book I am working through is pretty new, it is for learning
asp, coldfusion or php with mysql in dreamweaver mx 2004! It has only
recently been published but is still going with the old method of
globals being on! I have four other books on php as well, and none of
them deal with this.

Help please before I pull all my hair out! (whats left of it!)

John
Jul 17 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Bob
On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:
Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.


I use sessions with register_globals off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_globals set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...

The key idea is to use the $_SESSION superglobal array. Here is a
simplified example from the php web site:

<?php
// page1.php
session_start();
echo 'Welcome to page #1';
$_SESSION['favcolor'] = 'green';

// Works if session cookie was accepted
echo '<br /><a href="page2.php">page 2</a>';

// Or maybe pass along the session id, if needed
echo '<br /><a href="page2.php?' . SID . '">page 2</a>';
?>

<?php
// page2.php
session_start();
echo 'Welcome to page #2<br />';
echo $_SESSION['favcolor']; // green
?>

Jul 17 '05 #2

P: n/a
On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam.me> wrote:
On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:
Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.


I use sessions with register_globals off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_globals set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...


I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.

If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?

Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?

When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('Connections/conn_newland.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['pwd'];
$MM_fldUserAuthorization = "userGroup";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "login_failed.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_conn_newland, $conn_newland);

$LoginRS__query=sprintf("SELECT username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quotes_gpc() ? $loginUsername :
addslashes($loginUsername), get_magic_quotes_gpc() ? $password :
addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $conn_newland) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'userGroup');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newland Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++)
x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_validateForm() { //v4.0
var
i,p,q,nm,test,num,min,max,errors='',args=MM_valida teForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
}
//-->
</script>
</head>

<body>
<a href="#top"><img src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0">
<tr>
<td><img src="images/banner_left.jpg" width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><img src="images/banner_right.jpg" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbarMap" alt="Navigation Bar"
/></td>
<td><img name="copyright_bar" src="images/copyright_bar.gif"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login" id="frm_login" method="POST" action="<?php
echo $loginFormAction; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_validateForm('username','','RisEmail', 'pwd','','R');return
document.MM_returnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register.php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap" id="navbarMap">
<area shape="rect" coords="1,0,62,20" href="index.php" alt="Home" />
<area shape="rect" coords="71,0,117,20" href="about.php" alt="About"
/>
<area shape="rect" coords="129,0,196,20" href="tours.php" alt="Find
Tours" />
<area shape="rect" coords="209,0,311,20" href="profiles.php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,434,20" href="contact.php"
alt="Contact An Agent" />
</map>
</body>
</html>


John

Jul 17 '05 #3

P: n/a
John wrote:
On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam.me> wrote:

On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:

Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.

I use sessions with register_globals off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_globals set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...

I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.

If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?

Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?

When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('Connections/conn_newland.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

Session_start needs to be the first line. That means it needs to go
before the include you've got here. To the best of my knowledge, you
don't need an .htaccess file to get this to work. I've never used one.

Steve
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['pwd'];
$MM_fldUserAuthorization = "userGroup";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "login_failed.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_conn_newland, $conn_newland);

$LoginRS__query=sprintf("SELECT username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quotes_gpc() ? $loginUsername :
addslashes($loginUsername), get_magic_quotes_gpc() ? $password :
addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $conn_newland) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'userGroup');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newland Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++)
x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_validateForm() { //v4.0
var
i,p,q,nm,test,num,min,max,errors='',args=MM_valida teForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
}
//-->
</script>
</head>

<body>
<a href="#top"><img src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0">
<tr>
<td><img src="images/banner_left.jpg" width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><img src="images/banner_right.jpg" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbarMap" alt="Navigation Bar"
/></td>
<td><img name="copyright_bar" src="images/copyright_bar.gif"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login" id="frm_login" method="POST" action="<?php
echo $loginFormAction; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_validateForm('username','','RisEmail', 'pwd','','R');return
document.MM_returnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register.php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap" id="navbarMap">
<area shape="rect" coords="1,0,62,20" href="index.php" alt="Home" />
<area shape="rect" coords="71,0,117,20" href="about.php" alt="About"
/>
<area shape="rect" coords="129,0,196,20" href="tours.php" alt="Find
Tours" />
<area shape="rect" coords="209,0,311,20" href="profiles.php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,434,20" href="contact.php"
alt="Contact An Agent" />
</map>
</body>
</html>


John


Jul 17 '05 #4

P: n/a
I noticed that Message-ID: <o9********************************@4ax.com>
from John contained the following:
I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

True enough.

I think you are trying to do too much at once. Why not get something
simple working first?

Try this: Username: John Password: php
or Username: Geoff Password: php

Now, copy the following and save it as login.php

<?php
session_start();
$_SESSION['logged_in']="";

//enter username-password pairs here
$userpass=array("geoff-php","john-php");

if(isset($_POST['Submit'])){
$username=$_POST['username'];
$input=strtolower($_POST['username'])."-".strtolower($_POST['password']);

if(in_array($input,$userpass)){
$_SESSION['logged_in']=1;
}
}
else{$username="";}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>Login page</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

</HEAD>
<BODY BGCOLOR="#ffffff" TEXT="#000000">

<h2>Login page</h2>
<h3>Login to access administrative options</h3>
<form name="form1" method="post" action="">

<table width="30%" border="0" cellspacing="0" cellpadding="2">
<tr>
<td align="right">Username: </td>
<td>
<input type="text" name="username"value="<?php print $username;
?>">
</td>
</tr>
<tr>
<td align="right">Password:</td>
<td>
<input type="password" name="password">
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<input type="submit" name="Submit" value="Submit">
</td>
</tr>
</table></form>
<?php
if($_SESSION['logged_in']==1)
{
?>
<h3>Login successful!</h3>
<!--do stuff - show links, whatever...-->
<?php }
elseif(isset($_POST['username'])||isset($_POST['password'])){
print "<h3>Incorrect username or password. Go away.</h3>";
}
?>
</div>
</BODY>
</HTML>
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #5

P: n/a
<?php require_once('Connections/conn_newland.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

Session_start needs to be the first line. That means it needs to go
before the include you've got here. To the best of my knowledge, you
don't need an .htaccess file to get this to work. I've never used one.

Steve


Steve.

How should I break this down and change it?

Would the following work...?
<?php
// *** Validate request to login to this site.
session_start();
?>

<?php require_once('Connections/conn_newland.php'); ?>

<?php
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
etc etc.... ?>

Or should I just leave it all open?

<?php
// *** Validate request to login to this site.
session_start();

php require_once('Connections/conn_newland.php');

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
etc etc.... ?>

Cheers

John
Jul 17 '05 #6

P: n/a
"John" <du*@ula.com> wrote in message
news:l4********************************@4ax.com...
Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_globals being on.

I have looked everywhere for info on this and I mean everywhere
including the php.net manual.

In the manual it said to include something like the following:

php_flag register_globals off;
php_value session.save_path C:\home\user\siteroot\sess\users
php_value session.cookie_time 3600
php_value session.gc_maxlifetime 3600
php_value include_path .;C:\home\user\siteroot\sess
php_value auto_prepend C:\home\user\siteroot\sess\path_file.php

I did that and then someone in here said that it was wrong and I
needed to include all these other things and have other files in
different places as well.

To start with, I was informed in this group that all I needed was a
.htaccess file nothing else.

I am running locally, I have Windows XP Pro. I have Apache 2.0.49, PHP
4.37.

What exactly do I need to have in this .htaccess file (and elsewhere)
to get sessions to work? What am I doing wrong? All I have done is
followed what people in here and the advice in the manual said.

Is asp or coldfusion as complicated and troublesome to use as php is?

Are there any "good php" books that have recently been published that
explain clearly how to enable sessions without register_blobals being
on? This book I am working through is pretty new, it is for learning
asp, coldfusion or php with mysql in dreamweaver mx 2004! It has only
recently been published but is still going with the old method of
globals being on! I have four other books on php as well, and none of
them deal with this.

Help please before I pull all my hair out! (whats left of it!)

John


Most default PHP installs I see have sessions enabled already. What does
phpinfo() say when you don't have any .htaccess file in place? What evidence
do you have that sessions are not working? You haven't shown any code where
you attempt to use sessions, so it may well be that you simply aren't coding
correctly and your configurations are correct.

Show a short and complete example that demonstrates the problem, describe
the symptoms, and perhaps we can help you retain a few hairs.

As pointed out by Bob the primary key is to use $_SESSION array to access
session variables. That, and issue a session_start() function call at the
beginning of your script.

- Virgil
Jul 17 '05 #7

P: n/a
"John" <du*@ula.com> wrote in message
news:o9********************************@4ax.com...
On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam.me> wrote:

I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.
Not necessary.
If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?
Probably.
Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?
Comments in code below.
When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('Connections/conn_newland.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();
Contrary to Steve's posting, it is *not* necessary to have session_start
before the require_once call. Leave it alone.
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
Where is $accesscheck set? I don't see it anywhere.

Replace $GLOBALS with $_SESSION.

Remove session_register(whatever). You are not supposed to use the
session_register function with $_SESSION.
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['pwd'];
$MM_fldUserAuthorization = "userGroup";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "login_failed.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_conn_newland, $conn_newland);

$LoginRS__query=sprintf("SELECT username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quotes_gpc() ? $loginUsername :
addslashes($loginUsername), get_magic_quotes_gpc() ? $password :
addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $conn_newland) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'userGroup');

file://declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
Replace $GLOBALS with $_SESSION.
file://register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
Drop these two lines of code. session_register is not for use with $_SESSION
if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newland Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { file://v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++)
x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_validateForm() { file://v4.0
var
i,p,q,nm,test,num,min,max,errors='',args=MM_valida teForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
}
file://-->
</script>
</head>

<body>
<a href="#top"><img src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0">
<tr>
<td><img src="images/banner_left.jpg" width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><img src="images/banner_right.jpg" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbarMap" alt="Navigation Bar"
/></td>
<td><img name="copyright_bar" src="images/copyright_bar.gif"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login" id="frm_login" method="POST" action="<?php
echo $loginFormAction; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_validateForm('username','','RisEmail', 'pwd','','R');return
document.MM_returnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register.php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap" id="navbarMap">
<area shape="rect" coords="1,0,62,20" href="index.php" alt="Home" />
<area shape="rect" coords="71,0,117,20" href="about.php" alt="About"
/>
<area shape="rect" coords="129,0,196,20" href="tours.php" alt="Find
Tours" />
<area shape="rect" coords="209,0,311,20" href="profiles.php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,434,20" href="contact.php"
alt="Contact An Agent" />
</map>
</body>
</html>


See if that cleans things up.

- Virgil
Jul 17 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.