Databases
StackOverflow2013
Postsdbo
POSession not changing in PHP?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSession not changing in PHP?
    primarykey
    data
    text
    <p>Help! I was using Jpmaster77's login script, but needed to change it because I needed a lot more information from users and stuff... Suddenly, I encountered this problem:</p> <p>Usually, after the person hits "Login", the script passes the information to process.php, which runs session.php. The session.php sets cookies. Then it calls database.php, and pulls up the user info. <strong>But now, instead of going to the "logged in" page, the script cycles back to the login form. However, the system DOES registered that I have logged in -- when I ran the "who's online" script, the account I just logged in for shows up.</strong> I am suspecting that the script is somehow stuck (ie. encountered an error, or can't write to database or something) at the session.php part, but i'm not sure..... I want to check, but Xdebug doesn't work for me for some strange reason =<em>_</em>= So here is my code:</p> <p><strong>Login form:</strong></p> <pre><code>&lt;form action="process.php" method="POST" id="user_main"&gt; &lt;span class="label"&gt;Username:&lt;/span&gt; &lt;input type="text" name="user" maxlength="30" value="&lt;? echo $form-&gt;value("user"); ?&gt;"&gt; &lt;? echo $form-&gt;error("user"); ?&gt;&lt;br /&gt; &lt;span class="label"&gt;Password:&lt;/span&gt; &lt;input type="password" name="pass" maxlength="30" value="&lt;? echo $form-&gt;value("pass"); ?&gt;"&gt;&lt;? echo $form-&gt;error("pass"); ?&gt;&lt;br /&gt; &lt;input type="checkbox" name="remember" &lt;? if($form-&gt;value("remember") != ""){ echo "checked"; } ?&gt; /&gt; &lt;span class="label"&gt;Remember me next time&lt;/span&gt;&lt;br /&gt; &lt;input type="hidden" name="sublogin" value="1"&gt; &lt;input type="submit" value="Login"&gt;&lt;br /&gt;&lt;br /&gt; [&lt;a href="forgotpass.php"&gt;Forgot Password?&lt;/a&gt;] | Not registered? &lt;a href="register.php"&gt;Sign-Up!&lt;/a&gt; &lt;/form&gt; </code></pre> <p><strong>Process.php</strong></p> <p>(first check which form it was sent from through the hidden value from the file above)</p> <pre><code>function Process(){ global $session; /* User submitted login form */ if(isset($_POST['sublogin'])){ $this-&gt;procLogin(); } </code></pre> <p><strong>and procLogin says:</strong></p> <pre><code>function procLogin(){ global $session, $form; /* Login attempt */ $retval = $session-&gt;login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); /* Login successful */ if($retval){ header("Location: ".$session-&gt;referrer); } /* Login failed */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form-&gt;getErrorArray(); header("Location: ".$session-&gt;referrer); } } </code></pre> <p><strong>Session login() says:</strong></p> <pre><code>function login($subuser, $subpass, $subremember){ global $database, $form; //The database and form object /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form-&gt;setError($field, "* Username not entered"); } else{ /* Check if username is not alphanumeric */ if(!ctype_alnum($subuser)){ $form-&gt;setError($field, "* Username not alphanumeric"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form-&gt;setError($field, "* Password not entered"); } /* Return if form errors exist */ if($form-&gt;num_errors &gt; 0){ return false; } /* Checks that username is in database and password is correct */ $subuser = stripslashes($subuser); $result = $database-&gt;confirmUserPass($subuser, md5($subpass)); /* Check error codes */ if($result == 1){ $field = "user"; $form-&gt;setError($field, "* Username not found"); } else if($result == 2){ $field = "pass"; $form-&gt;setError($field, "* Invalid password"); } /* Return if form errors exist */ if($form-&gt;num_errors &gt; 0){ return false; } /* Username and password correct, register session variables */ $this-&gt;userinfo = $database-&gt;getUserInfo($subuser); $this-&gt;username = $_SESSION['username'] = $this-&gt;userinfo['username']; $this-&gt;userid = $_SESSION['userid'] = $this-&gt;generateRandID(); $this-&gt;userlevel = $this-&gt;userinfo['userlevel']; /* Insert userid into database and update active users table */ $database-&gt;updateUserField($this-&gt;username, "userid", $this-&gt;userid); $database-&gt;addActiveUser($this-&gt;username, $this-&gt;time); $database-&gt;removeActiveGuest($_SERVER['REMOTE_ADDR']); /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his random value userid. It expires by the time * specified in constants.php. Now, next time he comes to our site, we will * log him in automatically, but only if he didn't log out before he left. */ if($subremember){ setcookie("cookname", $this-&gt;username, time()+COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", $this-&gt;userid, time()+COOKIE_EXPIRE, COOKIE_PATH); } /* Login completed successfully */ return true; </code></pre> <p>}</p> <p><strong>Session start()</strong></p> <pre><code> function startSession(){ global $database; //The database connection session_start() or die("Line 46"); //Tell PHP to start the session /* Determine if user is logged in */ $this-&gt;logged_in = $this-&gt;checkLogin(); /** * Set guest value to users not logged in, and update * active guests table accordingly. */ if(!$this-&gt;logged_in){ $this-&gt;username = $_SESSION['username'] = GUEST_NAME; $this-&gt;userlevel = GUEST_LEVEL; $database-&gt;addActiveGuest($_SERVER['REMOTE_ADDR'], $this-&gt;time); } /* Update users last active timestamp */ else{ $database-&gt;addActiveUser($this-&gt;username, $this-&gt;time); } /* Remove inactive visitors from database */ $database-&gt;removeInactiveUsers(); $database-&gt;removeInactiveGuests(); /* Set referrer page */ if(isset($_SESSION['url'])){ $this-&gt;referrer = $_SESSION['url']; }else{ $this-&gt;referrer = "/"; } /* Set current url */ $this-&gt;url = $_SESSION['url'] = $_SERVER['PHP_SELF']; </code></pre> <p>}</p> <p><strong>CheckLogin()</strong></p> <pre><code>function checkLogin(){ global $database; //The database connection /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) &amp;&amp; isset($_COOKIE['cookid'])){ $this-&gt;username = $_SESSION['username'] = $_COOKIE['cookname']; $this-&gt;userid = $_SESSION['userid'] = $_COOKIE['cookid']; } /* Username and userid have been set and not guest */ if(isset($_SESSION['username']) &amp;&amp; isset($_SESSION['userid']) &amp;&amp; $_SESSION['username'] != GUEST_NAME){ /* Confirm that username and userid are valid */ if($database-&gt;confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['userid']); return false; } /* User is logged in, set class variables */ $this-&gt;userinfo = $database-&gt;getUserInfo($_SESSION['username']); $this-&gt;username = $this-&gt;userinfo['username']; $this-&gt;userid = $this-&gt;userinfo['userid']; $this-&gt;userlevel = $this-&gt;userinfo['userlevel']; return true; } /* User not logged in */ else{ return false; } </code></pre> <p>}</p> <p>Help?</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USuser866339
    1. USuser866339
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. COWell if xdebug does not work then I would write a logfile and trace the execution path by adding logging statements where the function is leaving (you could use error_log for that). As a side note: don't tell the user when an username is not found. Just say "invalid username or password" otherwise you would expose too much information which makes it easier for a brute-force attacker.
      singulars
      1. POSession not changing in PHP?
      1. USvstm
    2. COwhat exactly you mean by stuck? could you please be more specific , are you getting error, warning, blank page? if blank check error log or turn on error reporting, if error/warning what is it? also one thing I noticed you need in your code, is to add exit; after each header. otherwise the next code will be executed, it might be the reason?
      singulars
      1. POSession not changing in PHP?
      1. USDreaded semicolon
    3. COI'm wondering if you can also show the code where you called `session_start()`. Can't see it anywhere..
      singulars
      1. POSession not changing in PHP?
      1. USace
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload