Re: losing my session variables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Put "session_start()" somewhere in your code.

$_SESSION isn't set until you "start" your session.

And don't set session variables by $_SESSION[foo] = bar;

DO this:

$foo = bar;
session_register("foo");

Much better.

However, if anyone can correct me, go for it.  I just believe that setting
global variables that the system controls and writes is a bad idea unless
you use the functions that you should.

Get out of the habit of SETTING variables using $_POST or $_SESSION or
$GLOBALS.  DO get in the habit of setting globals by just setting your
variables correctly in the right scope.

Peter

On Tue, 29 Oct 2002, Seabird wrote:

> Hi everyone,
>
> I use a login-script, but for some reason I keep losing my $_SESSION
> variables. Can Anyone tell me why?
>
> Here's my login script:
>
> <?php
> if(isset($_POST['submit'])) { // if form has been submitted
>  /* check they filled in what they were supposed to and authenticate */
>  if(!$_POST['uname'] | !$_POST['passwd']) {
>   print '<form action="index.php" method="post">
>         <div align="left">
>           <input class="test" name="uname" type="text" size="8"
> maxlength="8">
>           <input class="test" type="password" size="8" maxlength="8"
> name="passwd">
>           <input name="submit" type="submit" value="Login">
>           <br>
>           <span class="welcome">please fill in the required
> fields.</span></div>
>       </form>
> ';
>  }
>  // authenticate.
>  if(!get_magic_quotes_gpc()) {
>   $_POST['uname'] = addslashes($_POST['uname']);
>  }
>  $check = $db_object->query("SELECT username, password FROM users WHERE
> username = '".$_POST['uname']."'");
>  if(DB::isError($check)) {
>   print '<form action="index.php" method="post">
>         <div align="left">
>           <input class="test" name="uname" type="text" size="8"
> maxlength="8">
>           <input class="test" type="password" size="8" maxlength="8"
> name="passwd">
>           <input name="submit" type="submit" value="Login">
>           <br>
>           <span class="welcome">username doesn\'t exist.</span> <a
> class="header"
> href="javascript:loadPage(\'mainlayer\',null,\'login/signup.php\')">sign up
> here</a></div>
>       </form>
> ';
>  }
>  $info = $check->fetchRow();
>  // check passwords match
>  $_POST['passwd'] = stripslashes($_POST['passwd']);
>  $info['password'] = stripslashes($info['password']);
>  $_POST['passwd'] = md5($_POST['passwd']);
>  if($_POST['passwd'] != $info['password']) {
>   print '<form action="index.php" method="post">
>         <div align="left">
>           <input class="test" name="uname" type="text" size="8"
> maxlength="8">
>           <input class="test" type="password" size="8" maxlength="8"
> name="passwd">
>           <input name="submit" type="submit" value="Login">
>           <br>
>           <span class="welcome">wrong password, try again</span></div>
>       </form>
> ';
>  }
>
>  // if we get here username and password are correct, register session
> variables and set
>  // last login time.
>  $date = date('m d, Y');
>  $update_login = $db_object->query("UPDATE users SET last_login = '$date'
> WHERE username = '".$_POST['uname']."'");
>  $_POST['uname'] = stripslashes($_POST['uname']);
>  $_SESSION['username'] = $_POST['uname'];
>  $_SESSION['password'] = $_POST['passwd'];
>  $db_object->disconnect();
> ?>
> <span class="welcome">Welcome <a class="header"
> href="javascript:loadPage('mainlayer',null,'users/edit.php?user=<?=$_SESSION
> ['username']?>')"><font
> color="white"><?=$_SESSION['username']?></font></a><br><a class="header"
> href="login/logout.php">Logout</a>
> </span>
> <?php
> }
> else { // if form hasn't been submitted
> ?>
> <form action="<?=$HTTP_SERVER_VARS['PHP_SELF']?>" method="post">
>         <div align="left">
>           <input class="test" name="uname" type="text" size="8"
> maxlength="8">
>           <input class="test" type="password" size="8" maxlength="8"
> name="passwd">
>           <input name="submit" type="submit" value="Login">
>           <br>
>           <a class="header"
> href="javascript:loadPage('mainlayer',null,'login/signup.php')">sign up
> here</a> </div>
>       </form>
> <?php
> }
> ?>
>
> --
> http://seabird.jmtech.ca
>
> Attitude is Everything!
> But Remember, Attitudes are Contagious!
> Is Yours worth Catching????
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

---------------------------------------------------------------------------
Peter Beckman            Systems Engineer, Fairfax Cable Access Corporation
beckman@purplecow.com                             http://www.purplecow.com/
---------------------------------------------------------------------------


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux