Menu
Ok, well, since no one was answering my last post, and I figured it out on my own anyway, I have a question about session variables. Say I set $_SESSION[‘variable’] = “some text”; in one page. If I go to another page that I am using sessions on and go to print $
[code=php]session_start();[/code]
is will display what was stored from your previous page. without that string it does not know to continue to pass the session.[code=php]
<?php
session_start();
//recored pages current directory
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
// set a max file size for the html upload form
$max_file_size = 209715200; // size in bytes
if(isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
//Do nothing if session logged is true.
} elseif(isset($_SESSION['logged']) && $_SESSION['logged'] == 0){
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login.php");
exit();
}
?>
[/code]
[code=php]
<?php
session_start();
//recored pages current directory
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
// set a max file size for the html upload form
$max_file_size = 209715200; // size in bytes
if(isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
//Do nothing if session logged is true.
} else { //removed if statement from here.
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login.php");
exit();
}
?>
[/code]
[code=php]
<?php
session_start();
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
if(isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "upload.php");
exit();
} else {
$logmsg = "";
if (isset($_POST['login'])) {
$username = isset($_POST['username']) ? trim($_POST['username']) : "";
$password = isset($_POST['password']) ? trim($_POST['password']) : "";
if ($username == "" OR $password == "") {
$logmsg = "You must enter both a user name and a password to login.";
} else {
require_once('mysql_config.php');
$connect = mysql_connect(SQL_HOST,SQL_USER,SQL_PASS) or die('Could not connect to the Database.' .mysql_error());
mysql_select_db(SQL_DB,$connect);
$hashpw = hash("sha512",$password);
$query = "SELECT user_name FROM login_info WHERE user_name = '$username' AND password = '$hashpw' LIMIT 1;";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['logged'] = 1;
//$record = "Session logged: " .$_SESSION['logged'];
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "upload.php");
exit();
} else {
$_SESSION['logged'] = 0;
//$norecord = "Session unlogged: " .$_SESSION['logged'];
$logmsg = "<p><span style='color:#CC0000'><strong>The Username and Password you entered does not exist.</strong></span><br/>";
$logmsg .= "You can contact our <a href='mailto:[email protected]'>Customer Service</a> department if you need help with your account.";
}
}
}
}
?>
[/code]
[code=php]if($_SESSION['logged'] == 1)[/code]
[code=php]<?php
session_start();
if(!isset($_SESSION['logged']) OR ($_SESSION['logged'] <> 0 AND $_SESSION['logged'] <> 1)) {
$_SESSION['logged'] = 0;
}
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
// Just as a hint...
$directory_self = dirname($_SERVER['PHP_SELF']) ."/";
if (isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "upload.php");
exit();
}
$logmsg = "";
if (isset($_POST['login'])) {
// Set it as early as possible
$_SESSION['logged'] = 0;
$username = isset($_POST['username']) ? trim($_POST['username']) : "";
$password = isset($_POST['password']) ? trim($_POST['password']) : "";
if ($username == "" OR $password == "") {
$logmsg = "You must enter both a user name and a password to login.";
} else {
require_once('mysql_config.php');
$connect = mysql_connect(SQL_HOST,SQL_USER,SQL_PASS) or die('Could not connect to the Database.' .mysql_error());
mysql_select_db(SQL_DB,$connect);
$hashpw = hash("sha512",$password);
$query = "SELECT user_name FROM login_info WHERE user_name = '$username' AND password = '$hashpw' LIMIT 1;";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$_SESSION['logged'] = 1;
}
if ($_SESSION['logged'] == 0) :
//$norecord = "Session unlogged: " .$_SESSION['logged'];
$logmsg = "<p><span style='color:#CC0000'><strong>The Username and Password you entered does not exist.</strong></span><br/>";
$logmsg .= "You can contact our <a href='mailto:[email protected]'>Customer Service</a> department if you need help with your account.";
} else {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
//$record = "Session logged: " .$_SESSION['logged'];
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "upload.php");
exit();
}
}
}
?>[/code]
[code=php]
if(isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
//Do nothing if session logged is true.
} elseif(isset($_SESSION['logged']) && $_SESSION['logged'] == 0){
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login.php");
exit();
}
[/code]
[code=php]
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
[/code]
[code=php]
if(isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
} elseif(isset($_SESSION['logged']) && $_SESSION['logged'] == 0) {
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
//header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login.php");
//exit();
}
[/code]
[code=php]
<?php
session_start();
if(!isset($_SESSION['logged']) OR ($_SESSION['logged'] <> 0 AND $_SESSION['logged'] <> 1)) {
$_SESSION['logged'] = 0;
}
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
// Just as a hint...
//$directory_self = dirname($_SERVER['PHP_SELF']) ."/";
if (isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "upload.php");
exit();
} else {
$logmsg = "";
if (isset($_POST['login'])) {
// Set it as early as possible
$_SESSION['logged'] = 0;
$username = isset($_POST['username']) ? trim($_POST['username']) : "";
$password = isset($_POST['password']) ? trim($_POST['password']) : "";
if ($username == "" OR $password == "") {
$logmsg = "You must enter both a user name and a password to login.";
} else {
require_once('mysql_config.php');
$connect = mysql_connect(SQL_HOST,SQL_USER,SQL_PASS) or die('Could not connect to the Database.' .mysql_error());
mysql_select_db(SQL_DB,$connect);
$hashpw = hash("sha512",$password);
$query = "SELECT user_name FROM login_info WHERE user_name = '$username' AND password = '$hashpw' LIMIT 1;";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$_SESSION['logged'] = 1;
}
if ($_SESSION['logged'] == 0) {
//$norecord = "Session unlogged: " .$_SESSION['logged'];
$logmsg = "<p><span style='color:#CC0000'><strong>The Username and Password you entered does not exist.</strong></span><br/>";
$logmsg .= "You can contact our <a href='mailto:[email protected]'>Customer Service</a> department if you need help with your account.";
} else {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
//$record = "Session logged: " .$_SESSION['logged'];
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
//header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "upload.php");
//exit();
}
}
}
}
?>
[/code]
Logically, this is the way it should look:[code=php]if(isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
} elseif(isset($_SESSION['logged']) && $_SESSION['logged'] == 0) {
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
//header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login.php");
//exit();
}[/code]
[/QUOTE]
[code=php]<?php
if (!isset($_SESSION['logged'])) {
// Session doesn't exist
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login.php");
exit();
} elseif ($_SESSION['logged'] == 1) {
// Session exists and user is logged in
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
} elseif ($_SESSION['logged'] == 0) {
// Session exists but user isn't logged in
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login.php");
exit();
}
?>[/code]
We can shorten it to:[code=php]<?php
if (!isset($_SESSION['logged']) OR $_SESSION['logged'] <> 1) {
// Session doesn't exist OR user isn't logged in
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login.php");
exit();
} else {
// Session exists and user is logged in
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
}
?>[/code]
What your code is lacking is the case of the user that isn't logged in at all, i.e. no session variable set. You're only testing for a set variable and a value but not doing anything in the absence of this variable.[code=php]<?php
session_start();
// Check on the name of the login form page...
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
if (isset($_POST['login'])) {
// Whenever a user logs in through the form, reset to not logged in...
$_SESSION['logged'] = 0;
$_SESSION['username'] = "";
$_SESSION['password'] = "";
} elseif(!isset($_SESSION['logged'])) {
// Ditto if the session isn't set
$_SESSION['logged'] = 0;
$_SESSION['username'] = "";
$_SESSION['password'] = "";
} else {
// Anything else, we don't know, so we log him out
unset($_SESSION['logged']);
unset($_SESSION['username']);
unset($_SESSION['password']);
// Send the user to the login form (check on name!!)
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login_form.php"); // check on name!!
exit();
}
// User passed the basic test...
if ($_SESSION['logged'] == 1) {
// If not coming from the login form and session already set, take the user to upload.php
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "upload.php");
exit();
}
// If we didn't exit, continue...
$logmsg = "";
if (!isset($_POST['login'])) {
// Send the user to the login form (check on name!!)
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "login_form.php"); // check on name!!
exit();
}
$username = isset($_POST['username']) ? trim($_POST['username']) : "";
$password = isset($_POST['password']) ? trim($_POST['password']) : "";
if ($username == "" OR $password == "") {
$logmsg = "You must enter both a user name and a password to login.";
} else {
require_once('mysql_config.php');
$connect = mysql_connect(SQL_HOST,SQL_USER,SQL_PASS) or die('Could not connect to the Database.' .mysql_error());
mysql_select_db(SQL_DB,$connect);
$hashpw = hash("sha512",$password);
$query = "SELECT user_name FROM login_info WHERE user_name = '$username' AND password = '$hashpw' LIMIT 1;";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$_SESSION['logged'] = 1;
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
//$record = "Session logged: " .$_SESSION['logged'];
$logmsg = "Session Info: " .$_SESSION['username'];
$logmsg .= "<br/>Session Info: " .$_SESSION['password'];
$logmsg .= "<br/>Session Info: " .$_SESSION['logged'];
header("Location: http://" . $_SERVER['HTTP_HOST'] . $directory_self . "upload.php");
exit();
} else {
unset($_SESSION['logged']);
unset($_SESSION['username']);
unset($_SESSION['password']);
//$norecord = "Session unlogged: " .$_SESSION['logged'];
$logmsg = "<p><span style='color:#CC0000'><strong>The Username and Password you entered does not exist.</strong></span><br/>";
$logmsg .= "You can contact our <a href='mailto:[email protected]'>Customer Service</a> department if you need help with your account.";
}
}
?>[/code]
0.1.9 — BETA 5.5