Session issues

@solidaritiDec 29.2005

This is the page page that sets the session. When I login and get to the next page which shown below this, it works, but then when I go to another page it shows the hard coded error message. (shown in the next PHP quote below). Why is this, it keeps doing it, has anyine any ideas, I have tried to change the security level on my mozilla fox, but it is already excepting all cookies.

Any ideas?

[code=php] //Connect to the database and select used database include(‘user.php’); $connection = mysql_connect(“$host”,”$user”,”$password”) or die(mysql_error()); mysql_select_db(“$txt_db_name”,$connection) or die(mysql_error());

$submit = $_POST[‘submit’]; $PHP_SELF = $_SERVER[‘PHP_SELF’];

$kysely = mysql_query(“SELECT * FROM tplss_passwords WHERE PasswordID = ‘1’”,$connection) or die(mysql_error());

$data = mysql_fetch_array($kysely);

$check = 0;

if($submit) { $user = $_POST[‘user’]; $password = $_POST[‘password’]; $season = $_POST[‘season’]; if($user == “$data[PasswordUser]” && md5($password) == “$data[PasswordPassword]”) { session_start(); //poistetaan sessio-keksi, jos jo olemassa unset($_SESSION[‘sessio’]);

//Tehdään unique sessioid srand((double)microtime()*1000000); $sessio = md5(rand(0,9999));

$tmp = explode(“___”,$season); $_SESSION[‘season_id’] = $tmp[0]; $_SESSION[‘season_name’] = $tmp[1];

$_SESSION[‘sessio’] = $sessio;

header(“Location:players.php?sessioid=$sessio”); } else $check=1; [/code]

I have this on one of my pages after the login screen:

[code=php] session_start();

$sessioid = $_REQUEST[‘sessioid’]; $sessio = $_SESSION[‘sessio’];

//Tarkistetaan sessio_id if(!isset($sessioid) || $sessioid != “$sessio” || $sessioid == ”) { print(“Authorization failed.<br> <a href=”index.php”>Restart, please</a>”); } else { [/code]

to post a comment

PHP

8 Comments(s) _↴

@LazyJonesDec 29.2005 — #Are you sure the $season variable is right form for exploding an array from it? I tested it, (with made up value $season = "morjes___sulle"? and it worked just fine.

@chazzyDec 29.2005 — #Here's an idea:

md5($password)

can give you different output on each run, since it generates a random key in some cases.

@solidaritiauthorDec 29.2005 — #For some reason it lets you into the system to the first page, but then if you try another link say to the players page below, you will get thrown out again :

[code=php]
 session_start();
 
 $sessioid = $_REQUEST['sessioid'];
 $sessio = $_SESSION['sessio'];
 
 //Tarkistetaan sessio_id
 if(!isset($sessioid) || $sessioid != "$sessio" || $sessioid == '')
 {
 print("Authorization failed.<br>
 <a href="index.php">Restart, please</a>");
 }
 [/code]

else

{

here are the links imported on everypage: in a <<<HEREDOC at the top would this muck it up?

[code=php]
 $submenu=					// define submenu for this page
 <<<SUBMENUBLOCK
 
 <ul>
 <li><a href="seasons.php?sessioid=<?php echo $sessio ?>">Seasons</a></li>
 <li><a href="matchtypes.php?sessioid=<?php echo $sessio ?>">Matchtypes</a></li>
 <li><a href="opponents.php?sessioid=<?php echo $sessio ?>">Opponents</a></li>
 <li class="selected"><a href="players.php?sessioid=<?php echo $sessio ?>">Players</a></li>
 <li><a href="matches.php?sessioid=<?php echo $sessio ?>">Matches</a></li>
 <li><a href="previews.php?sessioid=<?php echo $sessio ?>">Previews</a></li>
 <li><a href="preferences.php?sessioid=<?php echo $sessio ?>">Preferences</a></li>
 <li><a href="password.php?sessioid=<?php echo $sessio ?>">Password</a></li>
 <li><a href="logout.php">Log out</a></li>
 <li><a href="../index.php">Statistics</a></li>
 
  <li><a href="injured.php?sessioid=<?php echo $sessio ?>">Injured</a></li>
  <li><a href="suspended.php?sessioid=<?php echo $sessio ?>">Suspended</a></li>
  <li><a href="transferred.php?sessioid=<?php echo $sessio ?>">Transferred</a></li>
  <li><a href="matchpictureupload.php?sessioid=<?php echo $sessio ?>">Upload match pictures</a></li>
  <li><a href="comments.php?sessioid=<?php echo $sessio ?>">Fan comments</a></li>
  <li><a href="manual.php?sessioid=<?php echo $sessio ?>">Manual for users</a></li>
 </ul>
 
 SUBMENUBLOCK;
 
 [/code]

@bokehDec 29.2005 — #md5($password)

can give you different output on each run, since it generates a random key in some cases.[/QUOTE]md5() is not one of the encryption methods that takes salt and if working correctly should produce the same output on every run. I think maybe you are thinking of crypt() or similar which doesn't take a default salt on some OS (windows);

@chazzyDec 29.2005 — #Oh right bokeh, nevermind the md5 stuff.

But I just thought of something.

if

[code=php]if($submit)
 {[/code]

is on every page, and you're clicking links to get around, it's only valid on the first page. unless I'm misinterpretting your code and it's not on every page.

@solidaritiauthorDec 29.2005 — #No the if ($submit) {} is only on the loging page (index.php). Would someone be able to show me what a working session is , like the one I posted so I can try that, in my code?

@HuevoosDec 29.2005 — #[code=php]if($submit)[/code]
is only on the page that sets the session if I understand.

I don't know much about sessions, maybe you should break your

[code=php]if(!isset($sessioid) || $sessioid != "$sessio" || $sessioid == '')
 { [/code]

to see if $sessioid is set or is wrong

@chazzyDec 29.2005 — #Hi, take a look at this thread if you like

http://www.webdeveloper.com/forum/showthread.php?t=87813

my attached script uses sessions and works (at least sometimes it does)

Also in #PHP _↴

Validating User Information in a Login Script Cropping problems using imagecopyresampled()Is there a way to avoid multi-submit process if ...

Success!

Help @solidariti spread the word by sharing this article on Twitter...

Tweet This

Session issues

8 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Session issues

8 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

8 Comments(s) _↴

Also in #PHP _↴