Web Hosting Talk






PDA

View Full Version : PHP Session Problem

tenjinspen
05-09-2008, 01:02 AM
I’ve been having problems with the php session. I’ve created a bulletin board system but the login / logout is giving me headaches. When I tried to login, the header should rightfully display a message “Welcome, my login name”. But sometimes it works and other times it would when I depress F5 to refresh the page.

Can anyone offer any solution here? It has bugged me for the past 2 weeks.

“Header.php”

<?php
session_start();
require_once 'config.php';
$title = $admin['titlebar']['value'];
if (isset($pageTitle) and $pageTitle != "") {
$title .= " :: " . $pageTitle;
}
if (isset($_SESSION['user_id'])) {
$userid = $_SESSION['user_id'];
} else {
$userid = null;
}
if (isset($_SESSION['access_lvl'])) {
$access_lvl = $_SESSION['access_lvl'];
} else {
$access_lvl = null;
}
if (isset($_SESSION['name'])) {
$username = $_SESSION['name'];
} else {
$username = null;
}
echo($username.$userid.$access_lvl);
?>
<html>
<head>
<title><?php echo $title; ?></title>
<link rel="stylesheet" type="text/css" href="forum_styles.css">
</head>
<body>
<div class="body">
<div id="header">
<form method="get" action="search.php" id="searchbar">
<input id="searchkeywords" type="text" name="keywords"
<?php
if (isset($_GET['keywords'])) {
echo ' value="' . htmlspecialchars($_GET['keywords']) . '" ';
}
?>>
<input id="searchbutton" class="submit" type="submit"
value="Search">
</form>
<h1 id="sitetitle"><?php echo $admin['title']['value']; ?></h1>
<div id="login">
<?php
if (isset($_SESSION['name'])) {
echo 'Welcome, ' . $_SESSION['name'];
}
?>
</div>
<p id="subtitle"><?php echo $admin['description']['value']; ?></p>
</div>
<div id="subheader">
<div id="navigation">
<?php
echo ' <a href="index.php">Home</a>';
if (!isset($_SESSION['user_id'])) {
echo ' | <a href="login.php">Log In</a>';
echo ' | <a href="useraccount.php">Register</a>';
} else {
echo ' | <a href="transact-user.php?action=Logout">';
echo "Log out " . $_SESSION['name'] . "</a>";
if ($_SESSION['access_lvl'] > 2) {
echo ' | <a href="admin.php">Admin</a>';
}
echo ' | <a href="useraccount.php">Profile</a>';
}
?>
</div>
</div>


“Index.php”

<?php
require 'header.php';
require_once 'conn.php';
require_once 'functions.php';

$sql = <<<EOS
SELECT f.id as id, f.forum_name as forum,
f.forum_desc as description,
count(forum_id) as threads, u.name as 'mod'
FROM forum_forum f
LEFT JOIN forum_posts p
ON f.id = p.forum_id
AND p.topic_id=0
LEFT JOIN forum_users u
ON f.forum_moderator = u.id
GROUP BY f.id
EOS;
$result = mysql_query($sql)
or die(mysql_error());
if (mysql_num_rows($result) == 0) {
echo " <br>\n";
echo " There are currently no forums to view.\n";
} else {
echo "<table class=\"forumtable\" cellspacing=\"0\" ";
echo "cellspacing=\"0\"><tr>";
echo "<th class=\"forum\">Forum</th>";
echo "<th class=\"threadcount\">Threads</th>";
echo "<th class=\"moderator\">Moderator</th>";
echo "</tr>";
$rowclass = "";
while ($row = mysql_fetch_array($result)) {
$rowclass = ($rowclass == "row1"?"row2":"row1");
echo "<tr class=\"$rowclass\">";
echo "<td class=\"firstcolumn\"><a href=\"viewforum.php?f=" .
$row['id'] . "\">";
echo $row['forum'] . "</a><br>";
echo "<span class=\"forumdesc\">" . $row['description'];
echo "</span></td>";
echo "<td class=\"center\">" . $row['threads'] . "</td>";
echo "<td class=\"center\">" . $row['mod'] . "</td>";
echo "</tr>\n";
}
echo "</table>";
}

require_once 'footer.php';
?>

“Login.php”
<?php require_once 'header.php'; ?>
<form name="theForm" method="post" action="transact-user.php">
<h3>Member Login</h3>
<p>
Email Address:<br>
<input type="text" name="email" maxlength="255"
value="<?php if (isset($_GET['e'])) { echo $_GET['e']; } ?>">
</p>
<p>
Password:<br>
<input type="password" name="passwd" maxlength="50">
</p>
<p>
<input type="submit" class="submit" name="action" value="Login">
</p>

<p>
Not a member yet? <a href="useraccount.php">Create a new account!</a>
</p>
<p>
<a href="forgotpass.php">Forgot your password?</a>
</p>
</form>
<?php require_once 'footer.php'; ?>

“Transact_User.php”

<?php
require_once 'conn.php';
require_once 'http.php';

if (isset($_REQUEST['action'])) {
switch ($_REQUEST['action']) {
case 'Login':
$message="";
if(!isset($_POST['email']) || empty($_POST['email']))
{$message.="Invalid Email Entry"."\n";}
if(!isset($_POST['passwd']) || empty($_POST['passwd']))
{$message.="Invalid Password Entry"."\n";}
if ($message == ""){
$sql = "SELECT id,access_lvl,name,last_login " .
"FROM forum_users " .
"WHERE email='" . $_POST['email'] . "' " .
"AND passwd='" . $_POST['passwd'] . "'";
$result = mysql_query($sql, $conn);
if (!$result) {
die('Could not look up user information; ' .
mysql_error());
}
if ($row = mysql_fetch_array($result)) {
session_start();
$_SESSION['user_id'] = $row['id'];
$_SESSION['access_lvl'] = $row['access_lvl'];
$_SESSION['name'] = $row['name'];
$_SESSION['last_login'] = $row['last_login'];
$sql = "UPDATE forum_users SET last_login = '" .
date("Y-m-d H:i:s",time()) . "' " .
"WHERE id = " . $row['id'];
mysql_query($sql, $conn)
or die(mysql_error() . "<br>" . $sql);

// Or maybe pass along the session id
//setcookie('name', $row['name']);
//setcookie(session_name(), '', time()+10000);
// header ("location: index.php");
// require_once 'header.php';
}
else
{die('Invalid email or/and password');}
}
else
{die($message);}
redirect('index.php');
break;

case 'Logout':
.
.
.
.

?>
aradapilot
05-14-2008, 06:15 AM
well, I'd like to see config.php to check what first goes on on the page.
but to avoid what may be a simple caching issue, use the line header("Cache-Control: no-cache");' at the top of your page. the on-and-off nature of this leads me to believe it may be that simple. that header line (make it the first line of php code you have...before all the requires and whatnot) prevents any future storage of page info. useful function overall.
tenjinspen
05-14-2008, 06:40 AM
well, I'd like to see config.php to check what first goes on on the page.
but to avoid what may be a simple caching issue, use the line header("Cache-Control: no-cache");' at the top of your page. the on-and-off nature of this leads me to believe it may be that simple. that header line (make it the first line of php code you have...before all the requires and whatnot) prevents any future storage of page info. useful function overall.

thks for the great response, aradapilot. may i know am i suppose to put the line header ("Cache-Control: no-cache"); at the top of every pages?

CONFIG.PHP
php
require_once 'conn.php';
require_once 'functions.php';

$sql = 'SELECT * FROM forum_admin';
$result = mysql_query($sql)
or die(mysql_error());

while ($row = mysql_fetch_array($result)) {
$admin[$row['constant']]['title'] = $row['title'];
$admin[$row['constant']]['value'] = $row['value'];
}

$sql = 'SELECT * FROM forum_bbcode';
$result = mysql_query($sql)
or die(mysql_error());

while ($row = mysql_fetch_array($result)) {
$bbcode[$row['id']]['template'] = $row['template'];
$bbcode[$row['id']]['replacement'] = $row['replacement'];
}

// define constants here:
define("NEWPOST",
"<span class=\"newpost\">&raquo;</span>");
define("POSTLINK",
"<span class=\"postlink\">&diams;</span>");
?>
aradapilot
05-14-2008, 12:27 PM
I use the no-cache line at the top of every user accessed page. for example, index.php would start
?php
header(...);
session_start();
-code here-

but it would not be in config, as that is just an included bit of code, and would already come after where the header line is when viewed.

from what I can tell without seeing it in action it looks like $pageTitle is just not getting set...
add an else to this line

if (isset($pageTitle) and $pageTitle != "") {
$title .= " :: " . $pageTitle;
}

to just echo something, thatll let you know if it's failing there. then check the values of the variables and where they are set...