jianneng
11-26-2002, 02:38 AM
Hi, I found many threads on sessions, but still I can't solve my present problem :( Any help on this would be deeply appreciated...
I don't want to use any cookies, so I think sessions is the only option. I want users to login first before they can access any links on my website (except that login page and the user registration page...) Please have a look at part of the code for my login page:
require_once ("config.inc");
if (isset($HTTP_POST_VARS[Submit])) {
// Check the submitted info.
if ( (ereg ("^[[:alnum:]]+$", $HTTP_POST_VARS[username])) AND (eregi ("^[[:alnum:]]{8,16}$", $HTTP_POST_VARS[password])) ) {
$query = "SELECT user_id, first_name, password FROM users WHERE username='$HTTP_POST_VARS[username]'";
$query_result = mysql_query ($query, $db_connection) or die (mysql_error());
$result = @mysql_fetch_array ($query_result);
if ($password == $result[password]) {
session_start();
$user_id = $result[0];
$first_name = $result[1];
session_register ('user_id');
session_register ('first_name');
$sid_value = "?" . PHPSESSID;
header("Location: success-message.php$sid_value");
exit;
} else {
include "error-message.php?ec=1";
exit;
}
On the other hand, for all the links which I put the restriction, they have the following code:
<?PHP
if (!isset ($HTTP_SESSION_VARS['first_name'])) {
include "error-message.php?ec=3";
exit;
}
?>
The error message and success message contain a link in which if the user clicks, he will reach the login page.
The problem now is I am unable to pass the PHPSESSID value from page to page (or link to link). And so the result is I still get the error message asking me to login again despite I have logged in initially. It seems the session has not registered the value of "first_name"...
Can someone help me? Thanks in advance.
Lim
I don't want to use any cookies, so I think sessions is the only option. I want users to login first before they can access any links on my website (except that login page and the user registration page...) Please have a look at part of the code for my login page:
require_once ("config.inc");
if (isset($HTTP_POST_VARS[Submit])) {
// Check the submitted info.
if ( (ereg ("^[[:alnum:]]+$", $HTTP_POST_VARS[username])) AND (eregi ("^[[:alnum:]]{8,16}$", $HTTP_POST_VARS[password])) ) {
$query = "SELECT user_id, first_name, password FROM users WHERE username='$HTTP_POST_VARS[username]'";
$query_result = mysql_query ($query, $db_connection) or die (mysql_error());
$result = @mysql_fetch_array ($query_result);
if ($password == $result[password]) {
session_start();
$user_id = $result[0];
$first_name = $result[1];
session_register ('user_id');
session_register ('first_name');
$sid_value = "?" . PHPSESSID;
header("Location: success-message.php$sid_value");
exit;
} else {
include "error-message.php?ec=1";
exit;
}
On the other hand, for all the links which I put the restriction, they have the following code:
<?PHP
if (!isset ($HTTP_SESSION_VARS['first_name'])) {
include "error-message.php?ec=3";
exit;
}
?>
The error message and success message contain a link in which if the user clicks, he will reach the login page.
The problem now is I am unable to pass the PHPSESSID value from page to page (or link to link). And so the result is I still get the error message asking me to login again despite I have logged in initially. It seems the session has not registered the value of "first_name"...
Can someone help me? Thanks in advance.
Lim