Hi

im setting up a very user-interactive website at www.live-guilds.com i'd like to think im pretty advanced with php and mysql but there is one problem i just cant get my head around and its bugging me...

ok so ive set up session variables when a user logs in...

used the usual code for it:

session_register('username');
$_SESSION['username'] = $username;

so now my session variable for 'username' is whats set in $username, which was obviously... yep you guessed it... the persons username...

BUT, it all seems to work fine... i have a snippet of code that goes something like this:

if ( empty ($_SESSION['username'])) {

} else {

}

its on every page, and if the session var is set then it does one thing, if not it does another... on the login page it works fine, it sets the session variable then it uses the first part of the code... lets say the first part shows a link to logout, and the 'else' shows the code to login.

so on the login page, after ive logged in, it shows me the logout page, as it should.. but as soon as i navigate away from this page, lets say, we go back home, or go to the sitemap page, the login code runs... not the logout code... even though its exactly the same code for it on every page, as its called using an 'include' function...

Its as if the session variables want to delete themselves every time the page navigates away no matter what i do :mad:

Please, any help would be greatly appreciated :p

feel free to register an account and try login yourself to see the problem with your own eyes.

Thanks

You don't need session_register().

an 'include' function...

Include() and require() are language constructs, not functions.

If removing session_register doesn't fix it, then you might need to show more code as it sounds mostly like a problem with your code.

Silly me lol. you know what i mean though?

The

if ( empty ($_SESSION['username'])) {

} else {

}


is called via an Include() language construct :P
. removing session_register didnt fix it.

here is the code for my Login page:

<?
include 'top.php';

//LOGIN USER

// Convert to simple variables
$username = $_POST['username'];
$password = $_POST['password'];

if((!$username) || (!$password)){
exit();
}

// Convert password to md5 hash
$db_password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM members WHERE username='" . $username . "' AND password='".$db_password."'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!

$_SESSION['username'] = $row['username'];
}
}

?>

That is at the very top of the page, then it continues with the headers then the content, one thing i just thought of... does the session variable need to be set actually in the body of the page? or does it make no difference?

Here is the code from my Login/Logout page im having the trouble with:

<?

if (empty ($_SESSION['username'])) {

echo 'Current users login<form id="form1" name="form1" method="post" action="'.$memberspath.'login.php"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="60">username</td>
<td width="105">
<label>
<div align="left">
<input name="username" type="text" id="login_username" size="10" />
</div>
</label>

<div align="left"></div></td>
</tr>
<tr>
<td>password</td>
<td><div align="left">
<input name="password" type="password" id="login_password" size="10" />
</div></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><label>
<div align="left">
<input type="image" src="'.$rootpath.'images/LOGIN.gif" name="Submit" value="Submit" />
</div>
</label></td>
</tr>
<tr>
<td colspan="2">
<div align="center">
<a href="retrieve_password.php">Forgot your password?</a><br><a href="'.$rootpath.'register.php">Register a <b>FREE account</b></a>
</div>
</td>
</tr>
</table>

</form>';

} else {

echo '<a href="'.$memberspath.'logout.php">LOGOUT</a>';

}

?>

The above code is what is called with include() as you should be able to see from the first section of code from the 'login' page.

Thanks

Does your top.php file contain your session_start() function call?

yes sorry, knew i'd forget something.

top.php contains the following:

<?
session_start();
include 'db.php';

$adminpath = 'admin/';
$memberspath = 'members/';
$rootpath = '';
?>

Also i forgot to mention...
It was working before... i dont have a clue what i added to make it not work any more, i didnt think i directly edited any of these files in a way that could affect it... which is also why im extra confused. it was working yesterday.

And (forgive me) you have top.php at the top of every script?

(edit) and is the username = 0 or '0' or false or spaces or anything weird like that? empty() returns true if the value is 0... usually isset() is preferable because of this (or a combination of both empty() and isset()).

yes top.php is at the top of every page of the site, as it contains all the directory paths and things like that, that every page require.

i just tried isset and that didnt work... here it is now:

<?

if (!isset($_SESSION['username'])) {

echo 'Current users login<form id="form1" name="form1" method="post" action="'.$memberspath.'login.php"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="60">username</td>
<td width="105">
<label>
<div align="left">
<input name="username" type="text" id="login_username" size="10" />
</div>
</label>

<div align="left"></div></td>
</tr>
<tr>
<td>password</td>
<td><div align="left">
<input name="password" type="password" id="login_password" size="10" />
</div></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><label>
<div align="left">
<input type="image" src="'.$rootpath.'images/LOGIN.gif" name="Submit" value="Submit" />
</div>
</label></td>
</tr>
<tr>
<td colspan="2">
<div align="center">
<a href="retrieve_password.php">Forgot your password?</a><br><a href="'.$rootpath.'register.php">Register a <b>FREE account</b></a>
</div>
</td>
</tr>
</table>

</form>';

} else {

echo '<a href="'.$memberspath.'logout.php">LOGOUT</a>';

}

?>

The username session var is Blank yes, when the user has not logged in, i would have thought it was a server error, because i cant find anything wrong, but it confuses me because it did work before, as i said already. damn.

Thanks for trying to help by the way.

Yep I'm stumped, looks like it should work. From this point if it were me then I'd add a print_r($_SESSION) in top.php and maybe set a test variable $_SESSION['thisisatest'] = 'please work'; at the bottom of top.php to attempt to narrow down the problem. Maybe the query isn't finding a match on the entered username/password? Maybe something else is messed up? Do you have error reporting turned on? It's a big mystery...

Ah ok, ill try all that then and see what i come up with. If not ill talk to my web host and see if for some reason its got a problem with the host.

it cant be to do with not finding a match either, as theres an area of code that determines if there was a match or not, and it always logs in fine and the session variables are set only on the login page, its just when you navigate away from the page you login by.

I dont have error reporting turned on at the minute, ill see

Ill get emailing people lol

Thanks for the help.

ok so now im even more confused... lol

heres whats in 'top.php' now:

<?
session_start();

print_r($_SESSION);

include 'db.php';

$adminpath = 'admin/';
$memberspath = 'members/';
$rootpath = '';

$_SESSION['thisisatest'] = 'please work';

?>

Go to www.live-guilds.com and login with the username 'test' and the password 'test' and have a look at what happens.

There is no variable data at all apart from on the home page 'index.php'

this is particulaly strange becase index.php and sitemap.php (the only 2 ive uploaded from root directory) share the same top.php file but sitemap does not contain the variable and index does Also login.php has basically the same top.php setup, just different variables that have no relevance to this problem...

any ideas at all or it is time to contact the host?

Hi,

I've been delving into session problems a lot recently too, so here are some extra suggestions:

As Fumigator mentioned, make sure error reporting is on, and the show_errors directive is set to true. These can be done like this:

error_reporting(E_ALL);
ini_set('display_errors', true);


Hopefully it'll show you something.

I looked at your site & tried the login, and you're right about the session not being propegated from one page to the next. The reason it works on the login page is because you explicitly set $_SESSION['username'] during the login process, and while that page is being executed it is treated like any other array.

I also checked to see if your site had set a session cookie in my browser, and it had, so that deepens the mystery.

My session problems were caused by the the fact that pages were being served by multiple servers, (link (http://www.codingforums.com/showthread.php?t=113132)), but I would expect more random behaviour if that was your problem.

Also, I just looked through your code again, check to make sure that $row['username'] actually has a value. Something like this:
echo 'row username: ' . $row['username'];
$_SESSION['username'] = $row['username'];


It seems obvious, but you never know, it could be the source of your grief.

And finally, make sure that nothing, not even one character of whitespace is being output before you call session_start();

Hopefully some of that works

RIGHT!

done what you said, got my error reports on... and crikey...

the server really doesnt like sessions....

have a look if you want: www.live-guilds.com ignore all the errors on the right, they are just because i havent coded those pages yet.

but the main thing is this: on every page the error:

Warning: ini_set() has been disabled for security reasons in /data/members/paid/l/i/live-guilds.com/htdocs/www/account_left.php on line 5

But thats just one of the functions you gave me for the error logging, so we should be able to just bypass that. the main thing which i see is at the bottom of whatever page i navigate to after loging in the errors appear:

Warning: Unknown(): open(/data/session/6/a/sess_6acd4ab1d3673388d06d2f99d5b2af2c, O_RDWR) failed: Permission denied (13) in Unknown on line 0

Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (2;/data/session) in Unknown on line 0

So the server isnt actually letting me save sessions... Which is really weird... because that means somehow it was working before with sessions not enabled...

Sessions can be funky sometimes...I recently had a bug where my session vars were being reset because of a variable named "$username" which was conflicting the session var of username.

My advice would be to make sure it works on a seperate box first, or download and run xampp to try it on your own machine. Also if you're writing the session data to a folder on the server, make sure you CHMOD it :)

Hi,

The error you're getting about ini_set() isn't a big deal, and you can remove the ini_set() line from your code. I was just making sure that any error messages would actually be displayed, but it seems that they are even though ini_set() isn't allowed ;)

You could try, based on frazle's post, saving a session variable with a name other than 'username' just in case 'username' is reserved or something, however if $_SESSION['thisisatest'] = 'please work'; is still part of your code that would take care of this problem.

It seems that your session.save_path is not writeable. Do a phpinfo() to see where it is, and if you have access to it CHMOD it to be writeable. If you don't have access you'll have to contact your host.

I think that is host problem. I'd contact them to have them check it.

Hey all, ive got it sorted! :)

it was a problem with the host, the actual code had nothing wrong with it from the start lol, just a very crappy host (Lycos) i DONT reccomend them to anyone.

thanks for everyone who helped try solve it :)