...

View Full Version : Session problem



GO ILLINI
08-06-2007, 07:31 AM
first the code:
Function code(in main.php)

function authizer() {
global $directories,$settings;
if(isset($_SESSION['authid'])) {
//connected correctly
}
else {
//authid bad
$_SESSION['refpage'] = $_SERVER['REQUEST_URI'];
header("Location: {$settings['protocol']}{$settings['servername']}{$settings['path']}/login.php");
}
}login.php

<?php
session_start();
include('./lib/main.php');
if (isset($_POST['submit'])) {
$uname = $_POST['uname'];
$pword = $_POST['pword'];
$refpage = $_POST['refpage'];
if($uname=="admin") {
if($pword==$settings['pword']) {
// logged in
if($refpage=="none") {
$_SESSION['authid'] = 'yes';
header("Location: index.php");
}
else {
$_SESSION['authid'] = 'yes';
header("Location: {$refpage}");
}
}
else {
$badlogin = 1;
}
}
else {
$badlogin = 1;
}
}


template('header');
if(isset($_SESSION['refpage'])) {
$refpage = $_SESSION['refpage'];
echo "<h1>Authorization Required for this page.</h1><p>You need to be authorized to view \"".$refpage ."\". Please login below.";
}
else {
echo "<h1>Log in to change server settings</h1>";
$refpage = 'none';
}
if(isset($badlogin)) {
echo "<h2 style=\"text-align:center;\">Login incorrect</h2>";
}
?>
<form action="login.php" method="POST">
<table style="text-align:center;width:400px;">
<tr><td style="text-align:right;"><label>Username:</label></td><td style="text-align:left;"><input type="text" name="uname" id="uname"></td></tr>
<tr><td style="text-align:right;"><label>Password:</label></td><td style="text-align:left;"><input type="text" name="pword" id="pword"></td></tr>
<tr><td colspan="2"><input type="submit" id="submit" value="Login" name="submit"></td></tr>
</table>
<input type="hidden" name="refpage" value="<?=$refpage;?>">
</form>


<?php
session_destroy();
template('footer');
?>index.php

<?php
session_start();
include('./lib/main.php');
authizer();
template('header');
?>



<?php
template('footer');
?>then the problem:
When I login (with correct details), It sends be back to the login page with a "Authorization Required for this page." error. I don't understand but i think its something to with the session not registering correctly? im not sure... but i'de like to make a release of my program soon and so would like some help soon.


thanks,
-Adam

CFMaBiSmAd
08-06-2007, 08:06 AM
It probably has something to do with the session_destroy() statement near the end of login.php that is unconditionally executed whenever login.php is requested and the fact that there are no exit; statements following each of the header(location:... redirect statements in that file.

The header(...) is sent to the browser and the browser will make a http request back to the server for the location: ... url, but the code in login.php continues to execute until it reaches an exit/die statement or the end of the file.

GO ILLINI
08-06-2007, 08:10 AM
ohh... i thought header(location simulated the exit()... So I should always use an exit after a header(Location command?

-Adam

CFMaBiSmAd
08-06-2007, 08:26 AM
Direct from you know where -

header("Location: http://www.example.com/"); /* Redirect browser */

/* Make sure that code below does not get executed when we redirect. */
exit;

GO ILLINI
08-06-2007, 08:37 AM
ohh yes i know where... Ive never done it like that before... always had the "header" command alone. Works great now.

Thanks
-Adam

s_pradeep
08-06-2007, 08:39 AM
$_SESSION['authid'] = 'yes';
header("Location: {$refpage}");
exit;



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum