...

View Full Version : 2 issues with variables: header() and include()



ballistic
11-18-2011, 04:46 AM
OK, trying to do things the right way here, haven't done much coding for a few years. Current issues are with my variables not being there when I need them. The first is with form validation and using header() to redirect, the $_SESSION variable is empty. The second is that the variables I define in a include() file are showing up empty also. Probably something simple, I never had to worry much about security before, so using session variables is a new endeavor.

Here is the relevant code from the login page at index.php:


<?
session_start();


if (isset($_SESSION['errormsg'])) {
echo $_SESSION['errormsg'];
}
?>

and the code from the authorization page:


<?php
//VARS
session_start();

$uname = $_POST['uname'];
$upass = $_POST['upass'];
$action = $_POST['action'];


if($uname == "") {
$_SESSION['errormsg']='YOU MUST ENTER A USER NAME';
header('Location: index.php');
die();
}

if($upass == "") {
$_SESSION['errormsg']='PASSWORD REQUIRED';
header('Location: index.php');
die();
}

if($action != "auth") {
$_SESSION['errormsg']= 'ACCESSS DENIED';
header('Location: index.php');
die();
} else {
if($action == "auth") {
include ("comms.php");
/*//comms.php contains the following, if I uncomment this, the $link db test works
$server = "localhost";
$user = "root";
$pass = "pass";
$db = "db";*/

//Just a test for db connection

$link = mysql_connect($server, $user, $pass);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);

}}

?>

When I do not include a $uname or $upass, I do get kicked back to the index.php, but the $_SESSION['errormsg'] does not display, and before I put the isset in there, I was getting an undefined variable error.

Current errors:
Notice: Undefined variable: server in auth.php on line 41

Notice: Undefined variable: user in auth.php on line 41

Notice: Undefined variable: pass in auth.php on line 41

Warning: mysql_connect() [function.mysql-connect]: Access denied for user ''@'localhost' (using password: NO) in auth.php on line 41
Could not connect: Access denied for user ''@'localhost' (using password: NO)

I thought that when you used require or include, it was the same as having it right there in same page?

MattClark
11-18-2011, 06:14 AM
You need to declare your database connection variables.



$link = mysql_connect($server, $user, $pass);

MattClark
11-18-2011, 06:15 AM
I would suggest you create a php database connectivity script and include it when you need it.

ballistic
11-18-2011, 06:23 AM
The included file (comms.php) contains the db variables as noted in the comments


$server = "localhost";
$user = "root";
$pass = "pass";
$db = "db";

but php is not recognizing them- is there something more I need to do to declare them other than the code above?

MattClark
11-18-2011, 06:32 AM
ahh, sorry about that. try changing include to require_once. Also make sure if it's in different directory that you are also including that in your require.

ballistic
11-18-2011, 07:07 AM
ahh, sorry about that. try changing include to require_once. Also make sure if it's in different directory that you are also including that in your require.

Yeah, got the path right, and unfortunately, require_once didn't do the trick.

Should I be using some sort of session or other variable array? Again, it's my understanding that an include or require should function just like it is in the code of the page that is being parsed.

Fou-Lu
11-18-2011, 07:22 AM
The included file (comms.php) contains the db variables as noted in the comments


$server = "localhost";
$user = "root";
$pass = "pass";
$db = "db";

but php is not recognizing them- is there something more I need to do to declare them other than the code above?

One problem at a time.
Is this all that is in the comm.php file? Require_once should be used for two reasons: the first is that the declaration is required to proceed, and the _once will prevent issues on multiple includes. That only affects altered variables or function/class definitions though.
Path appears correct as the error would indicate a pathing problem prior to the variable errors.

As for actually including them in the script, that's not incorrect, but it is partially inaccurate. The inclusion imports variables to the scope of the call. In an if branch, they will not exist beyond the if. According to this, this will not be the problem. I'm leaning towards an unset.

As for the sessions themselves, have the sessions successfully established cookies, or are they passed via SID? If they are passed via SID in the querystring, headers will not add these back in. Attempt to pass a header by adding ?' . SID as a part of it. SID is only defined if cookies could not be set.

ballistic
11-19-2011, 03:02 AM
One problem at a time.
Is this all that is in the comm.php file?

The entire contents:
<?
$server = "localhost";
$user = "root";
$pass = "2112";
$db = "sundance";

$connection = mysql_connect ($server, $user, $pass);
?>



Require_once should be used for two reasons: the first is that the declaration is required to proceed, and the _once will prevent issues on multiple includes. That only affects altered variables or function/class definitions though.
Path appears correct as the error would indicate a pathing problem prior to the variable errors.

I will start using require_once.



As for the sessions themselves, have the sessions successfully established cookies, or are they passed via SID? If they are passed via SID in the querystring, headers will not add these back in. Attempt to pass a header by adding ?' . SID as a part of it. SID is only defined if cookies could not be set.


They are not passed via SID. I assume the cookies are working because I tried the favcolor/animal/time script in the php.net example for session_start();, and that worked, it just doesn't work when using the header() redirect.

Fou-Lu
11-19-2011, 05:16 AM
You are using short tags. Does accessing the comm.php file directly show the PHP code within the HTML source?

ballistic
11-19-2011, 08:05 PM
You are using short tags. Does accessing the comm.php file directly show the PHP code within the HTML source?

it does- and in firefox the source code is green. Should I be using some other method?

tangoforce
11-19-2011, 08:10 PM
Yes you should be using <?php instead of <?

<? is known as a short tag. It only works if php has short tags turned on in the php.ini file. Many hosts don't enable short tags.

ballistic
11-19-2011, 08:50 PM
Yes you should be using <?php instead of <?

<? is known as a short tag. It only works if php has short tags turned on in the php.ini file. Many hosts don't enable short tags.

You gotta be freakin kidding me! I was taught back in the day that it didn't really matter. That fixed both issues.

THANK YOU. I'm sure I'll be back for more throughout this project.

tangoforce
11-19-2011, 10:21 PM
You gotta be freakin kidding me! I was taught back in the day that it didn't really matter.

If short tags were enabled on your previous hosts and/or the host you were taught on then no, it wouldn't of mattered. Fact is that you can't rely on short tags being turned on though so best just to stick to <?php

I also found out the hard way. I learnt to use <? and when uploading to my server hell broke loose :rolleyes:



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum