Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Dec 2005
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Session ID Regenerates Each Page--Data Lost

    Hello All--

    I have a user authentication system, with some flaws...

    The scripts, as far as i know, are correct because I have been using them on a different server and they have worked. The problem is that when the login page redirects, the session ID changes, meaning that all the data that was set on the login page is lost. And, for that matter, each time any page is refreshed, the session ID is regenerated.

    The Login page is this:
    PHP Code:
    <?php
    session_start
    ();
    header("Cache-control: private");

    if(isset(
    $_SERVER['HTTP_REFERER'])){
             
    // Remove Query Strings
        
    $redirect preg_replace('/\?(.*)/','',$_SERVER['HTTP_REFERER']);
    }
    else 
    $redirect "/index.php";

    if(!isset(
    $_POST["user"]) && !isset($_SESSION['user'])){ header("location: /index.php?fail=1"); }// If not logging in, redirect
    else{
        if(
    $_SESSION["user"]){
            
    header("Location: $redirect");
        }
        else{
            
    // Get the posted username and password
            
    $user strtolower($_POST['user']);
            
    $pass $_POST['pass'];

            
    // Include the flat-file
            
    $file file("users.php") or die("Problem getting the user details flat-file [users.php]");

            
    // Get the size of file
            
    $totalLines sizeof($file);

            
    // Get the users details line by line
            
    $line 0;
            
    $match 0;
            do{
                
    // Check the line isn't a comment
                
    if("//" != substr($file[$line], 02)){
                    
    // Break our records up
                    
    @list($username$password$permission$email$url$dob$location$joined) = explode("<del>"$file[$line]);

                    
    // Check the username and passwords match
                    
    if((strtolower($user) == strtolower($username)) && (md5($pass) == $password)) $match 1;
                    else 
    $match 0;
                }

                
    // Exit loop if match found
                
    if($match == 1) break;
                
                
    // Increment line count
                
    $line++;
            } while(
    $line $totalLines);

            
    // Include the file or send them back
            
    if($match == 1){
             
    session_start();
             
    session_id($user);
                
    $_SESSION["user"] = $user;
                
    $_SESSION["pass"] = $pass;
                
    $_SESSION["permission"] = $permission;
                
    $_SESSION["email"] = $email;
                
    $_SESSION["url"] = $url;
                
    $_SESSION["dob"] = $dob;
                
    $_SESSION["location"] = $location;
                
    $_SESSION["joined"] = $joined;
                
                
    // Refresh page
                
    header("location: $redirect");
            }
            else 
    header("location: /index.php?fail=1");
        }
    }
    ?>
    and the index page with login box:
    PHP Code:
    <?php
    session_start
    ();
    header("Cache-control: private");

    $SESS session_id();

    $time microtime();
    $time explode(" "$time);
    $time $time[1] + $time[0];
    $start $time;
    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title>GreatVibrations | Home</title>

    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
    <meta name="description" content="GreatVibrations -- Home for all media" />
    <meta name="keywords" content="greatvibrations,great,vibrations,great vibrations,movies,videos,games,forum,cool,php" />

    <link rel="Shortcut Icon" href="/favicon.ico" />
    <link rel="stylesheet" href="/css/index.css" type="text/css" media="screen, projection" />

    <script type="text/javascript" language="Javascript" src="/misc/time.js"></script>

    </head>

    <body onLoad="goforit();">
    <div id="container" >

    <?php
    require("header.html");
    ?>

    <div id="navigation">
      <ul>
        <li><a href="#" class="selected">Home</a></li>
        <li><a href="/about.php">About</a></li>
        <li><a href="/games/">Games</a></li>
        <li><a href="/videos/">Videos</a></li>
        <li><a href="/pics/">Pictures</a></li>
        <li><a href="/progscript/">Programs &amp; Scripts</a></li>
        <li><a href="http://www.gvstaff.forumup.org">Forum</a></li>
       </ul>
    </div>

    <div id="content">
    <div id="<?php if(isset($_SESSION["user"])){echo "dateMember";}else{echo "date";}?>">

    <span class="textright" id="clock">
    <?php
    echo date("F j, Y \| g:i:s A"time());
    ?>
    </span>
     <?php
       
    if(isset($_SESSION['user'])){
        echo 
    "<br />";
        print (
    ucfirst(strtolower($_SESSION['user'])));
        echo 
    "&nbsp;|&nbsp;";
        
    //if ($_SESSION['location'] !== ""){
        //    print $_SESSION['location'];
        //    echo "&nbsp;|&nbsp;";
        //    }
        
    echo "<a href='mailto:"; print $_SESSION['email'];
        echo 
    "'>"; print $_SESSION['email'];
        echo 
    "</a>&nbsp;|&nbsp;";

        if (
    $_SESSION["permission"] > "1") echo "Admin";
        elseif (
    $_SESSION["permission"] == "1") echo "Moderator";
        elseif (
    $_SESSION["permission"] == "0") echo "User"
        
        echo 
    "<img alt='' width='20px;' height='15' src='/images/main_spacer.jpg' />";
        echo 
    "<strong>";
        echo 
    "<a class='heading' href='/members/logout.php'>Logout</a>";
        echo 
    "</strong>";
    }
     
    ?>
    </div>


    <h2>Welcome To GreatVibrations</h2>
    <p>This is <em>the</em> site to come to for all of your favorite games, videos, and pictures. We are now in the process of completely renovating the style of the site so please bear with us, it might be a while. Please make sure to <a href="/contact.php">contact us</a> with any of your questions, comments, or concerns. Here at GreatVibrations, we take you, the user, very seriously.</p>
    <p>Your Logged IP: <strong><?php echo $_SERVER['REMOTE_ADDR']; ?></strong></p>
    <p><?php print($_SESSION["user"]); ?></p>

    <div class="splitcontentleft">
    <h2>Included Content:</h2>
    <div class="box">
    <h3>Games</h3>
    <p>
    Hopefully we'll have some original games soon... But, in the meantime, we have games publicly available on the site (even better games for members!).
    </p>

    <h3>Videos</h3>
    <p>
    We have a small archive of flash and real videos. Included in these archives are: multiple claymations, several comedic flash cartoons (i.e. "The End Of Ze World"), and a few real videos to be streamed or downloaded.
    </p>

    <h3>Pictures</h3>
    <p>
    We hope to soon have quite a few galleries including, by popular demand, the "OWNED" gallery with even more than before.
    </p>

    <h3>Programs &amp; Scripts</h3>
    <p>
    GreatVibrations has quite a stock of programs and scripts, all original. First and foremost is the archive of MS-Dos batch files. Next in line is the CSS and PHP scripts that are used on the site.
    </p>
    </div>
    </div>

    <div class="splitcontentright">
    <h2>Comments and Questions</h2>
    <p>If you have any questions, comments, or suggestions, <em>please</em> do not hesitate to e-mail the webmaster. A contact page can be found <a href="/contact.php">here</a> that includes a form for sending e-mails.</p>

    <div id="OSS">
    <h2>&nbsp;&nbsp;&nbsp;Mozilla Project</h2>
    <p class="textcenter"><br />

    <!-- <a href="http://www.spreadfirefox.com/">
    <img class="mozAd" border="0" alt="Get Firefox!" style="float:right;" src="/images/firefox-logo.jpg" /></a>
    <a href="http://www.mozilla.com/thunderbird/">
    <img class="mozAd" border="0" alt="Get Thunderbird!" style="float:left;" src="/images/thunderbird-logo.jpg" /></a> -->
    <a href="http://www.Mozilla.com"><img src="/images/fire_thunder.png" alt="Take Back The Web" class="mozAd" /></a>
    </p>
    <div align="center">
    <a href="http://www.Mozilla.com">Take Back The Web!</a>
    </div>
    <br /><br />
    </div>
    <br />

    <!-- ??INTRO??
       <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="175" height="125" align="middle">
       <param name="allowScriptAccess" value="sameDomain" />
       <param name="movie" value="/intro/gvintro.swf" />
       <param name="quality" value="high" />
       <param name="bgcolor" value="#ffffff" />
       <embed src="/intro/gvintro.swf" quality="high" width="175" height="125" align="middle" allowscriptaccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />
       </object>
    -->

    <?php
    if(isset($_SESSION['user'])){
    ?>

    <br />
    <span class="important">
    Logged In
    </span>

    <?php
    }
    else{
    ?>
    <form action="/members/login.php" method="post" name="login" id="login">
    <table>
     <tr>
      <td colspan="3">
        <a href="/members/addUser.php">Signup</a>
            <?php
                
    // Check if we need to add a message
                
    if(@$_GET["fail"]) echo "| <span class = 'important'>Incorrect username or password!</span>";
                elseif(@
    $_GET["logout"]) echo "| <span class = 'important'>Successfully logged out</span>";
                elseif(@
    $_GET["new"]) echo "| <span class = 'important'>Successfully registered</span>";
                elseif(@
    $_GET["success"]==1) echo "| <span class='important'>Successfully logged in</span>";
            
    ?>
      </td>
     </tr>
     <tr>
      <td>
        Username:
      </td>
      <td>
        <input type="text" id="user" name="user" size="10" maxlength="30" tabindex="1">
      </td>
      <td rowspan="2">
        <input type="submit" value="Login" id="loginbutton">
      </td>
     </tr>
     <tr>
      <td>
        Password:
      </td>
      <td>
        <input type="password" id= "pass" name="pass" maxlength="30" tabindex="2">
      </td>
     </tr>
    </table>
    </form>
    <?php
    }
    ?>

    </div>

    </div>

    <div id="subcontent">
    <div class="small box">
    <?php include('news.html'); ?>
    </div>

    <h2>Menu</h2>
    <ul class="menublock">
      <li><a href="/privacy.php">Privacy</a></li>
      <li><a href="/contact.php">Contact</a><br />
      <li><a href="credits.php">Credits</a></li>
      <?php
        
    if(isset($_SESSION['user'])){
              echo 
    "<li><a href='/members/modUser.php'>My Account</a></li>";
        }
        else{
            echo 
    "<li><a href='/members/'>Login</a></li>";
        }
    ?>
    </ul>

    <h2>Affiliates</h2>

    <ul class="menublock">
      <li><a href="http://www.clubmedia.tk">Club Media</a></li>
      <li><a href="http://www.compisus.tk">Comp Is Us</a></li>
      <li><a href="http://www.google.com">Google</a></li>
      <li><a href="http://www.apache.org">Apache</a></li>
    </ul>

    <div id="searchbar">
      <br /><br />
      <form method="get" action="/cgi-bin/search/search.pl">
       <fieldset>
        <input type="hidden" name="Realm" id="fdse_Realm" value="gvrealm">
        <input maxlength="50" type="text" size="17" class="s" name="Terms" id="fdse_TermsEx" />
        <input id="searchbutton" type="submit" value="Go!" /><br />
        <label for="fdse_TermsEx">Search</label>
       </fieldset>
      </form>
    </div>

    </div>

    <div align="right" id="sess">
    <p>unique session ID: <a href="/session.php?PHPSESSID=<?php echo $SESS?>">
    <?php
    echo $SESS;
    ?></a>
    </p></div>

    <div id="footer">
    <?php
    $time 
    microtime();
    $time explode(" "$time);
    $time $time[1] + $time[0];
    $finish $time;
    $totaltime = ($finish $start);
    $loadtime round($totaltime6);
    ?>

    <p>&copy; 2005-2006 <a href="#">Naynay Klein</a> | Page Loaded In <?php print ($loadtime); ?> Seconds</p>
    </div>

    </div>
    </body>
    </html>
    Any help would be fantastic, thanks,
    Nay

  • #2
    New to the CF scene
    Join Date
    Dec 2005
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I just found out that the problem is that PHP doesn't set a cookie when sessions are started so the site thinks the client has no ID and reassigns one!. How can I get PHP to set that cookie?

  • #3
    New Coder
    Join Date
    Nov 2005
    Posts
    97
    Thanks
    1
    Thanked 0 Times in 0 Posts
    within the php configuration file on your server there are some lines for this, namely:

    session.use_cookies = 1


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •