Re: [PHP] IsSet() and $_SESSION - BUG?

[John Manko]

Hello everyone.  I was able to determine what was causing my problem 
with session variables not being persitant across page requests.  I want 
to give you the full scope here, so I'm going to paste the code (and if 
you have any code tips, please let me know). 
I think the problem might be this (and I don't know why it should be, 
but maybe you can help):
If you look at file2.php, you will see that ValidAdminLogin() contains 
the "global $_SESSION;" declaration., but that's not the problem.
ValidAdminLogin()  calls a function ResetSessionVariables(), which also 
contains "global $_SESSION;".  When "global $_SESSION;" is present in 
ResetSessionVariables(), it seems as though the $_SESSION variables are 
not being preserved across page requests (notice that 
ResetSessionVariables() is called BEFORE the variables are set with the 
real data, but it's really $_SESSION['uid'] we are concerned with.)
When I remove "global $_SESSION;" from  ResetSessionVariables(), all 
works fine across page request.  Also note that $_SESSION['uid'] is set 
when we return from the file2.php function calls as noted in the "echo" 
command.  So, why would a double global definintion negate $_SESSION?

------------------------------------ file1.php  -------------------------
<?php
session_start();
include "include/DatabaseConnect.php";
include "include/commonphp.php";
DisableClientCaching();
if (!isset($_SESSION['uid'])) {
   if ( !ValidAdminLogin($_POST['adminid'],$_POST['adminpass'])){ 
forceadminlogin(); }   
} elseif ( !ValidAdminSession() ){
   // Not a valid admin session - redirect   
   forceadminlogin();
}   
?>
<html>
<body>
<?php
//We always get a value for this, but it get lost when we leave the page.
echo $_SESSION['uid'];
?>
<br><br><br><br>
<center>
<a href='additem.php'>Add Item</a>
</center>
</body>
</html>
--------------------------------------- file2.php --------------------------
<?php

include "configvars.php";

function ValidAdminSession(){
   global $_SESSION;
   if ( isset($_SESSION['adminlogin']) ){ return 1; }
   else { return 0;}
}
function DisableClientCaching(){
   header("Expires: "  . gmdate("D, d M Y H:i:s") .  " GMT");       // 
Expire now
   header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");  // 
always modified
   header("Cache-Control: no-store, no-cache, must-revalidate");  // 
HTTP/1.1
   header("Cache-Control: post-check=0, pre-check=0", false);    // 
HTTP/1.0
   header("Pragma: no-cache");                                  // HTTP/1.0
}

function ResetSessionVariables(){

   // WHEN I REMOVE THIS LINE, EVERYTHING WORKS FINE
   // global $_SESSION;
 
   $_SESSION['uid'] = session_id();
   $_SESSION['username'] = '';
   $_SESSION['adminlogin'] = False;
   $_SESSION['fname'] = '';
   $_SESSION['lname'] = '';
   $_SESSION['email'] = '';
   $_SESSION['errormesg'] = '';
}

function ValidAdminLogin($user, $pass){

   global $_SESSION;
  
   include "DatabaseConnect.php";
   mysql_connect($DBAddress,$DBUser,$DBPassword);
   @mysql_select_db($DBDatabase) or die("ERROR");
   $query="SELECT * FROM adminuser WHERE user='" . $user ."' AND 
pass='" . md5($pass) . "'";
   $results = mysql_query($query);
   $num = mysql_numrows($results);   

   if ($num != 1){
       $returnvar = false;  // Make sure the user exist, and is only 
one (even though it's a unique SQL field)
   } else {
       ResetSessionVariables();

       $_SESSION['username'] = strtolower(formatformdata($user));
       $_SESSION['adminlogin'] = True;
       $_SESSION['fname'] = mysql_result($results,0,"fname");
       $_SESSION['lname'] = mysql_result($results,0,"lname");
       $_SESSION['email'] = mysql_result($results,0,"email");
       $_SESSION['uid'] = session_id();
       $returnvar = true;
   }
   return $returnvar;
   mysql_close();   
}

function forceadminlogin(){
       ResetSessionVariables();
       header("Location: AdminLogin.php");
}
function formatformdata($mystring){
       return addslashes(rawurldecode(chop($mystring)));   
}
?>



John Manko wrote:

I'm having a problem with the value that isset returns on $_SESSION
variables.  For some reason, even if $_SESSION['uid'] is set, isset
returns FALSE.  Here is the code:
------ file1.php -----------
include "file2.php";
if (!isset($_SESSION["uid"])) {
    // This first time $_SESSION["uid"] is check, we should
    // end up in here.  However, ValidAdminLogin (next test)
    // will set $_SESSION["uid"] so next time we will not
    // get here.   
    if ( !ValidAdminLogin($_POST["adminid"],$_POST["adminpass"]))
        forceadminlogin();

} elseif ( !ValidAdminSession() )
    forceadminlogin();
       

// this is done to show that $_SESSION["uid"] is being set
// but isset still returns false
echo $_SESSION["uid"];
------ file2.php -----------
function ValidAdminLogin($user, $pass){
    
    global $_SESSION;

    if (The_MYSQL_Stuff_Is_NOT_OK)     return false;
    else
    {
         session_start();
      $_SESSION["logged"] = true;
      $_SESSION["username"] = $user;
      $_SESSION["adminlogin"] = true;
      $_SESSION["fname"] = $fname;
      $_SESSION["lname"] = $lname;
      $_SESSION["email"] = $email;
      $_SESSION["uid"] = session_id();
          return true;
    }
    mysql_close();   
           
}






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php