On Mon, 2007-03-12 at 14:39 -0500, Mike Brandonisio wrote:
> Hi,
>
> They are. The Session Id is stored in a cookie if Cookies are
> available. If not then the session ID is appended to your URL.
>
> Sincerely,
> Mike
> --
> Mike Brandonisio * IT Planning & Support
> Tech One Illustration * Database Applications
> tel (630) 759-9283 * e-Commerce
> [EMAIL PROTECTED] * www.techoneillustration.com
>
> On Mar 12, 2007, at 1:33 PM, Michael Sullivan wrote:
>
> > On Mon, 2007-03-12 at 10:20 -0800, Mike Franks wrote:
> >> Michael -
> >>
> >> You're storing the $directorid in session. Unless you've taken some
> >> extreme measures, session values are stored in cookies. Some users
> >> may
> >> have disabled cookies.
> >>
> >> See: http://us2.php.net/session
> >>
> >> Mike
> >>
> > But I thought session variables were stored on the hard drive of the
> > machine the web server is running on....?
Also, even if the session variables aren't being passed, why is
$directorid set to " "? The logging line there occassionally writes
logs for director_id 0. Also, sometimes a particular director can
successfully log in and sometimes they get director_id 0. That goes for
me too, and I know I have cookies enabled in my browser...
> >> On 3/12/2007, "Michael Sullivan" <[EMAIL PROTECTED]> wrote:
> >>
> >>> First of all, I apologize for cross-posting this, but it is
> somewhat
> >>> urgent. The code I'm pasting below is the login script for my
> >> college's
> >>> Music Festival Web Interface. I say this is urgent because this
> >>> interface is in use as we speak. Thw way it works (or is supposed
> to
> >>> work) is this: A director registers for an account using the
> >>> registerdirector.php script (not included in this message). An
> entry
> >> in
> >>> the Director table of my mysql database is created. The director
> is
> >>> assigned a unique director_id, which identifies their ownership of
> >> all
> >>> data belonging to them. When they log in, a query is sent to the
> >>> database to return all data where email_address == their username.
> >>> Their password is checked against the password in the database.
> >>> Their
> >>> director_id is returned and placed in the $directorid variable.
> The
> >>> problem is that for some reason that I can't figure out,
> sometimes,
> >>> seemingly at random the $directorid variable is blank. It should
> >> never
> >>> be blank, and I can't even come up with a theoretical scenario
> >>> why it
> >>> would be blank. Here's what my Director table looks like:
> >>>
> >>> mysql> describe Director;
> >>> +---------------+-----------------+------+-----+---------
> >>> +----------------+
> >>> | Field | Type | Null | Key | Default | Extra
> >>> |
> >>> +---------------+-----------------+------+-----+---------
> >>> +----------------+
> >>> | director_id | int(5) unsigned | NO | PRI | NULL |
> >>> auto_increment |
> >>> | email_address | varchar(255) | NO | | |
> >>> |
> >>> | password | varchar(255) | NO | | |
> >>> |
> >>> | director_name | varchar(255) | NO | | |
> >>> |
> >>> | phone_number | varchar(17) | NO | | |
> >>> |
> >>> | fax_number | varchar(17) | YES | | NULL |
> >>> |
> >>> | cell_number | varchar(12) | YES | | NULL |
> >>> |
> >>> +---------------+-----------------+------+-----+---------
> >>> +----------------+
> >>> 7 rows in set (0.15 sec)
> >>>
> >>> And here's my code:
> >>>
> >>> <?
> >>> session_start();
> >>>
> >>> require_once("miscfunc.php");
> >>>
> >>> $page = "login.php";
> >>>
> >>> include("dbconnect.php");
> >>> $loginuser = $_POST['user'];
> >>> $loginpass = stripslashes($_POST['passwd']);
> >>>
> >>> $tableName = "Director";
> >>> $query = "SELECT * FROM ".$tableName." WHERE email_address=
> >>> \"$loginuser\";";
> >>> //print "$query<br><br>\n";
> >>> $result = mysql_query($query, $link) or die ("Could not connect to
> >>> the database. ".mysql_error());
> >>> $a_row = mysql_fetch_array($result, MYSQL_ASSOC);
> >>>
> >>> $string = $a_row['password'];
> >>> if ($loginpass == $a_row['password'])
> >>> {
> >>>
> >>> set_var("loggedin", true);
> >>> $emailaddress = $loginuser;
> >>> $loggedin = true;
> >>>
> >>>
> >>> set_var("loggedin", $loggedin);
> >>> set_var("loginuser", $loginuser);
> >>> set_var("emailaddress", $emailaddress);
> >>>
> >>> $directorid = $a_row['director_id'];
> >>>
> >>> if ($directorid == 0 || $directorid = " ")
> >>> {
> >>> //We have a problem
> >>> $message = $message."\nDirectorID = $directorid\n";
> >>> $message = $message."\nLoginUser = $loginuser\n";
> >>> $message = $message."\nPassword = $loginpass\n";
> >>> if (!mail("[EMAIL PROTECTED]", "DirectorID 0", $message))
> >> print
> >>> "There was a problem; Could not send a report of the problem to
> the
> >>> webmaster<br><br>\n";
> >>> }
> >>> set_var("directorid", $directorid);
> >>> $action = "$loginuser logged in.";
> >>> $log = "INSERT INTO Logs (session_id, type, director_id,
> >>> time_stamp, action) VALUES(\"".session_id()."\", \"Login\",
> >>> \"$directorid\", \"".time()."\", \"$action\");";
> >>> mysql_query($log, $link) or die("Could not create log record:
> >>> ".mysql_error());
> >>>
> >>>
> >>>
> >>> include("mainpage.php");
> >>> }
> >>> else
> >>> {
> >>> print "Login incorrect. Do you need to register?";
> >>> include("index.php");
> >>> }
> >>> ?>
> >>>
> >>> Please help. I don't want the directors who participate in our
> >> contest
> >>> to lose faith in our Music Program because of my mistakes...
> >>> -Michael Sullivan-
> >>>
> >>
> >>
> >>
> >>
> >
> >
> >
> > ------------------------ Yahoo! Groups Sponsor --------------------
> > ~-->
> > See what's inside the new Yahoo! Groups email.
> > http://us.click.yahoo.com/0It09A/bOaOAA/yQLSAA/HKFolB/TM
> > ----------------------------------------------------------
> > ~->
> >
> > Community email addresses:
> > Post message: [email protected]
> > Subscribe: [EMAIL PROTECTED]
> > Unsubscribe: [EMAIL PROTECTED]
> > List owner: [EMAIL PROTECTED]
> >
> > Shortcut URL to this page:
> > http://groups.yahoo.com/group/php-list
> > Yahoo! Groups Links
> >
> >
> >
>
>
>
>
>
