RE: [PHP-DB] losing my session variables
-Original Message- From: Peter Beckman [mailto:beckman;purplecow.com] Sent: 30 October 2002 04:09 To: Seabird Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] losing my session variables Put session_start() somewhere in your code. .. but make sure that somewhere is before you do any real output to your page! $_SESSION isn't set until you start your session. And don't set session variables by $_SESSION[foo] = bar; DO this: $foo = bar; session_register(foo); Much better. No -- this is fraught with problems in current releases of PHP (most, if not all, of which will be fixed in 4.3). Most particularly, the following caution appears at http://www.php.net/manual/en/ref.session.php: If you are using $_SESSION and disable register_globals, do not use session_register(), session_is_registered() and session_unregister(), if your scripts shall work in PHP 4.2 and earlier. Since the default for 4.2.x is register_globals=off, this is a very pertinent warning! Even with register_globals=on, there are other problems which make it best to stick to manipulating the values in $_SESSION directly, rather than using the equivalent global variables. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] losing my session variables
Put session_start() somewhere in your code.
$_SESSION isn't set until you start your session.
And don't set session variables by $_SESSION[foo] = bar;
DO this:
$foo = bar;
session_register(foo);
Much better.
However, if anyone can correct me, go for it. I just believe that setting
global variables that the system controls and writes is a bad idea unless
you use the functions that you should.
Get out of the habit of SETTING variables using $_POST or $_SESSION or
$GLOBALS. DO get in the habit of setting globals by just setting your
variables correctly in the right scope.
Peter
On Tue, 29 Oct 2002, Seabird wrote:
Hi everyone,
I use a login-script, but for some reason I keep losing my $_SESSION
variables. Can Anyone tell me why?
Here's my login script:
?php
if(isset($_POST['submit'])) { // if form has been submitted
/* check they filled in what they were supposed to and authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
print 'form action=index.php method=post
div align=left
input class=test name=uname type=text size=8
maxlength=8
input class=test type=password size=8 maxlength=8
name=passwd
input name=submit type=submit value=Login
br
span class=welcomeplease fill in the required
fields./span/div
/form
';
}
// authenticate.
if(!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}
$check = $db_object-query(SELECT username, password FROM users WHERE
username = '.$_POST['uname'].');
if(DB::isError($check)) {
print 'form action=index.php method=post
div align=left
input class=test name=uname type=text size=8
maxlength=8
input class=test type=password size=8 maxlength=8
name=passwd
input name=submit type=submit value=Login
br
span class=welcomeusername doesn\'t exist./span a
class=header
href=javascript:loadPage(\'mainlayer\',null,\'login/signup.php\')sign up
here/a/div
/form
';
}
$info = $check-fetchRow();
// check passwords match
$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']);
if($_POST['passwd'] != $info['password']) {
print 'form action=index.php method=post
div align=left
input class=test name=uname type=text size=8
maxlength=8
input class=test type=password size=8 maxlength=8
name=passwd
input name=submit type=submit value=Login
br
span class=welcomewrong password, try again/span/div
/form
';
}
// if we get here username and password are correct, register session
variables and set
// last login time.
$date = date('m d, Y');
$update_login = $db_object-query(UPDATE users SET last_login = '$date'
WHERE username = '.$_POST['uname'].');
$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['username'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];
$db_object-disconnect();
?
span class=welcomeWelcome a class=header
href=javascript:loadPage('mainlayer',null,'users/edit.php?user=?=$_SESSION
['username']?')font
color=white?=$_SESSION['username']?/font/abra class=header
href=login/logout.phpLogout/a
/span
?php
}
else { // if form hasn't been submitted
?
form action=?=$HTTP_SERVER_VARS['PHP_SELF']? method=post
div align=left
input class=test name=uname type=text size=8
maxlength=8
input class=test type=password size=8 maxlength=8
name=passwd
input name=submit type=submit value=Login
br
a class=header
href=javascript:loadPage('mainlayer',null,'login/signup.php')sign up
here/a /div
/form
?php
}
?
--
http://seabird.jmtech.ca
Attitude is Everything!
But Remember, Attitudes are Contagious!
Is Yours worth Catching
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---
Peter BeckmanSystems Engineer, Fairfax Cable Access Corporation
[EMAIL PROTECTED] http://www.purplecow.com/
---
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
