RE: [PHP-DB] losing my session variables
-Original Message- From: Peter Beckman [mailto:beckman;purplecow.com] Sent: 30 October 2002 04:09 To: Seabird Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] losing my session variables Put session_start() somewhere in your code. .. but make sure that somewhere is before you do any real output to your page! $_SESSION isn't set until you start your session. And don't set session variables by $_SESSION[foo] = bar; DO this: $foo = bar; session_register(foo); Much better. No -- this is fraught with problems in current releases of PHP (most, if not all, of which will be fixed in 4.3). Most particularly, the following caution appears at http://www.php.net/manual/en/ref.session.php: If you are using $_SESSION and disable register_globals, do not use session_register(), session_is_registered() and session_unregister(), if your scripts shall work in PHP 4.2 and earlier. Since the default for 4.2.x is register_globals=off, this is a very pertinent warning! Even with register_globals=on, there are other problems which make it best to stick to manipulating the values in $_SESSION directly, rather than using the equivalent global variables. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] losing my session variables
Put session_start() somewhere in your code. $_SESSION isn't set until you start your session. And don't set session variables by $_SESSION[foo] = bar; DO this: $foo = bar; session_register(foo); Much better. However, if anyone can correct me, go for it. I just believe that setting global variables that the system controls and writes is a bad idea unless you use the functions that you should. Get out of the habit of SETTING variables using $_POST or $_SESSION or $GLOBALS. DO get in the habit of setting globals by just setting your variables correctly in the right scope. Peter On Tue, 29 Oct 2002, Seabird wrote: Hi everyone, I use a login-script, but for some reason I keep losing my $_SESSION variables. Can Anyone tell me why? Here's my login script: ?php if(isset($_POST['submit'])) { // if form has been submitted /* check they filled in what they were supposed to and authenticate */ if(!$_POST['uname'] | !$_POST['passwd']) { print 'form action=index.php method=post div align=left input class=test name=uname type=text size=8 maxlength=8 input class=test type=password size=8 maxlength=8 name=passwd input name=submit type=submit value=Login br span class=welcomeplease fill in the required fields./span/div /form '; } // authenticate. if(!get_magic_quotes_gpc()) { $_POST['uname'] = addslashes($_POST['uname']); } $check = $db_object-query(SELECT username, password FROM users WHERE username = '.$_POST['uname'].'); if(DB::isError($check)) { print 'form action=index.php method=post div align=left input class=test name=uname type=text size=8 maxlength=8 input class=test type=password size=8 maxlength=8 name=passwd input name=submit type=submit value=Login br span class=welcomeusername doesn\'t exist./span a class=header href=javascript:loadPage(\'mainlayer\',null,\'login/signup.php\')sign up here/a/div /form '; } $info = $check-fetchRow(); // check passwords match $_POST['passwd'] = stripslashes($_POST['passwd']); $info['password'] = stripslashes($info['password']); $_POST['passwd'] = md5($_POST['passwd']); if($_POST['passwd'] != $info['password']) { print 'form action=index.php method=post div align=left input class=test name=uname type=text size=8 maxlength=8 input class=test type=password size=8 maxlength=8 name=passwd input name=submit type=submit value=Login br span class=welcomewrong password, try again/span/div /form '; } // if we get here username and password are correct, register session variables and set // last login time. $date = date('m d, Y'); $update_login = $db_object-query(UPDATE users SET last_login = '$date' WHERE username = '.$_POST['uname'].'); $_POST['uname'] = stripslashes($_POST['uname']); $_SESSION['username'] = $_POST['uname']; $_SESSION['password'] = $_POST['passwd']; $db_object-disconnect(); ? span class=welcomeWelcome a class=header href=javascript:loadPage('mainlayer',null,'users/edit.php?user=?=$_SESSION ['username']?')font color=white?=$_SESSION['username']?/font/abra class=header href=login/logout.phpLogout/a /span ?php } else { // if form hasn't been submitted ? form action=?=$HTTP_SERVER_VARS['PHP_SELF']? method=post div align=left input class=test name=uname type=text size=8 maxlength=8 input class=test type=password size=8 maxlength=8 name=passwd input name=submit type=submit value=Login br a class=header href=javascript:loadPage('mainlayer',null,'login/signup.php')sign up here/a /div /form ?php } ? -- http://seabird.jmtech.ca Attitude is Everything! But Remember, Attitudes are Contagious! Is Yours worth Catching -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --- Peter BeckmanSystems Engineer, Fairfax Cable Access Corporation [EMAIL PROTECTED] http://www.purplecow.com/ --- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php