kjustice Posted February 22, 2012 Share Posted February 22, 2012 I am having trouble getting my scripts to work when it coes to sessions without cookies. I have amended the login.php script as per the book and then amended the remaining scripts header.html, loggedin.php and logout.php as described in the book but find when entering a valid email address and password I am returned straight to the index.php page. Please can you assist me in understanding what I am doing wrong, I have been trying to work through it and resolve it my self for the last 2 days. I have MySQL Server 5.5, php 5.3.6 and Windows 7 Home 64bit running on my own computer using the localhost server. Please find attached my scripts. Login.php <?php # Script 9.16 - login.php // Send nothing to the browser before session_start() line! // Check if the form has been submitted. if (isset($_POST['submitted'])) { require_once ('../secure/mysql_connect.php'); // Connect to the db. $errors = array(); // Initialise error array. // Check for an email address. if (empty($_POST['email'])) { $errors[] = 'You forgot to enter an email address.'; } else { $e = escape_data($_POST['email']); } // Check for a password. if (empty($_POST['password'])) { $errors[] = 'You forgot to enter a password.'; } else { $p = escape_data($_POST['password']); } if (empty($errors)) { // If everything is OK. /* Retrieve the user_id and first name for the email/password combination */ $query = "SELECT user_id, first_name FROM users WHERE email='$e' AND password=SHA('$p')"; $result = @mysql_query($query); // Run the query. $row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable. if ($row) { // A record was pulled from the database. // Set the session data and redirect. session_name ('YourVisitID'); ini_set('session.use_cookies', 0); // Don't use cookies. session_start(); $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[1]; // Redirect the user to the loggedin.php page. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) { $url = substr($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/loggedin.php?' . SID; // Add the session name & ID. header("Location: $url"); exit(); // Quit the script. } else { // No record matched the query. $errors[] = 'The email address and password entered do not match those on file.'; // Public message. $errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message. } } // End of if(empty($errors)) if. mysql_close(); // Close the database connection. } else { // Form has not been submitted. $errors = NULL; } // End of main submit conditional. // Begin the page now. $page_title = 'Login'; include('./includes/header.html'); if (!empty($errors)) { // Print any error messages. echo '<h1 id="mainhead">Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo "- $msg<br />\n"; } echo '</p><p>Please try again.</p>'; } // Create the form. ?> <h2>Login</h2> <form action="login.php" method="post"> <p>Email Address: <input type="text" name="email" size="20" maxlenght="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></p> <p>Password: <input type="password" name="password" size="20" maxlength="20"/></p> <p><input type="submit" name="submit" value="Login"/></p> <p><input type="hidden" name="submitted" value="TRUE"/> </form> <?php include ('./includes/footer.html'); ?> Header.html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR...ransitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title><?php echo $page_title; ?></title> <style type="text/css" media ="all">@import "./includes/layout.css";</style> </head> <body> <div id="wrapper"><!-- Goes with the CSS layout. --> <div id="content"><!-- Goes with the CSS layout. --> <div id="nav"><!-- Links section --> <h3>Menu</h3> <ul> <li class="navtop"><a href="index.php?<?php SID; ?>" title="Go to Home Page">Home</a></li> <li><a href="register.php" title="Register?<?php SID; ?>">Register</a></li> <li><?php // Create a login/logout link. if ((isset($_SESSION['user_id'])) && (!strpos($_SERVER['PHP_SELF'], 'logout.php'))) { echo '<a href="logout.php?<?php SID; ?>" title="Logout">Logout</a>'; } else { echo '<a href="login.php?<?php SID; ?>" title="Login">Login</a>'; } ?></li> </ul> </div> <!-- Script 9.8 - header.html --> <!-- Start of page specific content --> Loggedin.php <?php # Script 9.17 - loggedin.php # User is redirected here from login.php. session_name ('YourVisitID'); ini_set('session.use_cookies', 0); session_start(); // Start the session. // If no session value is present redirect the user. if(!isset($_SESSION['user_id'])) { // Start defining the url. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) =='\\')) { $url = substr($urll, 0, -1); // Chop off the slash. } $url .= '/index.php'; // Add the page. header ("Location: $url"); exit(); // Quit the script. } // Set the page title and include the HTML header. $page_title = 'Logged In!'; include ('./includes/header.html'); // Print a customised message. echo "<h1>Logged In!</h1> <p>You are now logged in, {$_SESSION['first_name']}!</p> <p><br /><br /></p>"; include ('./includes/footer.html'); ?> logout.php <?php # Script 9.18 - logout.php // This page lets the user log out. session_name('YourVisitID'); ini_set('session.use_cookies', 0); session_start(); // Access the existing session. // If no cookie is present, redirect the user. if(!isset($_SESSION['user_id'])) { //Start defining the url. $url = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) { $url = substr($url, 0, -1); // Chop of the slash. } $url .= '/index.php'; // Add the page. header("Location, $url"); exit(); } else { // Cancell the session. $_SESSION = array(); // Destroy the variables. session_destroy(); // Destroy the session itself. } // Set the page title and include the HTML header. $page_title = 'Logged Out!'; include ('./includes/header.html'); // Print a customised message. echo "<h1>Logged Out!</h1> <p>You are now logged out!</p> <p><br /><br /></p>"; include ('./includes/footer.html'); ?> Link to comment Share on other sites More sharing options...
Larry Posted February 22, 2012 Share Posted February 22, 2012 You should start by confirming the value of SID. Use exit() to terminate a script prior to it redirecting, so that you can see what's going on. 1 Link to comment Share on other sites More sharing options...
kjustice Posted February 24, 2012 Author Share Posted February 24, 2012 I found another session variable session.use_only_cookies once I set this to off as well as session.use_cookies my sessions worked fine. Thank you for your direction and I woul also like to note that I am loving the book. Link to comment Share on other sites More sharing options...
Larry Posted February 25, 2012 Share Posted February 25, 2012 Kudos for figuring it out and thanks for posting the solution. Thanks, too, for the nice words on the book! Link to comment Share on other sites More sharing options...
Recommended Posts