homepage Welcome to WebmasterWorld Guest from 54.242.126.126
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
login script error
Mr_Cat

5+ Year Member



 
Msg#: 4419546 posted 2:28 pm on Feb 20, 2012 (gmt 0)

Hi folks,

I recieved an error report from a friend of mine the other day, nobody else testing my site has had this, so I've no idea why.

Here's my 'verify' that lives on the top of every page in the site.


// let's call the database connection

include ($_SERVER['DOCUMENT_ROOT'] . "/db_code/db_connect.php");

$document = $_SERVER['PHP_SELF'];
$host = $_SERVER['HTTP_HOST'];
$querystring = '?'.$_SERVER['QUERY_STRING'];
$fullpath = $host.$document.$querystring;

session_start();

$user_check = $_SESSION['login_user'];
$_SESSION['referer'] = $fullpath;

$ses_query = mysql_query("SELECT member_name, member_ID, member_email FROM members WHERE member_name = '$user_check' ");

$row = mysql_fetch_array($ses_query);

$member_name = $row['member_name'];
$member_ID = $row['member_ID'];
$member_email = $row['member_email'];

if(!isset($member_name))
{
header("Location: http://www.site.com/login/login.php");
}


then there's 'Login' page;


include ($_SERVER['DOCUMENT_ROOT'] . "/db_code/db_connect.php");

session_start();

if($_SERVER["REQUEST_METHOD"] == "POST"){

// username and password sent from Form

$myusername = addslashes($_POST['username']);
$mypassword = addslashes($_POST['password']);

$query = "SELECT member_ID FROM members WHERE member_name = '$myusername' and member_pw = '$mypassword'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);

// $active = $row['active'];
$count = mysql_num_rows($result);
$member_ID = $row['member_ID'];

// if login is good, update the members_log table

$update_memlog = "UPDATE members_log";
$update_memlog.= " SET log_logintime = NOW(), log_activecheck = NOW(), log_isonline = 'y'";
$update_memlog.= " WHERE log_mem_ID = '$member_ID'";

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
session_register("myusername");
$_SESSION['login_user'] = $myusername;

mysql_query($update_memlog);


// Sending them to index.php is rubbish. Chances are they came here from an email link, let's put them where they want to be
header("location: http://".$_SESSION['referer']);


} // end if
else{

$error = "Your Login Name or Password is invalid";
} // end else
} // end if



then there's 'log out' which runs this script;


include ($_SERVER['DOCUMENT_ROOT'] . "/login/verify.php"); // this sets up $member_name and $member_ID

// Ther're leaving, update their last online time

$update = "UPDATE members_log";
$update.= " SET log_lastonline = log_activecheck,";
$update.= " log_isonline = 'n'";
$update.= " WHERE log_mem_ID = '$member_ID'";
mysql_query($update);

// LOG OUT

session_start();

if(session_destroy())
{
header("Location: login.php");
}


As said, this seems to work for most people but a new tester emailed me to say this;

"When I try to log off it takes me to log in and when I fill it in it says

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

"

Obviously being taken to login is fine and I just need to add a new page saying you've been logged off, well done or whatever :) but I don't understand that error or why it occurs just for that one user?

Has it got anything to do with my $_SERVER document root wich I use to find the files properly from any page in the site, or perhaps somethng else...My only other thought so far s that it's to do with my 'referer' method of sending them back to a certain page and the way in which I've implimented it.

Any thoughts very much appreciated,
Cheers

 

penders

WebmasterWorld Senior Member penders us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4419546 posted 3:02 pm on Feb 20, 2012 (gmt 0)

session_register("myusername");


What is your intention with this statement? This looks superfluous to me. This requires register_globals and is in fact deprecated in PHP 5.3

Why this user and no one else? Since this is a server-side message then I would have to assume that no one has tried the exact same steps that this user has tried.... logging in again as soon as the user has logged out. I'm guessing that the session has not been completely reset.

Mr_Cat

5+ Year Member



 
Msg#: 4419546 posted 4:09 pm on Feb 20, 2012 (gmt 0)

Well, this script is the only bit I've not coded myself! grrr, and is causing me all the problems. When i try the same steps in I.E. I get a message saying 'connection problem' and a 'connection disgnosis' link. I guess it's just not a very common step of logic for people to take so nobody's reported it.

I'm still learning about sessions and have no idea what session register does :s

You're saying I should just remove it. I can see I need to study sessions more!

Having removed that line I still get the same connection error and the url in the address bar reads 'login.php' so I'm wondering if the $_SESSION['refer'] is causing me problems but I can't see how that could be.

Could it be as the logout script kills the session it removes my previously set up 'referer', that makes almost perfect sense really.

Thanks again

penders

WebmasterWorld Senior Member penders us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4419546 posted 4:44 pm on Feb 20, 2012 (gmt 0)

header("Location: login.php");


This should also be an absolute URL to login.php, as you have done in the other redirects. This is actually something that can cause differences in different browsers.

penders

WebmasterWorld Senior Member penders us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4419546 posted 7:00 pm on Feb 20, 2012 (gmt 0)

Could it be as the logout script kills the session it removes my previously set up 'referer'


That's quite probable. Depending on your script you don't necessarily have to destroy the session in order to log a user out. Simply deleting the specific vars that authenticate the user could be sufficient?

I'm still learning about sessions and have no idea what session register does :s


The PHP manual is your friend ;) .... session_register() [uk.php.net]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved