Forum Moderators: coopster
The code for the index is :
<?php
session_start();
echo 'SID '.session_id();
include 'boardroom/db_conn.php';
include '/var/www/html/functions/security.php';
if ($_GET['logout']=='1')
{
$_SESSION = array();
session_destroy();
}
if (isset($_POST['email']) && isset($_POST['password']))
{
$email = makeSafe($_POST['email']);
$password = makeSafe($_POST['password']);
if ((strlen($email)>1) && (strlen($password)>1))
{
// if the user has just tried to log in
$password = sha1($password);
$login = "SELECT email,name FROM users WHERE email='".$email."' AND password='".$password."'";
$lq = mysql_query($login) or die("Query $login Failed".mysql_error());
$lr = mysql_fetch_assoc($lq);
if (mysql_num_rows($lq) >0)
{
$_SESSION['email'] = $email;
$_SESSION['name'] = $lr['name'];
}
}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<h3></h3>
<br />
<?php if(isset($_SESSION['email']))
{
echo 'Welcome to football '.$_SESSION['name'].'.';
echo '<br />';
echo '<p><a href="index.php?logout=1">Logout</a></p>';
echo '<p><a href="predictions.php">Your Predictions</a></p>';
}
else
{
if ($_GET['message']=='thankyou')
{
echo '<p>Thank you for registering for football, you will receive an email with a reminder of your login information.</p>';
$loginText = 'P';
}
else
{
$loginText = 'If you are already registered with us p';
?>
<a href="register.php" />New User? Click to Register</a>
<br /><br />
<?php
}
?>
<form method="post" action="index.php">
<table>
<tr>
<td colspan="2">
<?php echo $loginText; ?>lease login using the form below.
</td>
</tr>
<tr>
<td>Username</td>
<td><input type="text" name="email" id="email"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" id="password">
</tr>
<tr>
<td></td>
<td><input type="submit" name="login" id="login" value="Login"></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
The link to predictions should allow you to stay logged in but doesn't, also if click on the url bar in the browser and hit enter it logs me out also.
predictions.php
<?php
session_start();
echo 'SID '.session_id();
print_r($_SESSION);
if (isset($_SESSION['email']))
{
echo 'Logged in as '.$_SESSION['name'];
}
else
{
echo 'Not logged in';
}
?>
Any help much appreciated, it's probably something simple i'm missing.
First, the data must be available in a session store. Second, PHP must be able to open the correct session store.
The php.ini settings session.gc_maxlifetime, session.gc_probability and session.gc_divisor control how long the session store is allowed to exist on the filesystem of the server. gc_probability and gc_divisor are the numerator and denominator of a fraction. If PHP generates a random number between 0 and 1 and that number is smaller than the fraction gc_probability over gc_divisor, PHP's session garbage collection takes place. When it does take place, all session stores older in seconds than session.gc_maxlifetime are deleted.
The second requirement, PHP's being able to find the correct session store, is dependent on the user's browser sending a session ID back to the server. If you are passing the ID on the URL, there are no php.ini settings to worry about. If you are passing the ID in a cookie (the default), then session.cookie_lifetime comes into play. This sets the length of time, in seconds, that a session cookie is supposed to exist in the browser.
If your sessions are not lasting as long as they should, you must debug two things: is the session store still there, and is the session ID being sent.
The id is still there but i'm not sure it's sending the right one.
Try www.oyyy.co.uk/football and login with test@test.com and testtest. :)
If you login and then click predictions you'll see it's not detecting the session variable and the session id it outputs has changed from the previous page.
[Session]
; Handler used to store/retrieve data.
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_path = /var/lib/php/session
; Whether to use cookies.
session.use_cookies = 1
; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID
; Initialize session on request startup.
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0
; The path for which the cookie is valid.
session.cookie_path = /
; The domain for which the cookie is valid.
session.cookie_domain =
; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php
; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.
session.gc_probability = 1
session.gc_divisor = 1000
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.
session.bug_compat_42 = 0
session.bug_compat_warn = 1
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =
; How many bytes to read from the file.
session.entropy_length = 0
; Specified here to create the session id.
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public,} to determine HTTP caching aspects.
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache
; Document expires after n minutes.
session.cache_expire = 180
; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0
; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
For some reason when you click page info under tools it was set to block cookies for the site under permissions. :)
