Re: session problem - login screen continually reloads after pressing the login button
From: Matthias Esken (muelleimer2003nospam_at_usenetverwaltung.org)
Date: 11/24/03
- Next message: John C: "Re: Hide email from spammers"
- Previous message: Jochen Daum: "Re: HOWTO: FreeTDS for Newbies (almost complete)"
- In reply to: Chip: "session problem - login screen continually reloads after pressing the login button"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 24 Nov 2003 21:24:08 +0100
Chip <carvin5string@yahoo.com> schrieb:
> I am trying to get sessions to work on a log in screen to give certain
> users access to certain pages/directories. The problem is that when
> the login button is pushed (or the enter key pressed) the login screen
> redraws, never loading the next page. I don't get any error messages.
> I am using FreeBSD-5.1/Apache-2.0.46/MySQL-4.1.0.1/PHP-4.4.3.4
And you're using code from the times of PHP 4.0.x.
> <?
Don't use short tags. The are not portable. Use <?php.
> session_start();
Seems OK. :-)
> session_register("userid","password");
That's not good. In fact it is bad style. Read the documentation at
http://www.php.net/manual/en/function.session-register.php.
> if ($submit)
You rely on register_globals=on. Since PHP 4.2.0, the default value for
register_globals is off.
> This is at the top of all pages, before any html tags -
> -------------
> <?
> session_start();
> if(!isset($userid)) {
> header('Location: http://xxx.xxx.xxx.xx/auth_dealers/login2.php');
> exit;
> }
> ?>
Ouch. What is $userid? You might believe that it contains a variable
from your session. If register_globals is off, then it doesn't and PHP
will always send you back to login2.php. You'll find the value in
$_SESSION['userid'] instead. If register_globals is on, then it _might_
contain the id from the session. On the other hand it could be a clever
intruder who just calls your page with page.php?userid=42. So, don't
work with activated register_globals.
This leaves you with some work to do. Check the setting of
register_globals in the php.ini. If it's on, then switch it off. With
activated register_globals you have to work hard to make your code
secure. With deactivated register_globals you have to work to make it
insecure.
To find errors from uninitialized variables set the error_reporting to
E_ALL, so that you get all notices and warnings during the development
of your code.
Write data to a session with:
$_SESSION['example'] = $value;
Access data in a session with:
echo ($_SESSION['example']);
Access data from a form with:
$_POST['username']
or
$_GET['username']
according to your posting method.
Check http://www.php.net/manual/en/language.variables.predefined.php for
details about these "superglobals".
Regards,
Matthias
- Next message: John C: "Re: Hide email from spammers"
- Previous message: Jochen Daum: "Re: HOWTO: FreeTDS for Newbies (almost complete)"
- In reply to: Chip: "session problem - login screen continually reloads after pressing the login button"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
