Major PHP Session Problems HELP

Ziycon · 04-01-2007 6:34am #1

I've spent hours on this problem trying to figure out have to keep a session id across multiple pages, i've tried everything but when a user posts a comment, it stores the session ID and wont let the user post again by checking there current session ID!

Problem is when the user posts a comment, the session ID is stored but the user can post as many times as they want as the session ID changes everytime they post their comment!

Basicly need to know how to keep a session ID across mutliple pages that will stay until they close the browser!?????

Ph3n0m · 04-01-2007 11:03am

Make sure that the first line of each subsequent page, after you create the session id/etc has the following line

session_start();

That way you can consistently refer to the already stored session, without having to create a new one.

I also include this immediately after the session_start

if (!session_is_registered('sessUserID')){
 $_SESSION = array();
session_unset();
session_destroy(); 
header("Location:index.html");
}

basically if a specific item is not in the session, they are thrown out of the system

Ziycon · 04-01-2007 4:12pm

Nice one man, i'll try this and see if it works!

Ziycon · 04-01-2007 6:40pm

if (!session_is_registered('sessUserID')){
 $_SESSION = array();
session_unset();
session_destroy(); 
header("Location:index.html");
}

This code just send the user to the index page all the time! do i hav 2 register the session??

Ziycon · 04-01-2007 7:49pm

Got your code working, the session id changes everytime a user posts a comment and its saved to the DB! The user is brought back to the previous page with a meta refresh tag!
I have tried everything and just cant figure out why the session ID is changing after a comment is changed!??!
Its the same browser open the whole time!?!

Adam · 05-01-2007 1:10am

Post the code of the comment processing page.

Ziycon · 05-01-2007 1:35am

This code calls a method and passes all the information through:

$validate = check_session(session_id(),$id_num);
if($validate == false)
{
   rating_update_cl($id_num,$club_vote,$v_cl);
   add_sess_id(session_id(),$id_num,$ip);
   echo'
   <h3>Registering your vote.</h3>
   <h4>Your IP has been logged: <font color="#FF0000">';echo $ip;echo'</font></h4>
   You will be redirected to the page you where viewing in 3 seconds.';
}
   elseif($validate == true)
{
echo'Error processing.';
}

These methods are called above:

function check_session($c,$club)
{
    $valid = false;
    $result = mysql_query("SELECT sess_id,club FROM sess_id WHERE sess_id='".$c."' AND club='".$club."' LIMIT 1");  
    while ($row = mysql_fetch_object( $result )) 
	{
       //Entry already exists
       $valid = true;
    }
    return $valid;
}

function rating_update_cl($c,$value,$v)
{
	$v1 = rating_cl_internal($c);
	$v1 = $v1 + $value;
	mysql_query("UPDATE cl SET vote=".$v1." WHERE id=".$c."");
	$v2 = $v + 1;
	mysql_query("UPDATE cl SET voters=".$v2." WHERE id=".$c."");
	$average = av_rating_cl($c) / av_voters_cl($c);
	mysql_query("UPDATE cl SET vote_average = ".$average." WHERE id=".$c."");
}

function add_sess_id($c,$club,$ip)
{
	mysql_query("INSERT INTO sess_id (sess_id,date,club,rest,ip) VALUES ('".$c."','".date("Y-m-d")."','".$club."',0,'".$ip."')");
}

Adam · 05-01-2007 1:53am

If I'm not mistaken, in the check_session function, $value is false the whole time, because $value is only true if it exists WITHIN the while() function. As in

[php]
<?php

while(criteria goes here)
{
//$value is only true in here if the sql returned a value, but even if it returned a value
}
//its still false here i.e. outside the while() function

?>
[/php]

I may be wrong though...

Webmonkey · 05-01-2007 2:10am

Mirror wrote:

If I'm not mistaken, in the check_session function, $value is false the whole time, because $value is only true if it exists WITHIN the while() function. As in

[php]
<?php

while(criteria goes here)
{
//$value is only true in here if the sql returned a value, but even if it returned a value
}
//its still false here i.e. outside the while() function

?>
[/php]

I may be wrong though...

Nope, if value gets changed to true inside the while loop it will remain true outside. Don't think while loops are included in scope rules.

Webmonkey · 05-01-2007 2:19am

This is how i would handle sessions anyways. This way requires cookies to be enabled on client side though as far as i know a simple change will allow a SESSID variable to be passed to every link.

Anyways i dont' think using the database is a good way to keep track of sessions as its a bit time consuming.

On every page i restrict access to, IE require person logged in i would have this code:

[php]
<?
// check login
session_start();
if (!isset($HTTP_SESSION_VARS)) {
require("./login.php");
}
?>
[/php]

And then the login page code would simply look like this:

[php]
<?
//include db connection functions here too
session_start();

if (isset($_POST) && isset($_POST))
{
$username = $_POST;
$password = $_POST;
$password = md5($password);

$query = "select * from users where loginid = '$username' and pass = '$password'";

$result = mysql_query($query);
$row = mysql_fetch_array($result);
$num = mysql_num_rows($result);

if (num > 0)
{

$HTTP_SESSION_VARS = $username;
$HTTP_SESSION_VARS = $row;

}
}

?>

//rest of page:
<div>
<? if (isset($HTTP_SESSION_VARS)) { $valid_user = $HTTP_SESSION_VARS; print ("Logged In As: $valid_user"); } else { print 'Not Logged In'; } ?> <strong></strong> </div>

<? if (isset($HTTP_SESSION_VARS)) { print ("Logged In"); } else { print 'Login Error'; } ?>

</div>
<? if (isset($HTTP_SESSION_VARS)) {
print ' <div id="content">
<div class="feature">
<h3>Sucessfully Logged In</h3>
<p>
We will now forward you to the control panel</p>
</div>
</div> ';
} else {
?>
<div id="content">
<div class="feature">
<h3>Please Login</h3>
<p>
<?=$message?>
Please login with your username and password </p>
<form name="form1" method="post" action="<?=$PHP_SELF;?>">
<strong>Username:</strong>
<input name="username" type="text" id="username">
<strong><br>
Password:&nbsp</strong>
<input name="password" type="password" id="password">
<br>
<br>
<input type="submit" name="Submit" value="Login">
<input name="login" type="hidden" id="login" value="yes">
</form>
<? } ?>
</div>
</div>
<div id="siteInfo">
<div align="left"></div>
</div>
</div>

[/php]

Don't know if this is any help or not. But basically the table has a userid,password field.

User passwords is md5 encoded for security.

Don't know if that any help or not.

Webmonkey

Ziycon · 05-01-2007 2:29am

If I'm not mistaken, in the check_session function, $value is false the whole time, because $value is only true if it exists WITHIN the while() function. As in

All the functions and all work fine! Its that the session id keeps changing for some reason even though the same window is open!

i dont want people to have to log in!

Webmonkey · 05-01-2007 2:34am

Ok my post up above won't do much good for you, ill look at your code more closely. If the sessions are changing all the time that must mean that validate() is returning false all the time

Ziycon · 05-01-2007 2:42am

The session id stays the same on every page of the site but as soon as a user submits something, after the user is returned to the previous page with a meta tag then the id is different!

Webmonkey · 05-01-2007 2:48am

I don't know how how exactly you handle after the submit but could you try a header(location: ); thing instead of the meta refresh?

Ziycon · 05-01-2007 3:06am

the header(location: ) things has seemed to workin now,
Go here and see if it only lets you vote each one once if you can http://www.dublinnites.ic/clubs.php???

Webmonkey · 05-01-2007 3:20am

I managed to vote 3 times there for one club so hmm doesn't look like it working!

Maybe if you print out the values of each variables in the webpage just to see what happening. For example check if validate will always be false?

Ziycon · 05-01-2007 3:25am

From what i can see in the table it says that you only voted once!

Can you try this, go here http://www.dublinnites.com/clubs.php
then go to the cats club, its got no user votes, now click rate me 3 times and see if the votes changes!??

Webmonkey · 05-01-2007 3:29am

Ah yes its working! See i expected to see an error if i voted the second time but obviously you got nothing saying that at the moment.

Looks like it works!

Ziycon · 05-01-2007 3:31am

Thanks so much man, you have no idea how stressed i was getting trying to fix that problem, also i will be adding a message saying thank you for your vote or i'll hide the rating bar or something whne you have voted!

Thanks again.

Webmonkey · 05-01-2007 3:34am

No probs. Glad i was of some help!

Just bare in mind you can't output anything before using the headers in php so you are going to have to build the message into the page you go back to sayin thank you for your vote or what ever.

Ne ways best of luck in it.

Ziycon · 05-01-2007 4:39am

Ok, seems to be all working fine, last thing i sweer!

This is the header tag i have:

header("Location: cl_desc.php?".$_SERVER['QUERY_STRING']);

When it goes back to the previous page this is what i get:

cl_desc.php?id=%3C?php%20echo%20$id_num;%20?%3E&v=%3C?php%20echo%20$v_cl;%20?%3E

What it should be is(doesn't have to be 11, its ment to be what ever id number was passed to the page with the header tag:

cl_desc.php?id=11

Adam · 05-01-2007 5:08am

You've closed a php tag early I would guess, or missed an " or ' or some such...

Ziycon · 05-01-2007 5:48am

Mirror wrote:

You've closed a php tag early I would guess, or missed an " or ' or some such...

Yup, got it, stupid error with an echo statement. Thanks.

Adam · 05-01-2007 6:56am

No problemo!

[CrimsonGhost] · 05-01-2007 3:40pm

You can always use urldecode() to make all those %xx values appear as whatever character they represent.

Major PHP Session Problems HELP

Comments