I recently created a login script using PHP sessions to keep track of a user if they provide the correct username and login, and it worked beautifully on another server with PHP 4.3.10. I moved it to totalchoicehosting and it stopped working all of a sudden. Seems to check the database and verify the user fine, but when it moves to the next page it loses the session variable data. Can anyone please help me figure this out? Not gonna be able to use total choice if I can't login and admin the sites. Thanks very much.<!--content-->
Welcome to the forums gaston9x19 <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><br /><br />Sorry, not familiar enough to help you with your PHP problem but others will be along to offer you some assistance.<!--content-->
We are not running PHP 4.3.10, there were several security flaws in that version and hence we at once upgraded to 4.3.11<br /><br />That is most likley your issue.<!--content-->
Welcome to the forums, gaston9x19! <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/thumbup1.gif" style="vertical-align:middle" emoid=":thumbup1:" border="0" alt="thumbup1.gif" /><!--content-->
Welcome to the forums! I would echo HeadGuru's suggestion. That sounds like the most likely culprit. Is there something in your script that requires the older version?<!--content-->
Welcome to the forum, gaston9x19. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Welcome to the forums, Gaston! <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/cool.gif" style="vertical-align:middle" emoid="B)" border="0" alt="cool.gif" /><br /><br />Not wanting to bash Bill's opinion but I'd find it really strange if a minor version upgrade would break session management in PHP. Well, unless you're using some weird session scheme...<br /><br />If you can post your code here perhaps I can help. Otherwise, we will only be guessing.<br /><br /><!--coloro:green--><span style="color:green"><!--/coloro-->Edit: <a href="http://www.totalchoicehosting.com/forums/index.php?showtopic=18781#entry124909" target="_blank">Please read my post below</a>.<!--colorc--></span><!--/colorc--><!--content-->
Welcome to the forum, gaston9x19 <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/biggrin.gif" style="vertical-align:middle" emoid="" border="0" alt="biggrin.gif" /><!--content-->
lol wow, thanks guys I don't know, the slight version difference seems the first thing you'd try looking at. I figured out how sessions work from the PHP website though, and they have stuff for 5.0. <br /><br />Basically, there are two scripts: The login script itself, and a check_login script that seems to failing to pass the session data along.<br /><br />Login is fairly straight forward, gather a username and password, then start a PHP session with session_start(), use PEAR:B to connect to a SQL database, and check that the password supplied is the one for that username in the database. If it is, it sets $_SESSION['username'] and $_SESSION['password'] and then redirects the user to the home page.<br /><br />This is where I get problems. The check_login script is contained in the header of the home page, and it has a check to let the user know something's wrong when you are "logged in", but there's no session data, or it doesn't match the database info. I keep losing ALL session array data when check_login checks the user's credentials while loading the home page.<br /><br />The check_login script initiates (or continues) a session, then uses PEAR:B to connect to a SQL database, and grab the encrypted password that corelates to the current $_SESSION['username'], if a session has already been established. Assuming the db_pass matches the $_SESSION['password'], it sets the $logged_in variable to 1, otherwise it's set to 0.<br /><br />Is there another way to set session variables for the new PHP version besides:<br /><br />session_start();<br />$_SESSION['name']="data";<br /><br />Anybody have any idea what changed so radically between 4.3.10 and 4.3.11?]]<br /><br />Also, here's the check_login script, if anyone's interested. I call it from db_connect.php, which actually has all the database and PEAR stuff in it. Hey, it works on 5 or 6 sites I have on 4.3.10 lol maybe you can use it. <!--content-->
Really appreciate any help on this, and thanks Raul, for your interest. I'd really like to figure this one out,... I need to actually lol. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
In login.php (looks like you had posted it before but I didn't see it, sorry) you're using $_SESSION without calling session_start() first.<br />That won't work <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/wink.gif" style="vertical-align:middle" emoid="" border="0" alt="wink.gif" /><br />You need to call session_start() first, before doing anything related to sessions. Give it a try and let me know if it helps.<!--content-->
Afraid not, session_start() is actually called in check_login.php, which is included in db_connect.php, which is required in login.php. It got kinda complicated lol. But yeah it works on the same site hosted on another server, rockstar.gastonglock.net. I think my boss just really wants the site on the TCH server so he can make the domain name stuff easier and have more control over things. Can't really use the site to it's ful potential though, if we can't login to the site admin part of it after the move.<br /><br />The whole system is based on this tutorial I found:<br /><a href="http://www.gastonglock.net/extras/Creating%20a%20Login%20Script%20with%20PHP%204,%20Part%20II%20%20evolt_org.htm" target="_blank">Creating a Login with PHP Sessions</a><br /><br />Perhaps you might see if you think this simplified version would work on these servers? I hate to be such a bother, but I'm positively stumped. I don't know any other way to create a login either, it'd take me a while to get a PERL version working. Thanks very much for your help on this <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/wallbash.gif" style="vertical-align:middle" emoid=":wallbash:" border="0" alt="wallbash.gif" /><!--content-->
I think the reason why your scripts don't work on TCH's servers may be that your old server had register_globals turned OFF, and on TCH's servers, register_globals is turned ON.<br /><br />In your check_login.php script, you're have the variables $_SESSION['password'] for the password the user submitted and $password for the password stored in the database.<br /><br />With register_globals set to ON, these two variables can end up being references to the same value (from what I understand about register_globals).<br /><br />From the comments of the PHP documentation for Session Handling Functions:<br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->If you assign a session subscript/key to the same name as a variable, the session variable will be volatile and lost upon navigating.<br />For example, if passing a setting that you want in $_SESSION, don't do this:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1--><?<br />$setting = $_REQUEST['setting'];<br />if (!empty($setting))<br />$_SESSION['setting'] = $setting;<br />?><!--c2--></div><!--ec2--><br />Instead, rename $setting or $_SESSION['setting'].<!--QuoteEnd--></div><!--QuoteEEnd--><br />It appears to me that you could be losing your $_SESSION['password'] value when the user goes to the next page, which would be enough for your session to be lost.<br /><br />Assuming this is the case, I'd suggest either renaming the $password variable everywhere it occurs in your code, or use the following directive in your .htaccess file to turn off register_globals:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->php_flag register_globals off<!--c2--></div><!--ec2--><br />Hope this helps...<!--content-->
It was brought to my attention that my post where I said I didn't agree with Bill was a little rough.<br /><br />I am very sorry about this. It wasn't my intention at all.<br /><br />I even said that I wasn't trying to bash Bill's opinion, just in case someone thought I was going against him but I guess my intentions turned against myself.<br /><br />Since english not my primary language, sometimes I don't express certain things very well in a written way. I think about what I would say and how I would say it and then I try to put it into written words. The problem is that the "what I would say" part is easy but the "how I would say it" is much harder and that's where I messed up.<br /><br />Anyway, just wanted appologize and make it clear in "public" that it wasn't my intention to sound rough.<br /><br />Sorry, Bill... <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/sad.gif" style="vertical-align:middle" emoid="" border="0" alt="sad.gif" /><!--content-->
Welcome to the forums gaston9x19 <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><br /><br />Sorry, not familiar enough to help you with your PHP problem but others will be along to offer you some assistance.<!--content-->
We are not running PHP 4.3.10, there were several security flaws in that version and hence we at once upgraded to 4.3.11<br /><br />That is most likley your issue.<!--content-->
Welcome to the forums, gaston9x19! <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/thumbup1.gif" style="vertical-align:middle" emoid=":thumbup1:" border="0" alt="thumbup1.gif" /><!--content-->
Welcome to the forums! I would echo HeadGuru's suggestion. That sounds like the most likely culprit. Is there something in your script that requires the older version?<!--content-->
Welcome to the forum, gaston9x19. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Welcome to the forums, Gaston! <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/cool.gif" style="vertical-align:middle" emoid="B)" border="0" alt="cool.gif" /><br /><br />Not wanting to bash Bill's opinion but I'd find it really strange if a minor version upgrade would break session management in PHP. Well, unless you're using some weird session scheme...<br /><br />If you can post your code here perhaps I can help. Otherwise, we will only be guessing.<br /><br /><!--coloro:green--><span style="color:green"><!--/coloro-->Edit: <a href="http://www.totalchoicehosting.com/forums/index.php?showtopic=18781#entry124909" target="_blank">Please read my post below</a>.<!--colorc--></span><!--/colorc--><!--content-->
Welcome to the forum, gaston9x19 <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/biggrin.gif" style="vertical-align:middle" emoid="" border="0" alt="biggrin.gif" /><!--content-->
lol wow, thanks guys I don't know, the slight version difference seems the first thing you'd try looking at. I figured out how sessions work from the PHP website though, and they have stuff for 5.0. <br /><br />Basically, there are two scripts: The login script itself, and a check_login script that seems to failing to pass the session data along.<br /><br />Login is fairly straight forward, gather a username and password, then start a PHP session with session_start(), use PEAR:B to connect to a SQL database, and check that the password supplied is the one for that username in the database. If it is, it sets $_SESSION['username'] and $_SESSION['password'] and then redirects the user to the home page.<br /><br />This is where I get problems. The check_login script is contained in the header of the home page, and it has a check to let the user know something's wrong when you are "logged in", but there's no session data, or it doesn't match the database info. I keep losing ALL session array data when check_login checks the user's credentials while loading the home page.<br /><br />The check_login script initiates (or continues) a session, then uses PEAR:B to connect to a SQL database, and grab the encrypted password that corelates to the current $_SESSION['username'], if a session has already been established. Assuming the db_pass matches the $_SESSION['password'], it sets the $logged_in variable to 1, otherwise it's set to 0.<br /><br />Is there another way to set session variables for the new PHP version besides:<br /><br />session_start();<br />$_SESSION['name']="data";<br /><br />Anybody have any idea what changed so radically between 4.3.10 and 4.3.11?]]<br /><br />Also, here's the check_login script, if anyone's interested. I call it from db_connect.php, which actually has all the database and PEAR stuff in it. Hey, it works on 5 or 6 sites I have on 4.3.10 lol maybe you can use it. <!--content-->
Really appreciate any help on this, and thanks Raul, for your interest. I'd really like to figure this one out,... I need to actually lol. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
In login.php (looks like you had posted it before but I didn't see it, sorry) you're using $_SESSION without calling session_start() first.<br />That won't work <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/wink.gif" style="vertical-align:middle" emoid="" border="0" alt="wink.gif" /><br />You need to call session_start() first, before doing anything related to sessions. Give it a try and let me know if it helps.<!--content-->
Afraid not, session_start() is actually called in check_login.php, which is included in db_connect.php, which is required in login.php. It got kinda complicated lol. But yeah it works on the same site hosted on another server, rockstar.gastonglock.net. I think my boss just really wants the site on the TCH server so he can make the domain name stuff easier and have more control over things. Can't really use the site to it's ful potential though, if we can't login to the site admin part of it after the move.<br /><br />The whole system is based on this tutorial I found:<br /><a href="http://www.gastonglock.net/extras/Creating%20a%20Login%20Script%20with%20PHP%204,%20Part%20II%20%20evolt_org.htm" target="_blank">Creating a Login with PHP Sessions</a><br /><br />Perhaps you might see if you think this simplified version would work on these servers? I hate to be such a bother, but I'm positively stumped. I don't know any other way to create a login either, it'd take me a while to get a PERL version working. Thanks very much for your help on this <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/wallbash.gif" style="vertical-align:middle" emoid=":wallbash:" border="0" alt="wallbash.gif" /><!--content-->
I think the reason why your scripts don't work on TCH's servers may be that your old server had register_globals turned OFF, and on TCH's servers, register_globals is turned ON.<br /><br />In your check_login.php script, you're have the variables $_SESSION['password'] for the password the user submitted and $password for the password stored in the database.<br /><br />With register_globals set to ON, these two variables can end up being references to the same value (from what I understand about register_globals).<br /><br />From the comments of the PHP documentation for Session Handling Functions:<br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->If you assign a session subscript/key to the same name as a variable, the session variable will be volatile and lost upon navigating.<br />For example, if passing a setting that you want in $_SESSION, don't do this:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1--><?<br />$setting = $_REQUEST['setting'];<br />if (!empty($setting))<br />$_SESSION['setting'] = $setting;<br />?><!--c2--></div><!--ec2--><br />Instead, rename $setting or $_SESSION['setting'].<!--QuoteEnd--></div><!--QuoteEEnd--><br />It appears to me that you could be losing your $_SESSION['password'] value when the user goes to the next page, which would be enough for your session to be lost.<br /><br />Assuming this is the case, I'd suggest either renaming the $password variable everywhere it occurs in your code, or use the following directive in your .htaccess file to turn off register_globals:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->php_flag register_globals off<!--c2--></div><!--ec2--><br />Hope this helps...<!--content-->
It was brought to my attention that my post where I said I didn't agree with Bill was a little rough.<br /><br />I am very sorry about this. It wasn't my intention at all.<br /><br />I even said that I wasn't trying to bash Bill's opinion, just in case someone thought I was going against him but I guess my intentions turned against myself.<br /><br />Since english not my primary language, sometimes I don't express certain things very well in a written way. I think about what I would say and how I would say it and then I try to put it into written words. The problem is that the "what I would say" part is easy but the "how I would say it" is much harder and that's where I messed up.<br /><br />Anyway, just wanted appologize and make it clear in "public" that it wasn't my intention to sound rough.<br /><br />Sorry, Bill... <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/sad.gif" style="vertical-align:middle" emoid="" border="0" alt="sad.gif" /><!--content-->