=?iso-8859-1?Q?Chuck_=ABBeyondFusion=BB?=
Guest
Re: PHP Sessions
Alex,
Why did you have to turn on output buffering?
I've been doing secure logins using php for a long time and have never seen
the need.
--
Chuck Joslin
BeyondFusion.com - Your Fusion Community
www.beyondfusion.com
Register domain names at www.awavedomains.com
"Alex Francis" <alex@francisgreenock.co.uk> wrote in message
news:guv4ot$eh42@flsun90netnews01.netobjects.com.. .
>I had to place an ob start at th beginning. I have also used session start
>in case the production server is different from my test server.
> Thanks for your help, it is all coming back to me. (it must be an age
> thing it has got worse since I retired).
> "Chuck «BeyondFusion»" <supportno@spambeyondfusion.com> wrote in message
> news:gusg1s$4na5@flsun90netnews01.netobjects.com.. .
>> Alex,
>>
>> Are you placing a session start at the top of each page a logged in user
>> will have access to? You need to.
>>
>> --
>> Chuck Joslin
>> BeyondFusion.com - Your Fusion Community
>> www.beyondfusion.com
>>
>> Register domain names at www.awavedomains.com
>> "Alex Francis" <alex@francisgreenock.co.uk> wrote in message
>> news:gusa0g$4ph2@flsun90netnews01.netobjects.com.. .
>>> Still Having problems with my sessions:
>>> Here is my code for my login page and for my main authorised page:
>>> session_start(); is not shown since it is on the first line of the page
>>> not with the rest of the code:
>>> I don't seem to be getting the sessions created. I put in line 2 in my
>>> authorised page to help debug and got this error message:
>>> Notice: Undefined variable: _SESSION in
>>> C:\wamp\www\reqfiles\allauthsession.req.php on line 2
>>>
>>> Login Page
>>> <?php
>>>
>>> //create short names from form information
>>> $userlogname = $_POST["userlogname"];
>>> $userlogpass = $_POST["userlogpass"];
>>>
>>> $encryptedpassword = md5($userlogpass);
>>>
>>> //capture ip address
>>> $ipaddress = getenv ("REMOTE_ADDR");
>>> $date = date("D d M,Y");
>>> $time = date("h:i:s a");
>>>
>>> $sql = " SELECT * FROM logintable WHERE userlogname='$userlogname' AND
>>> userpasswd='$encryptedpassword'";
>>>
>>> //$retid = mysql_db_query($dbname, $sql, $link);
>>> $opendb = mysql_select_db($dbname, $link) or die("Cannot select the
>>> database.<br>" . mysql_error());
>>> $retid = mysql_query($sql, $link);
>>> if (!$retid) { echo( mysql_error()); }
>>> else {
>>>
>>> while ($row = mysql_fetch_array($retid)) {
>>> $loginID = $row["loginid"];
>>> $logingroup = $row["authgroup"];
>>> $logname = $row["fullname"];
>>> }
>>> $num = mysql_num_rows($retid);
>>> // echo ("$num");
>>>
>>> if ($num==0){
>>> echo ("You have entered a wrong User Name or Password
>>> <A HREF='login.php'> Back to Login Page </A>");
>>> exit;
>>> }
>>>
>>> $query = "INSERT INTO userstable VALUES('0', '$loginID', '$logname',
>>> '$ipaddress', '$date', '$time')";
>>>
>>> //echo ("The query is: <BR>$query<P>\n");
>>>
>>> if (mysql_db_query ($dbname, $query, $link)){
>>>
>>> echo ("<P>$logname is now logged in with $logingroup
>>> privileges.</P>\n");
>>> echo ("<P><A HREF=\"authorised_only.php?id=$loginID\">Go to the Private
>>> Section</A><P>\n");
>>> }
>>>
>>> if ($logingroup=="administrator")
>>> {
>>> //Create session values
>>> $_SESSION['loginID'] = "$loginID";
>>> $_SESSION['logname'] = "$logname";
>>> $_SESSION['admin'] = "$logingroup";
>>>
>>> } elseif ($logingroup=="member")
>>> {
>>>
>>> // Create session values
>>> $_SESSION['loginID'] = '$loginID';
>>> $_SESSION['logname'] = '$logname';
>>> $_SESSION['member'] = '$logingroup';
>>>
>>> }
>>> mysql_close ($link);
>>> }
>>> ?>
>>>
>>> Authorised Page
>>> <?php
>>> //echo "User : ".$_SESSION["logname"];
>>>
>>> if((isset($_SESSION["admin"]))||(isset($_SESSION["member"])))
>>> {
>>> echo" <a href= ../html/logout.php>Logout</a> ";
>>> }
>>> else {
>>> echo("You are not authorised to view this page");
>>> echo ' <a href= ../html/login.php>Log in</a>' ;
>>> exit;
>>> }
>>> ?>
>>>
>>> Probably doing something stupid!!!!!!!!!!!!
>>>
>>> "Chuck «BeyondFusion»" <supportno@spambeyondfusion.com> wrote in message
>>> news:guk06g$38r7@flsun90netnews01.netobjects.com.. .
>>>>I hear you. I can spell but otfen can't tpye.
>>>>
>>>> --
>>>> Chuck Joslin
>>>> BeyondFusion.com - Your Fusion Community
>>>> www.beyondfusion.com
>>>>
>>>> Register domain names at www.awavedomains.com
>>>> "Alex Francis" <alex@francisgreenock.co.uk> wrote in message
>>>> news:gujsj7$38r4@flsun90netnews01.netobjects.com.. .
>>>>> Sorry about that I had mispelled session in the session start. Nearly
>>>>> working now.
>>>>> "Chuck «BeyondFusion»" <supportno@spambeyondfusion.com> wrote in
>>>>> message news:gujqmt$38r2@flsun90netnews01.netobjects.com.. .
>>>>>> The session code needs to be placed at the start of the page, above
>>>>>> all else.
>>>>>>
>>>>>> You also appear to be missing a session start. That goes first before
>>>>>> any other PHP code at the start of the page.
>>>>>>
>>>>>> --
>>>>>> Chuck Joslin
>>>>>> BeyondFusion.com - Your Fusion Community
>>>>>> www.beyondfusion.com
>>>>>>
>>>>>> Register domain names at www.awavedomains.com
>>>>>> "Alex Francis" <alex@francisgreenock.co.uk> wrote in message
>>>>>> news:gujpc3$38r1@flsun90netnews01.netobjects.com.. .
>>>>>>> It is a long time since I did any PHP coding but was asked to create
>>>>>>> a site recently using PHP. Naturally I used some code which I know
>>>>>>> is working on another site but I cannot get it to work on my test
>>>>>>> server which is running PHP5. I think the other site is running
>>>>>>> PHP4. I would be grateful if someone can help.
>>>>>>>
>>>>>>> Here is the error message
>>>>>>> Warning: session_register() [function.session-register]: Cannot send
>>>>>>> session cookie - headers already sent by (output started at
>>>>>>> C:\wamp\www\html\confirm_login.php:50) in
>>>>>>> C:\wamp\www\reqfiles\login.req.php on line 60
>>>>>>>
>>>>>>> Warning: session_register() [function.session-register]: Cannot send
>>>>>>> session cache limiter - headers already sent (output started at
>>>>>>> C:\wamp\www\html\confirm_login.php:50) in
>>>>>>> C:\wamp\www\reqfiles\login.req.php on line 60
>>>>>>> logingroup is
>>>>>>>
>>>>>>> he code for this is here, starting at line 57
>>>>>>> if ($logingroup=="administrator")
>>>>>>> {
>>>>>>> // Create a session value
>>>>>>> session_register ('loginID');
>>>>>>> session_register ('logname');
>>>>>>> session_register ('administrator');
>>>>>>>
>>>>>>> // give the sessions a name
>>>>>>> $_SESSION['loginID'] = $loginID;
>>>>>>> $_SESSION['logname'] = $logname;
>>>>>>> $_SESSION['administrator'] = $administrator;
>>>>>>>
>>>>>>> echo ("logingroup is ");
>>>>>>> echo $_SESSION['administrator'];
>>>>>>>
>>>>>>> } elseif ($logingroup=="member")
>>>>>>> {
>>>>>>>
>>>>>>> // Create a session value
>>>>>>> session_register ('loginID');
>>>>>>> session_register ('logname');
>>>>>>> session_register ('member');
>>>>>>>
>>>>>>> // give the sessions a name
>>>>>>> $_SESSION['loginID'] = $loginID;
>>>>>>> $_SESSION['logname'] = $logname;
>>>>>>> $_SESSION['member'] = $member;
>>>>>>>
>>>>>>> echo ("logingroup is ");
>>>>>>> echo $_SESSION['member'];
>>>>>>>
>>>>>>> }
>>>>>>> mysql_close ($link);
>>>>>>> }
>>>>>>> ?>
>>>
>>>
>>
>
Reply With Quote