Hi
I am having a problem with session vars being propagated between pages
on this site:
If you enter any user id and password and click Log In (no actual
validation is performed), and then move around the other pages and/or
keep refreshing the pages it will eventually display something that is
incorrect i.e. saying your logged in when you aren't or vice versa.
The exact same code here http://ccgi.gnosis.free-online.co.uk/index.php
works fine implying a problem with the first PHP installation.
Here is the code for the 3 files:
=========== index.php =============
<?php
session_start() ;
if (isset($_POST['userid']) && isset($_POST['password'])) {
// if the user has just tried to log in
$userid = $_POST['userid'];
$password = $_POST['password'];
//assume valid login so set session var
$_SESSION['loggedinuserna me'] = $userid;
}
?>
<html>
<body>
<h1>Home page</h1>
<?
if (isset($_SESSIO N['loggedinuserna me'])) {
echo 'You are logged in as: '.$_SESSION['loggedinuserna me'].' <br /
echo '<a href="logout.ph p">Log out</a><br />';
} else {
if (isset($userid) ) {
// if they've tried and failed to log in
echo 'Could not log you in.<br />';
} else {
// they have not tried to log in yet or have logged out
echo 'You are not logged in.<br />';
}
// provide form to log in
echo '<form method="post" action="index.p hp">';
echo '<table>';
echo '<tr><td>Userid :</td>';
echo '<td><input type="text" name="userid"></td></tr>';
echo '<tr><td>Passwo rd:</td>';
echo '<td><input type="password" name="password" ></td></tr>';
echo '<tr><td colspan="2" align="center"> ';
echo '<input type="submit" value="Log in"></td></tr>';
echo '</table></form>';
}
?>
<br />
<a href="members_o nly.php">Member s section</a>
</body>
</html>
=========== members_only.ph p =============
<?php
session_start() ;
echo '<h1>Members only</h1>';
// check session variable
if (isset($_SESSIO N['loggedinuserna me'])) {
echo '<p>You are logged in as '.$_SESSION['loggedinuserna me'].'</
p>';
echo '<p>Members only content goes here</p>';
} else {
echo '<p>You are not logged in.</p>';
echo '<p>Only logged in members may see this page.</p>';
}
echo '<a href="index.php ">Back to main page</a>';
?>
=========== logout.php =============
<?php
session_start() ;
// store to test if they *were* logged in
$old_user = $_SESSION['loggedinuserna me'];
unset($_SESSION['loggedinuserna me']);
session_destroy ();
?>
<html>
<body>
<h1>Log out</h1>
<?php
if (!empty($old_us er)) {
echo 'Logged out.<br />';
} else {
// if they weren't logged in but came to this page somehow
echo 'You were not logged in, and so have not been logged out.<br /
}
?>
<a href="index.php ">Back to main page</a>
</body>
</html>
=============== =============== ==========
Am I doing something wrong or is there a problem or config issue with
the PHP server at http://www.meettheancestors.com/phpinfo.php (which I
have no control over).
Any help greatly appreciated.
Jonathan Attree
I am having a problem with session vars being propagated between pages
on this site:
If you enter any user id and password and click Log In (no actual
validation is performed), and then move around the other pages and/or
keep refreshing the pages it will eventually display something that is
incorrect i.e. saying your logged in when you aren't or vice versa.
The exact same code here http://ccgi.gnosis.free-online.co.uk/index.php
works fine implying a problem with the first PHP installation.
Here is the code for the 3 files:
=========== index.php =============
<?php
session_start() ;
if (isset($_POST['userid']) && isset($_POST['password'])) {
// if the user has just tried to log in
$userid = $_POST['userid'];
$password = $_POST['password'];
//assume valid login so set session var
$_SESSION['loggedinuserna me'] = $userid;
}
?>
<html>
<body>
<h1>Home page</h1>
<?
if (isset($_SESSIO N['loggedinuserna me'])) {
echo 'You are logged in as: '.$_SESSION['loggedinuserna me'].' <br /
>';
} else {
if (isset($userid) ) {
// if they've tried and failed to log in
echo 'Could not log you in.<br />';
} else {
// they have not tried to log in yet or have logged out
echo 'You are not logged in.<br />';
}
// provide form to log in
echo '<form method="post" action="index.p hp">';
echo '<table>';
echo '<tr><td>Userid :</td>';
echo '<td><input type="text" name="userid"></td></tr>';
echo '<tr><td>Passwo rd:</td>';
echo '<td><input type="password" name="password" ></td></tr>';
echo '<tr><td colspan="2" align="center"> ';
echo '<input type="submit" value="Log in"></td></tr>';
echo '</table></form>';
}
?>
<br />
<a href="members_o nly.php">Member s section</a>
</body>
</html>
=========== members_only.ph p =============
<?php
session_start() ;
echo '<h1>Members only</h1>';
// check session variable
if (isset($_SESSIO N['loggedinuserna me'])) {
echo '<p>You are logged in as '.$_SESSION['loggedinuserna me'].'</
p>';
echo '<p>Members only content goes here</p>';
} else {
echo '<p>You are not logged in.</p>';
echo '<p>Only logged in members may see this page.</p>';
}
echo '<a href="index.php ">Back to main page</a>';
?>
=========== logout.php =============
<?php
session_start() ;
// store to test if they *were* logged in
$old_user = $_SESSION['loggedinuserna me'];
unset($_SESSION['loggedinuserna me']);
session_destroy ();
?>
<html>
<body>
<h1>Log out</h1>
<?php
if (!empty($old_us er)) {
echo 'Logged out.<br />';
} else {
// if they weren't logged in but came to this page somehow
echo 'You were not logged in, and so have not been logged out.<br /
>';
?>
<a href="index.php ">Back to main page</a>
</body>
</html>
=============== =============== ==========
Am I doing something wrong or is there a problem or config issue with
the PHP server at http://www.meettheancestors.com/phpinfo.php (which I
have no control over).
Any help greatly appreciated.
Jonathan Attree