Apache Friends Support Forum

[mcog_esteban]

hi all.
can someone help me with this:
i'm having a strange problem using sessions,i have a login system based on sessions, and sometimes i can't login, the problem is that i can indeed login but the page creates another session id,sending me back to the login page, i get the tmp dir full of sess_*************** files with 0kb.First i thought that was something wrong with my code, and i did the simplest system i know:

login.html

Code: Select all

<html>
<body>
<form method="post" action="login.php">
<input type="text" name="user"><br>
<input type="text" name="pass">
<input type="submit" name="submit" value="send">
</form>
</body>
</html>
?>



login.php

Code: Select all


<?php
session_start();

if($_POST['submit'])
{
  if($_POST['user']=="master")
  {
    if($_POST['pass'] == "blaster")
    {
       session_register('user');
       $_SESSION['user']=$_POST['user'];
       header("Location: secret.php");
       exit;
    }
  }
  else
  {
    echo "Login or Password wrong<br>";
    <a href="login.html">Click here to login again.</a>
   }
}
?>


secret.php

Code: Select all

<?php
session_start();

if(!empty($_SESSION['login']))
{
   echo "Welcome to the secret page";
}
else
{
  <a href="login.html">You have to login to access this page
}
?>



and it didn't work....a few hours later it worked.
i really don't know what to do anymore.

if it helps, i'm running this on Windows XP + SP2

if anybody knows or have clue, please let me know.
thanks

[MacDaddy]

hi all.
can someone help me with this:
i'm having a strange problem using sessions,i have a login system based on sessions, and sometimes i can't login, the problem is that i can indeed login but the page creates another session id,sending me back to the login page, i get the tmp dir full of sess_*************** files with 0kb.First i thought that was something wrong with my code, and i did the simplest system i know:

login.html

Code: Select all

<html>
<body>
<form method="post" action="login.php">
<input type="text" name="user"><br>
<input type="text" name="pass">
<input type="submit" name="submit" value="send">
</form>
</body>
</html>
?>



login.php

Code: Select all


<?php
session_start();

if($_POST['submit'])
{
  if($_POST['user']=="master")
  {
    if($_POST['pass'] == "blaster")
    {
       session_register('user');
       $_SESSION['user']=$_POST['user'];
       header("Location: secret.php");
       exit;
    }
  }
  else
  {
    echo "Login or Password wrong<br>";
    <a href="login.html">Click here to login again.</a>
   }
}
?>


secret.php

Code: Select all

<?php
session_start();

if(!empty($_SESSION['login']))
{
   echo "Welcome to the secret page";
}
else
{
  <a href="login.html">You have to login to access this page
}
?>



and it didn't work....a few hours later it worked.
i really don't know what to do anymore.

if it helps, i'm running this on Windows XP + SP2

if anybody knows or have clue, please let me know.
thanks

why not just use .htaccess ? its a little easyer than a hackable .php with the password in it.

[alfa_schumi]

In the secret.php page you check if "$_SESSION['login']" is not empty, while in the login.php you put the user in "$_SESSION['user']" try changing login to user in the secret.php page.

[Maller]

Dude, storing passwords in .php files is not a good idea, storing uncrypted passwords is even worse.
Use a database to store your passwords, and encrypt them.

If you really have to store the password in the php file, atleast use md5() to encrypt em, as it´s almost impossible to crack.