[RESOLVED] Session Problem

**Visual Basic.Net** · Dec 1st, 2008, 02:17 PM

I wrote this to secure the page by password & username:

Code:

@session_start();
if($_POST['mkses']){
	$_SESSION['id']=$_POST['id'];
	$_SESSION['pass']=$_POST['pass'];
}
if($_SESSION['id']!="aaa" and $_SESSION['pass']!="aaa"){
	echo '<form method="post" action='.$_SERVER[PHP_SELF].' >';
	echo "<input type='text' name='id'><input type='text' name='password'>";
	echo "<input type='submit' name='mkses' value='login'></form>";
	exit;
}

when I enter the password & username it display page without problem, the page consists of a form to enter information and the form Action is set to the same page, when I click submit it show me the message to enter username and password again, that means it didn't save the session?

what is the problem?
thank's

**the182guy** · Dec 2nd, 2008, 07:57 AM

The problem with your code is you have your password textbox called 'password' and in the PHP code you are trying to get the value of a textbox called 'pass'. Change it to 'password' and the code should work.

There are better ways to secure the page than that though.

**Visual Basic.Net** · Dec 2nd, 2008, 10:56 AM

I changed it to:

Code:

@session_start();
if($_POST['mkses']){
	$_SESSION['id']=$_POST['id'];
	$_SESSION['pass']=$_POST['password'];
}
if($_SESSION['id']!="aaa" and $_SESSION['pass']!="aaa"){
	echo '<form method="post" action='.$_SERVER[PHP_SELF].' >';
	echo "<input type='text' name='id'><input type='text' name='password'>";
	echo "<input type='submit' name='mkses' value='login'></form>";
	exit;
}

But the same problem

**dclamp** · Dec 2nd, 2008, 09:00 PM

you need to change the $_SESSION['pass'] in your if() statement

**kfcSmitty** · Dec 2nd, 2008, 11:11 PM

Not sure what "and" is in PHP, but the proper AND operator is && not "and".

So

PHP Code:


$_SESSION['id']!="aaa" and $_SESSION['pass']!="aaa"

should be

PHP Code:


$_SESSION['id']!="aaa" && $_SESSION['pass']!="aaa"

**Visual Basic.Net** · Dec 3rd, 2008, 09:52 AM

I changed it to:

Code:

@session_start();
if($_POST['mkses']){
	$_SESSION['id']=$_POST['id'];
	$_SESSION['pass']=$_POST['password'];
}
if($_SESSION['id']!="aaa" || $_SESSION['pass']!="aaa"){
	echo '<form method="post" action='.$_SERVER[PHP_SELF].' >';
	echo "<input type='text' name='id'><input type='text' name='password'>";
	echo "<input type='submit' name='mkses' value='login'></form>";
	exit;
}

but the same problem

**kfcSmitty** · Dec 3rd, 2008, 02:16 PM

Are you sure you updated the file properly?

The code you posted above works. If you go to the page and you do not have your session set, you see the login form. If you go to the page directly after you have submitted, then you set the session variables.

If you go to the page at any other time (before the session has expired), it won't do anything, since your session is open, but you're not posting anything.

**Visual Basic.Net** · Dec 3rd, 2008, 02:38 PM

No it didn't work. See the full code here, when you enter the pass and user it will show to you the form to enter your name, but when you press "print Name" it will ask you again for the username and password and will never print yourname.

Code:

<HTML dir="rtl">
<body>
<center>
<?php

@session_start();
if($_POST['mkses']){
	$_SESSION['id']=$_POST['id'];
	$_SESSION['pass']=$_POST['password'];
}
if($_SESSION['id']!="aaa" || $_SESSION['pass']!="aaa"){
	echo '<form method="post" action='.$_SERVER[PHP_SELF].' >';
	echo "<input type='text' name='id'><input type='text' name='password'>";
	echo "<input type='submit' name='mkses' value='login'></form>";
	exit;
}
?>
<?php
if($_POST['tt'])
	echo $_POST['cname'];
?>
<form action="<? $_SERVER['PHP_SELF']; ?>" method="post">
name <input type="text" name="cname"><BR>
<input type="submit" name="tt" value="Print Name">
</form>
</center>
</body>
</html>

**kfcSmitty** · Dec 3rd, 2008, 02:53 PM

You have to start the session before you print anything to the screen.

The following code works.

PHP Code:


<?php

session_start();

?>

<HTML dir="rtl">

<body>

<center>

<?php

if($_POST['mkses']){

    $_SESSION['id']=$_POST['id'];

    $_SESSION['pass']=$_POST['password'];

}

if($_SESSION['id']!="aaa" || $_SESSION['pass']!="aaa"){

    echo '<form method="post" action='.$_SERVER[PHP_SELF].' >';

    echo "<input type='text' name='id'><input type='text' name='password'>";

    echo "<input type='submit' name='mkses' value='login'></form>";

    exit;

}

?>

<?php

if($_POST['tt'])

    echo $_POST['cname'];

?>

<form action="<? $_SERVER['PHP_SELF']; ?>" method="post">

name <input type="text" name="cname"><BR>

<input type="submit" name="tt" value="Print Name">

</form>

</center>

</body>

</html>

**Visual Basic.Net** · Dec 3rd, 2008, 03:35 PM

Yes, that worked with the last code, but when I changed the code the same problem is still there.
My full code for the 2'nd page:

Code:

<?php 
@session_start(); 
?>
<HTML dir="rtl">
<body>
<center>
<?php
if($_POST['mkses']){
	$_SESSION['id']=$_POST['id'];
	$_SESSION['pass']=$_POST['password'];
}
if($_SESSION['id']!="aaa" || $_SESSION['pass']!="aaa"){
	echo '<form method="post" action='.$_SERVER[PHP_SELF].' >';
	echo "<input type='text' name='id'><input type='text' name='password'>";
	echo "<input type='submit' name='mkses' value='login'></form>";
	exit;
}


include_once('thumbnail.inc.php');
include('dbconnect.php');
function upimg($nnn){
$target_path = "CIMG/$nnn";
move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path);
list($width1, $height1, $type1, $attr1) = getimagesize($target_path);
if($width1>140){
$thumb = new Thumbnail($target_path);
$newwidth1=140;
$newheight1=(140/$width1)*$height1;

$thumb->resize($newwidth1,$newheight1);
$thumb->save($target_path);
}
}

if(isset($_POST['sss'])){
	echo "Added";
	$filettt = substr(strrchr($_FILES['uploadedfile']['name'], '.'), 1);
	$addquery1 = "Insert into Category (NAME,DESC1,PARENT,PICTYPE) VALUES ('$_POST[cname]','$_POST[cdesc]','$_POST[cparent]','$filettt')";
	mysql_query($addquery1) or die(mysql_error());
	if($_POST[cparent]!=-1){
		$updtq = "update Category set NumOfFol=NumOfFol+1 where CID=".$_POST[cparent];
		mysql_query($updtq) or die(mysql_error());
	}
	$retquery = "select MAX(CID) from Category";
	$ress22 = mysql_query($retquery);
	$finalfilenm = mysql_result($ress22,0,"MAX(CID)").".".$filettt;
	upimg($finalfilenm);
exit;
}
?>

<form enctype="multipart/form-data" action="<? $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="cname"><BR>
<textarea name="cdesc"></textarea><BR>
<select name="cparent"> 
<option value=-1></option>
<?php
$query1 = "Select * from Category";
$result= mysql_query($query1);
$num=mysql_numrows($result);
$i=0;
while ($i < $num) {
echo "<option value=".mysql_result($result,$i,"CID").">".mysql_result($result,$i,"NAME")."</option>";
$i++;
}
?>
</select><BR><BR>
<input name="uploadedfile" type="file" />
<? $upload_max_filesize=ini_get("upload_max_filesize");
echo "MAXSIZE:".$upload_max_filesize;?><BR>
<input type="submit" name="sss" value="ADD CATEGORY">
</form>
<?php
mysql_close();
?>
</center>
</body></html>

Isn't there a rule that works always? or php is working with luck? hhhhhhhhhh
PHP is very stupid language?!!! It generates alooot or errors

**kfcSmitty** · Dec 3rd, 2008, 03:42 PM

What errors are you receiving? All I can assume at this point is that one of your include files is messing with something.

I ran the code without the includes, and I was able to submit and get the "Added" echo, and the session remained with me logged in.

**dclamp** · Dec 3rd, 2008, 07:14 PM

You need to remove the error suppressor from session_start(). There may be an error, but you are keeping it from showing.

**Visual Basic.Net** · Dec 4th, 2008, 06:36 AM

Yes, when I removed @ from the beggining or session_start(), the problem gone. but it keeping show this error:
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\AppServ\www\img\addc.php:1) in C:\AppServ\www\img\addc.php on line 2

I don't want this error to be printed

thank's alot brothers

**Visual Basic.Net** · Dec 4th, 2008, 06:49 AM

the problem become up again?!!!!
the warning message beign printing 2 times, and the problem become up again?

Code:

<?php
session_start();
?>
<HTML dir="rtl">
<body>
<center>
<?php

if($_POST['mkses']){
	$_SESSION['id']=$_POST['id'];
	$_SESSION['pass']=$_POST['password'];
}
if($_SESSION['id']!="aaa" || $_SESSION['pass']!="aaa"){
	echo '<form method="post" action='.$_SERVER[PHP_SELF].' >';
	echo "<input type='text' name='id'><input type='text' name='password'>";
	echo "<input type='submit' name='mkses' value='login'></form>";
	exit;
}

include_once('thumbnail.inc.php');
include('dbconnect.php');
function upimg($nnn){
$target_path = "CIMG/$nnn";
move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path);
list($width1, $height1, $type1, $attr1) = getimagesize($target_path);
if($width1>140){
$thumb = new Thumbnail($target_path);
$newwidth1=140;
$newheight1=(140/$width1)*$height1;

$thumb->resize($newwidth1,$newheight1);
$thumb->save($target_path);
}
}

if(isset($_POST['sss'])){
	echo "Added";
	$filettt = substr(strrchr($_FILES['uploadedfile']['name'], '.'), 1);
	$addquery1 = "Insert into Category (NAME,DESC1,PARENT,PICTYPE) VALUES ('$_POST[cname]','$_POST[cdesc]','$_POST[cparent]','$filettt')";
	mysql_query($addquery1) or die(mysql_error());
	if($_POST[cparent]!=-1){
		$updtq = "update Category set NumOfFol=NumOfFol+1 where CID=".$_POST[cparent];
		mysql_query($updtq) or die(mysql_error());
	}
	$retquery = "select MAX(CID) from Category";
	$ress22 = mysql_query($retquery);
	$finalfilenm = mysql_result($ress22,0,"MAX(CID)").".".$filettt;
	upimg($finalfilenm);
exit;
}
?>

<form enctype="multipart/form-data" action="<? $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="cname"><BR>
<textarea name="cdesc"></textarea><BR>
<select name="cparent"> 
<option value=-1></option>
<?php
$query1 = "Select * from Category";
$result= mysql_query($query1);
$num=mysql_numrows($result);
$i=0;
while ($i < $num) {
echo "<option value=".mysql_result($result,$i,"CID").">".mysql_result($result,$i,"NAME")."</option>";
$i++;
}
?>
</select><BR><BR>
<input name="uploadedfile" type="file" />
<? $upload_max_filesize=ini_get("upload_max_filesize");
echo "MAXSIZE:".$upload_max_filesize;?><BR>
<input type="submit" name="sss" value="ADD CATEGORY">
</form>
<?php
mysql_close();
?>
</center>
</body></html>

I waste many days on that problem

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\AppServ\www\img\addc.php:1) in C:\AppServ\www\img\addc.php on line 2

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\AppServ\www\img\addc.php:1) in C:\AppServ\www\img\addc.php on line 2

**kfcSmitty** · Dec 4th, 2008, 07:51 AM

Header already sent means either you have some output to the screen before starting your session, or you've started a session when attempting to open another one.

Are any of your other scripts opening a session or anything? If you could post them here we might be able to help.

And you shouldn't rely on an error supressor to get rid of your errors. Proper code won't give you any errors.

**Visual Basic.Net** · Dec 4th, 2008, 09:33 AM

Offcouse, I want to include them all, but the forum telling me that the message exceeds the character length. I will try to attach them.
Thank's for helping me

**Visual Basic.Net** · Dec 4th, 2008, 09:38 AM

Here are the files:
http://www.2shared.com/file/4394443/.../AllFiles.html

**kfcSmitty** · Dec 4th, 2008, 10:10 AM

I don't know how it happened, but there is a corruption in your addc.php file.

Copy all of the code in it, completely delete the file and re-create it.

That seemed to fix the header errors for me.

**Visual Basic.Net** · Dec 4th, 2008, 10:32 AM

Yes, The problem is that the file is saved with UTF-8 format, when I saved it with ascii it become ok, isn't there a way to save it with UTF-8 and make session works ok?
it is very important to support language other than english, like arabic
thank's bro

**Visual Basic.Net** · Dec 4th, 2008, 10:45 AM

I saved it with BOM, and without BOM.... but the same problem with both

**kfcSmitty** · Dec 4th, 2008, 10:50 AM

I'm not 100% sure, but you shouldn't need to save the PHP file as UTF-8. Technically your PHP and code should be separate, so any text you're outputting should either be in another file, or you could use the UTF-8 encode/decode function built into PHP.

http://ca3.php.net/utf8_encode
http://ca3.php.net/utf8-decode

Although I've never really dealt with UTF-8 in PHP, so I'm kind of at the end of my rope here.

Only suggestion I can make is to save it as ASCII and handle any other characters appropriately. Or, as stated above, keep your PHP and HTML separate.

**Visual Basic.Net** · Dec 4th, 2008, 10:58 AM

It Solved. I had to delete the file and recreate it by UTF8 Without BOM.
the signature of UTF-8 (BOM) caused that problem!!
Thank's alot again

**dclamp** · Dec 4th, 2008, 06:58 PM

This whole process would have been done like 10 posts ago. Moral of thread, dont use Error Suppressors while debugging .

**penagate** · Dec 7th, 2008, 11:08 PM

Originally Posted by kfcSmitty

Not sure what "and" is in PHP, but the proper AND operator is && not "and".

The 'and' operator is equivalent to && with a lower precedence.
See Operator Precedence.

Thread: [RESOLVED] Session Problem

Thread Tools

Display

[RESOLVED] Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: Session Problem

Re: [RESOLVED] Session Problem

Re: Session Problem

Posting Permissions