Jump to content
Larry Ullman's Book Forums

Sessions Without Cookies - Chapter 9


Recommended Posts

I am having trouble getting my scripts to work when it coes to sessions without cookies. I have amended the login.php script as per the book and then amended the remaining scripts header.html, loggedin.php and logout.php as described in the book but find when entering a valid email address and password I am returned straight to the index.php page. Please can you assist me in understanding what I am doing wrong, I have been trying to work through it and resolve it my self for the last 2 days. I have MySQL Server 5.5, php 5.3.6 and Windows 7 Home 64bit running on my own computer using the localhost server. Please find attached my scripts.

 

Login.php

<?php # Script 9.16 - login.php

// Send nothing to the browser before session_start() line!

// Check if the form has been submitted.

if (isset($_POST['submitted'])) {

 

require_once ('../secure/mysql_connect.php'); // Connect to the db.

$errors = array(); // Initialise error array.

// Check for an email address.

if (empty($_POST['email'])) {

$errors[] = 'You forgot to enter an email address.';

} else {

$e = escape_data($_POST['email']);

}

// Check for a password.

if (empty($_POST['password'])) {

$errors[] = 'You forgot to enter a password.';

} else {

$p = escape_data($_POST['password']);

}

if (empty($errors)) { // If everything is OK.

 

/* Retrieve the user_id and first name for the email/password combination */

$query = "SELECT user_id, first_name FROM users WHERE email='$e' AND password=SHA('$p')";

$result = @mysql_query($query); // Run the query.

$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.

if ($row) { // A record was pulled from the database.

// Set the session data and redirect.

session_name ('YourVisitID');

ini_set('session.use_cookies', 0); // Don't use cookies.

session_start();

$_SESSION['user_id'] = $row[0];

$_SESSION['first_name'] = $row[1];

// Redirect the user to the loggedin.php page.

// Start defining the URL.

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for trailing slash.

if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {

$url = substr($url, 0, -1); // Chop off the slash.

}

// Add the page.

$url .= '/loggedin.php?' . SID; // Add the session name & ID.

header("Location: $url");

exit(); // Quit the script.

 

} else { // No record matched the query.

$errors[] = 'The email address and password entered do not match those on file.'; // Public message.

$errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message.

}

} // End of if(empty($errors)) if.

mysql_close(); // Close the database connection.

} else { // Form has not been submitted.

$errors = NULL;

} // End of main submit conditional.

// Begin the page now.

$page_title = 'Login';

include('./includes/header.html');

if (!empty($errors)) { // Print any error messages.

echo '<h1 id="mainhead">Error!</h1>

<p class="error">The following error(s) occurred:<br />';

foreach ($errors as $msg) { // Print each error.

echo "- $msg<br />\n";

}

echo '</p><p>Please try again.</p>';

}

// Create the form.

?>

<h2>Login</h2>

<form action="login.php" method="post">

<p>Email Address: <input type="text" name="email" size="20" maxlenght="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></p>

<p>Password: <input type="password" name="password" size="20" maxlength="20"/></p>

<p><input type="submit" name="submit" value="Login"/></p>

<p><input type="hidden" name="submitted" value="TRUE"/>

</form>

<?php

include ('./includes/footer.html');

?>

 

Header.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR...ransitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

 

<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />

 

<title><?php echo $page_title; ?></title>

<style type="text/css" media ="all">@import "./includes/layout.css";</style>

</head>

<body>

<div id="wrapper"><!-- Goes with the CSS layout. -->

<div id="content"><!-- Goes with the CSS layout. -->

 

<div id="nav"><!-- Links section -->

<h3>Menu</h3>

<ul>

<li class="navtop"><a href="index.php?<?php SID; ?>" title="Go to Home Page">Home</a></li>

<li><a href="register.php" title="Register?<?php SID; ?>">Register</a></li>

<li><?php // Create a login/logout link.

if ((isset($_SESSION['user_id'])) && (!strpos($_SERVER['PHP_SELF'], 'logout.php'))) {

echo '<a href="logout.php?<?php SID; ?>" title="Logout">Logout</a>';

} else {

echo '<a href="login.php?<?php SID; ?>" title="Login">Login</a>';

}

?></li>

</ul>

</div>

<!-- Script 9.8 - header.html -->

<!-- Start of page specific content -->

 

Loggedin.php

<?php # Script 9.17 - loggedin.php

# User is redirected here from login.php.

session_name ('YourVisitID');

ini_set('session.use_cookies', 0);

session_start(); // Start the session.

// If no session value is present redirect the user.

if(!isset($_SESSION['user_id'])) {

// Start defining the url.

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for a trailing slash.

if ((substr($url, -1) == '/') OR (substr($url, -1) =='\\')) {

$url = substr($urll, 0, -1); // Chop off the slash.

}

$url .= '/index.php'; // Add the page.

header ("Location: $url");

exit(); // Quit the script.

}

// Set the page title and include the HTML header.

$page_title = 'Logged In!';

include ('./includes/header.html');

// Print a customised message.

echo "<h1>Logged In!</h1>

<p>You are now logged in, {$_SESSION['first_name']}!</p>

<p><br /><br /></p>";

include ('./includes/footer.html');

?>

 

logout.php

<?php # Script 9.18 - logout.php

// This page lets the user log out.

session_name('YourVisitID');

ini_set('session.use_cookies', 0);

session_start(); // Access the existing session.

// If no cookie is present, redirect the user.

if(!isset($_SESSION['user_id'])) {

//Start defining the url.

$url = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for a trailing slash.

if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {

$url = substr($url, 0, -1); // Chop of the slash.

}

$url .= '/index.php'; // Add the page.

header("Location, $url");

exit();

} else { // Cancell the session.

$_SESSION = array(); // Destroy the variables.

session_destroy(); // Destroy the session itself.

}

// Set the page title and include the HTML header.

$page_title = 'Logged Out!';

include ('./includes/header.html');

// Print a customised message.

echo "<h1>Logged Out!</h1>

<p>You are now logged out!</p>

<p><br /><br /></p>";

include ('./includes/footer.html');

?>

Link to comment
Share on other sites

 Share

×
×
  • Create New...