Jump to content
Larry Ullman's Book Forums

kjustice

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About kjustice

  • Rank
    Newbie
  1. I found another session variable session.use_only_cookies once I set this to off as well as session.use_cookies my sessions worked fine. Thank you for your direction and I woul also like to note that I am loving the book.
  2. I am having trouble getting my scripts to work when it coes to sessions without cookies. I have amended the login.php script as per the book and then amended the remaining scripts header.html, loggedin.php and logout.php as described in the book but find when entering a valid email address and password I am returned straight to the index.php page. Please can you assist me in understanding what I am doing wrong, I have been trying to work through it and resolve it my self for the last 2 days. I have MySQL Server 5.5, php 5.3.6 and Windows 7 Home 64bit running on my own computer using the localhost server. Please find attached my scripts. Login.php <?php # Script 9.16 - login.php // Send nothing to the browser before session_start() line! // Check if the form has been submitted. if (isset($_POST['submitted'])) { require_once ('../secure/mysql_connect.php'); // Connect to the db. $errors = array(); // Initialise error array. // Check for an email address. if (empty($_POST['email'])) { $errors[] = 'You forgot to enter an email address.'; } else { $e = escape_data($_POST['email']); } // Check for a password. if (empty($_POST['password'])) { $errors[] = 'You forgot to enter a password.'; } else { $p = escape_data($_POST['password']); } if (empty($errors)) { // If everything is OK. /* Retrieve the user_id and first name for the email/password combination */ $query = "SELECT user_id, first_name FROM users WHERE email='$e' AND password=SHA('$p')"; $result = @mysql_query($query); // Run the query. $row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable. if ($row) { // A record was pulled from the database. // Set the session data and redirect. session_name ('YourVisitID'); ini_set('session.use_cookies', 0); // Don't use cookies. session_start(); $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[1]; // Redirect the user to the loggedin.php page. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) { $url = substr($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/loggedin.php?' . SID; // Add the session name & ID. header("Location: $url"); exit(); // Quit the script. } else { // No record matched the query. $errors[] = 'The email address and password entered do not match those on file.'; // Public message. $errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message. } } // End of if(empty($errors)) if. mysql_close(); // Close the database connection. } else { // Form has not been submitted. $errors = NULL; } // End of main submit conditional. // Begin the page now. $page_title = 'Login'; include('./includes/header.html'); if (!empty($errors)) { // Print any error messages. echo '<h1 id="mainhead">Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo "- $msg<br />\n"; } echo '</p><p>Please try again.</p>'; } // Create the form. ?> <h2>Login</h2> <form action="login.php" method="post"> <p>Email Address: <input type="text" name="email" size="20" maxlenght="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></p> <p>Password: <input type="password" name="password" size="20" maxlength="20"/></p> <p><input type="submit" name="submit" value="Login"/></p> <p><input type="hidden" name="submitted" value="TRUE"/> </form> <?php include ('./includes/footer.html'); ?> Header.html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR...ransitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title><?php echo $page_title; ?></title> <style type="text/css" media ="all">@import "./includes/layout.css";</style> </head> <body> <div id="wrapper"><!-- Goes with the CSS layout. --> <div id="content"><!-- Goes with the CSS layout. --> <div id="nav"><!-- Links section --> <h3>Menu</h3> <ul> <li class="navtop"><a href="index.php?<?php SID; ?>" title="Go to Home Page">Home</a></li> <li><a href="register.php" title="Register?<?php SID; ?>">Register</a></li> <li><?php // Create a login/logout link. if ((isset($_SESSION['user_id'])) && (!strpos($_SERVER['PHP_SELF'], 'logout.php'))) { echo '<a href="logout.php?<?php SID; ?>" title="Logout">Logout</a>'; } else { echo '<a href="login.php?<?php SID; ?>" title="Login">Login</a>'; } ?></li> </ul> </div> <!-- Script 9.8 - header.html --> <!-- Start of page specific content --> Loggedin.php <?php # Script 9.17 - loggedin.php # User is redirected here from login.php. session_name ('YourVisitID'); ini_set('session.use_cookies', 0); session_start(); // Start the session. // If no session value is present redirect the user. if(!isset($_SESSION['user_id'])) { // Start defining the url. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) =='\\')) { $url = substr($urll, 0, -1); // Chop off the slash. } $url .= '/index.php'; // Add the page. header ("Location: $url"); exit(); // Quit the script. } // Set the page title and include the HTML header. $page_title = 'Logged In!'; include ('./includes/header.html'); // Print a customised message. echo "<h1>Logged In!</h1> <p>You are now logged in, {$_SESSION['first_name']}!</p> <p><br /><br /></p>"; include ('./includes/footer.html'); ?> logout.php <?php # Script 9.18 - logout.php // This page lets the user log out. session_name('YourVisitID'); ini_set('session.use_cookies', 0); session_start(); // Access the existing session. // If no cookie is present, redirect the user. if(!isset($_SESSION['user_id'])) { //Start defining the url. $url = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) { $url = substr($url, 0, -1); // Chop of the slash. } $url .= '/index.php'; // Add the page. header("Location, $url"); exit(); } else { // Cancell the session. $_SESSION = array(); // Destroy the variables. session_destroy(); // Destroy the session itself. } // Set the page title and include the HTML header. $page_title = 'Logged Out!'; include ('./includes/header.html'); // Print a customised message. echo "<h1>Logged Out!</h1> <p>You are now logged out!</p> <p><br /><br /></p>"; include ('./includes/footer.html'); ?>
×