I am having trouble getting my scripts to work when it coes to sessions without cookies. I have amended the login.php script as per the book and then amended the remaining scripts header.html, loggedin.php and logout.php as described in the book but find when entering a valid email address and password I am returned straight to the index.php page. Please can you assist me in understanding what I am doing wrong, I have been trying to work through it and resolve it my self for the last 2 days. I have MySQL Server 5.5, php 5.3.6 and Windows 7 Home 64bit running on my own computer using the localhost server. Please find attached my scripts.
Login.php
<?php # Script 9.16 - login.php
// Send nothing to the browser before session_start() line!
// Check if the form has been submitted.
if (isset($_POST['submitted'])) {
require_once ('../secure/mysql_connect.php'); // Connect to the db.
$errors = array(); // Initialise error array.
// Check for an email address.
if (empty($_POST['email'])) {
$errors[] = 'You forgot to enter an email address.';
} else {
$e = escape_data($_POST['email']);
}
// Check for a password.
if (empty($_POST['password'])) {
$errors[] = 'You forgot to enter a password.';
} else {
$p = escape_data($_POST['password']);
}
if (empty($errors)) { // If everything is OK.
/* Retrieve the user_id and first name for the email/password combination */
$query = "SELECT user_id, first_name FROM users WHERE email='$e' AND password=SHA('$p')";
$result = @mysql_query($query); // Run the query.
$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.
if ($row) { // A record was pulled from the database.
// Set the session data and redirect.
session_name ('YourVisitID');
ini_set('session.use_cookies', 0); // Don't use cookies.
session_start();
$_SESSION['user_id'] = $row[0];
$_SESSION['first_name'] = $row[1];
// Redirect the user to the loggedin.php page.
// Start defining the URL.
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for trailing slash.
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {
$url = substr($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/loggedin.php?' . SID; // Add the session name & ID.
header("Location: $url");
exit(); // Quit the script.
} else { // No record matched the query.
$errors[] = 'The email address and password entered do not match those on file.'; // Public message.
$errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message.
}
} // End of if(empty($errors)) if.
mysql_close(); // Close the database connection.
} else { // Form has not been submitted.
$errors = NULL;
} // End of main submit conditional.
// Begin the page now.
$page_title = 'Login';
include('./includes/header.html');
if (!empty($errors)) { // Print any error messages.
echo '<h1 id="mainhead">Error!</h1>
<p class="error">The following error(s) occurred:<br />';
foreach ($errors as $msg) { // Print each error.
echo "- $msg<br />\n";
}
echo '</p><p>Please try again.</p>';
}
// Create the form.
?>
<h2>Login</h2>
<form action="login.php" method="post">
<p>Email Address: <input type="text" name="email" size="20" maxlenght="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></p>
<p>Password: <input type="password" name="password" size="20" maxlength="20"/></p>
<p><input type="submit" name="submit" value="Login"/></p>
<p><input type="hidden" name="submitted" value="TRUE"/>
</form>
<?php
include ('./includes/footer.html');
?>
Header.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR...ransitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title><?php echo $page_title; ?></title>
<style type="text/css" media ="all">@import "./includes/layout.css";</style>
</head>
<body>
<div id="wrapper"><!-- Goes with the CSS layout. -->
<div id="content"><!-- Goes with the CSS layout. -->
<div id="nav"><!-- Links section -->
<h3>Menu</h3>
<ul>
<li class="navtop"><a href="index.php?<?php SID; ?>" title="Go to Home Page">Home</a></li>
<li><a href="register.php" title="Register?<?php SID; ?>">Register</a></li>
<li><?php // Create a login/logout link.
if ((isset($_SESSION['user_id'])) && (!strpos($_SERVER['PHP_SELF'], 'logout.php'))) {
echo '<a href="logout.php?<?php SID; ?>" title="Logout">Logout</a>';
} else {
echo '<a href="login.php?<?php SID; ?>" title="Login">Login</a>';
}
?></li>
</ul>
</div>
<!-- Script 9.8 - header.html -->
<!-- Start of page specific content -->
Loggedin.php
<?php # Script 9.17 - loggedin.php
# User is redirected here from login.php.
session_name ('YourVisitID');
ini_set('session.use_cookies', 0);
session_start(); // Start the session.
// If no session value is present redirect the user.
if(!isset($_SESSION['user_id'])) {
// Start defining the url.
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
if ((substr($url, -1) == '/') OR (substr($url, -1) =='\\')) {
$url = substr($urll, 0, -1); // Chop off the slash.
}
$url .= '/index.php'; // Add the page.
header ("Location: $url");
exit(); // Quit the script.
}
// Set the page title and include the HTML header.
$page_title = 'Logged In!';
include ('./includes/header.html');
// Print a customised message.
echo "<h1>Logged In!</h1>
<p>You are now logged in, {$_SESSION['first_name']}!</p>
<p><br /><br /></p>";
include ('./includes/footer.html');
?>
logout.php
<?php # Script 9.18 - logout.php
// This page lets the user log out.
session_name('YourVisitID');
ini_set('session.use_cookies', 0);
session_start(); // Access the existing session.
// If no cookie is present, redirect the user.
if(!isset($_SESSION['user_id'])) {
//Start defining the url.
$url = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {
$url = substr($url, 0, -1); // Chop of the slash.
}
$url .= '/index.php'; // Add the page.
header("Location, $url");
exit();
} else { // Cancell the session.
$_SESSION = array(); // Destroy the variables.
session_destroy(); // Destroy the session itself.
}
// Set the page title and include the HTML header.
$page_title = 'Logged Out!';
include ('./includes/header.html');
// Print a customised message.
echo "<h1>Logged Out!</h1>
<p>You are now logged out!</p>
<p><br /><br /></p>";
include ('./includes/footer.html');
?>