Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Redirection limits and problem getting validation code to work.

Status
Not open for further replies.
lefteyecc

lefteyecc

Programmer
Feb 22, 2005
25
US
Hey guys I am having a problem with new code that I think should work. I poseted a thread a few days ago stating that I couldn't get some stuff to work but I figured it out. Now I have the code "working" but I still have a problem. When I use firefox and everything validates I get a redirecton limit error. When I use IE I get an error page saying that the page can't load.

here's the code that is placed at the top of every admin script

validate.php
Code: 
<?php

if(($_SESSION['allowed'] != 1) || ($_SESSION['user_ip'] != $_SERVER['REMOTE_ADDR']) || (session_id() != $_SESSION['session_id']))
{
    header("Location: [URL unfurl="true"]http://".$_SERVER[/URL]['SERVER_ADDR']
                     .dirname($_SERVER['PHP_SELF']) 
                     ."/login"); 
}
?>

and here's the login that checks user information and validates it then sets the session variables and info

Code: 
<?php
require("common.php");
require("globals.php");
function authenticate()
{
      header('[URL unfurl="true"]WWW-Authenticate:[/URL] Basic realm="administration"');
      header('HTTP/1.0 401 Unauthorized');
}       
if(!isset($_SERVER['PHP_AUTH_USER']))
{
     authenticate();
}
else
{
    $user = $_SERVER['PHP_AUTH_USER'];
    //$passwd = $_SERVER['PHP_AUTH_PW'];
    $result = execute_query("SELECT uid, passwd, uname FROM auth WHERE uname='$user' ", 0);
    if($result[0])
    {
        $auth_parms = mysql_fetch_object($result[0]);
        //echo "uname == ".$auth_parms->uname." passwd == ".$auth_parms->passwd;
        if($_SERVER['PHP_AUTH_PW'] == $auth_parms->passwd || $_SERVER['PHP_AUTH_USER'] == $auth_parms->uname)
        {
        $sess_name = session_name($auth_parms->uname.$auth_parms->uid); //
            session_start();
        $sess_id = session_id();
            $_SESSION['allowed'] = 1;
        $ip_addr = $_SERVER['REMOTE_ADDR'];
        $uid = $auth_parms->uid;
        //$cookie_parms = array("session_id", "session_name", "user_ip");
        $cookie = array($sess_id, $sess_name, $ip_addr);
        $_SESSION['session_name'] = $sess_name;
        $_SESSION['session_id'] = $sess_id;
        $_SESSION['user_ip'] = $ip_addr;
        $_SESSION['uid'] = $uid;
            execute_query("UPDATE auth SET sessionid='$sess_id', ip='$ip_addr', cookie='$cookie[0].$cookie[0].$cookie[2].$cookie[3]' WHERE uid='$uid' ", 0);
            //printf("<center><a href=\"[URL unfurl="true"]http://%s/admin/\"><input[/URL] type=\"button\" value=\"continue\"></a>", $_SERVER['HTTP_HOST']);
        header("Location: [URL unfurl="true"]http://".$_SERVER[/URL]['SERVER_ADDR'].dirname($_SERVER['PHP_SELF'])."/admin");
        }
        else
        {
            authenticate();
        }
    }
}
echo("session_id ==".$_SESSION['session_id']);
echo("session_name ==".$_SESSION['session_name']);
echo("allowed ==".$_SESSION['allowed']);
echo("user_ip ==".$_SESSION['user_ip']);
echo("uid ==".$_SESSION['uid']);
printf("<center><div class=\"content\"><table class=\"content\">
        <form name=\"login_admin\" method=\"post\" action =\"%s\">
        <input type=\"submit\" value=\"login\" name=\"login\">
        </form></table></div>", $_SERVER['PHP_SELF']);
printf("<p>login to access administrative portion of website</p>");
generate_adminpage_footer(); 
?>
 
Sort by date Sort by votes
There may be a problem with the formation of the redirection page in your header.
form it in a variable and print the variable to make sure you form a desired page.
Code: 
$page = "[URL unfurl="true"]http://".$_SERVER[/URL]['SERVER_ADDR'].dirname($_SERVER['PHP_SELF'])."/login"; 
echo $page ;

--------------------------------------------------------------------------
I never set a goal because u never know whats going to happen tommorow.
 
Upvote 0 Downvote
No the page is correct. I think there is a problem with my php setup. Because I know that when I set a session variable it should be global right. If so then why when I try to check the value of that variable it doesn't work. Grr this problem is annoying because I know my code it proper.
 
Upvote 0 Downvote
You did remember to put the session_start() function at the very beginning of each PHP file?

Ken
 
Upvote 0 Downvote
I wonder what this code produces as a URL:
Code: 
Location: [URL unfurl="true"]http://".$_SERVER[/URL]['SERVER_ADDR'].dirname($_SERVER['PHP_SELF'])."/admin";

[URL unfurl="true"]http://127.0.0.1/whateverdir/this_script.php/admin[/URL]
I am quite sure that is not what you want. You need to be aware that PHP_SELF includes the file name of the current running script, not just the path. In your case you are just appending PATH_INFO to the current script. So, what will it do? redirect to itself, over, over,over, until the redirection limit is reached or the browser craps out.
 
Upvote 0 Downvote
I fixed it now guys. I like kenrbnsn said had to put session_start() at the top of ever script. I ddin't know that but not it sort of works. My main problem now is getting the variables to be authenticated properly.
 
Upvote 0 Downvote
Ok this is begining to give me gray hairs. WTF. I changed around the login script alittle bit and now the $_SESSION array is not being initialized. Coincidentally if I session_start at the begining of the page a session gets created but if the information is validated (username/passowrd) it doesn't start a session.

Code: 
<?php
require("common.php");
require("globals.php");
function authenticate()
{
      header('[URL unfurl="true"]WWW-Authenticate:[/URL] Basic realm="administration"');
      header('HTTP/1.0 401 Unauthorized');
}    
if(! $_SERVER['PHP_AUTH_USER'] || ! isset($_SESSION['allowed']))
{   
	authenticate();
}
else
{
    $result = execute_query("SELECT uid, passwd, uname FROM auth WHERE uname='$_SERVER[PHP_AUTH_USER]' LIMIT 1", 0);
    if(mysql_num_rows($result[0]))
    {
        $auth_parms = mysql_fetch_object($result[0]);
        switch($_SERVER['PHP_AUTH_PW'] == $auth_parms->passwd)
        {
		case TRUE:
	        session_name($auth_parms->uname.$auth_parms->uid); 
		session_start();
		if(!isset($_SESSION['allowed']))
			$_SESSION['allowed'] = TRUE;
		if(!isset($_SESSION['session_name']))
			$_SESSION['session_name'] = session_name();
		if(!isset($_SESSION['session_id']))
			$_SESSION['session_id'] = session_id();
		if(!isset($_SESSION['user_ip']))
			$_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR'];
		if(!isset($_SESSION['uid']))
			$_SESSION['uid'] = $auth_parms->uid;
		$cookie = array("session_id" => session_id(), "session_name" => session_name(), "user_ip" => $_SERVER['REMOTE_ADDR']);
		foreach($cookie as $value)
			setcookie($mhserver[$cookie], $value, 60*3600, "/admin/");
		execute_query("UPDATE auth SET sessionid='$_SESSION[session_id]', ip='$_SERVER[REMOTE_ADDR]', cookie='$_SESSION[session_id].$_SESSION[session_name].$_SERVER[REMOTE_ADDR]' 
		WHERE uid='$_SESSION[uid]' ", 0);
		printf("<center><a href=\"[URL unfurl="true"]http://%s/admin/\"><input[/URL] type=\"button\" value=\"continue\"></a>", $_SERVER['HTTP_HOST']);
		//header("Location: [URL unfurl="true"]http://".$_SERVER[/URL]['SERVER_ADDR'].dirname($_SERVER['PHP_SELF'])."/admin.php");
		break;
		
		default:
		authenticate();
		break;
        }
    }
}
if(isset($_SESSION))
	print_r($_SESSION);
else printf(" session not set ");
print_r($_COOKIE);
echo "uname == ".$_SERVER['PHP_AUTH_USER']." passwd == ".$_SERVER['PHP_AUTH_PW'];
printf("<center><div class=\"content\"><table class=\"content\">
        <form name=\"login_admin\" method=\"post\" action =\"%s\">
        <input type=\"submit\" value=\"login\" name=\"login\">
        </form></table></div>", $_SERVER['PHP_SELF']);
printf("<p>login to access administrative portion of website</p>");
generate_adminpage_footer(); 
?>
I am at wits end with PHP right now.
 
Upvote 0 Downvote
Sorry for the "bump" but can anyone help me out with this? I have no idea what's going on here.
 
Upvote 0 Downvote
Why are you setting a cookie manually?
The session handler sets a cookie with the session ID which allows you to pickup the values from the server.
There is no need for cookie manipulation.
It is also highly recommended to have the session_start() at the top of the script rather than somwhere in the middle. If there were any output before it, the script would fail.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

P
  • Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
235
Chris Miller
Chris Miller
rogerte
  • Locked
  • Question
How to parse associative array
Replies
13
Views
600
Chris Miller
Chris Miller
c0deM0nK424
  • Locked
  • Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
420
spamjim
spamjim
lflynnlrf
  • Locked
  • Question
wordpress/ shortcode/ PHP duplicating code
Replies
1
Views
110
spamjim
spamjim
kaeserea
  • Locked
  • Question
Connect to ODBC without pw in Code 1
Replies
2
Views
179
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top