Session Basics

[DreamerZ]

I am trying to create a user login with different sites for various users. The site selected is what's important as it determines what screen and options the user will see. A session variable is seemingly the best way to keep this site variable across all the pages. After reading php.net and posts and FAQs here, I'm still having difficulty getting the session variable to transfer. I think. I'm not even sure what it's doing. Here's the code that looks for the session variable, displays a page if it's not set which asks for the user name, password, and site, and then submits that form, checks the user name/password against the site selected and if correct, sets the $_SESSION variable. THEN, the page is supposed to navigate to the main page, which it doesn't. It goes back to the login page with $pwd=1. I left that part of the code out since it's quite large.

<?
session_start();
echo "<html><head><link rel='stylesheet' type='text/css' href='styles.css' />
<title>BST: Attendance Tracking System</title></head><body class=sheet>\n";

if($_SESSION['site'] == "")
{
  echo "<form method=post name=frm_Pwd action='bstAbsence.phtml?pwd=1'>
  <table border=0 width=100%><tr><td width=15%><img src='sbc_logo.gif'></td>
  <td class=tablehead colspan=3>Billing Solutions Technology<BR>Supervisor's Toolkit</td></tr>\n
  <tr><td colspan=4>&nbsp;</td></tr><tr><td>&nbsp;</td>\n
  <td align=right class=emphasis width=25%>User:&nbsp;&nbsp;</td><td width=20%><input type=text name=user id=user></td>
  <td>&nbsp;</td></tr><tr><td>&nbsp;</td>\n
  <td class=emphasis align=right>Password:&nbsp;&nbsp;</td><td><input type=password name=userPWD id=userPWD></td></tr>\n
  <tr><td colspan=4>&nbsp;</td></tr><tr><td colspan=2>&nbsp;</td><td>
  <table border=1 width=100% bgcolor=lightblue class=emphasis><tr>
  <td class=emphasis bgcolor=yellow colspan=2 align=center>Select a Site</td>\n
  <input type=hidden name='siteNum' id='siteNum' value=0></tr>\n<tr><td width=15%>\n
  <input type=radio name='siteSelect' id='siteSelect' value='BST' onChange='document.frm_Pwd.siteNum.value=1'></td>
  <td>BST</td></tr>\n<tr><td width=15%>
  <input type=radio name='siteSelect' id='siteSelect' value='RMT' onChange='document.frm_Pwd.siteNum.value=2'></td>\n
  <td>RMT</td></tr></table></td></tr>\n<tr><tr><td colspan=4>&nbsp;</td></tr>\n
  <tr><td align=center colspan=4><input type=button name=btn_Pwd value='Log In' onclick=login()></td></tr></table></form>\n

  <script>
  function login()
  {
    if(document.getElementById('user').value == '')
    {
	alert('Please enter your user name.');
	document.getElementById('user').focus();
	return false;
    }
    if(document.getElementById('userPWD').value == '')
    {
	alert('Please enter your password.');
	document.getElementById('userPWD').focus();
	return false;
    }
    if(document.frm_Pwd.siteNum.value == '0')
    {
	alert('Please select a SITE.');
	document.getElementById('siteNum').focus();
	return false;
    }
    document.frm_Pwd.submit()
  }
  </script></body></html>";
  exit;
}
else { echo $_SESSION['site']; exit; }

if ($pwd == 1)
{
  if ($siteNum == 1)
  {
    if ($user == 'BST' && $userPWD == 'BSTabs05')
    {
	$_SESSION['site'] = 'WestSac';
        $pwd=0;
	echo "<body onload=subLog()>
	<form method=post action='[URL unfurl="true"]http://test2s.bst.sbc.com:8181/jfe/cm_test/toolkit/index.phtml'[/URL] name=frm_Log></form>
	<script>function subLog() { document.frm_Log.submit(); }</script>";
    }
  }
  else
  {
    if($user == 'RMT' && $userPWD == 'RMTabs05')
    {
	$_SESSION['site'] = 'Sac';
        $pwd=0;
	echo "<body onload=subLog()>
	<form method=post action='[URL unfurl="true"]http://test2s.bst.sbc.com:8181/jfe/cm_test/ats/bstAbsence.phtml'[/URL] name=frm_Log></form>
	<script>function subLog() { document.frm_Log.submit(); }</script>";
    }
  }
  exit;
}

So, being a session newbie, but not really a PHP newbie, can someone point me in the direction of a fix? Doing this simply, I'm starting the session and then setting session variables, but the page is going back to the login page with pwd=1, which is very odd.

Thoughts? What am I doing wrong here? Thx,


DreamerZ

 

[smashing]

else { echo $_SESSION['site']; exit; }

That line for one doesn't make sense to me, because if the condition is true "exit" will then stop the script in its track right there

 

[DreamerZ]

There is a ton of code in this file for the pages later on. The first section (if $_SESSION == "") looks for the $_SESSION variable. If it's not set the show the login page. The second section ($pwd==1) is the form submit from the first session. There are "exits" at the end of both of those sections so the rest of the information in the file doesn't show. Taking that else out doesn't change what is happening, in that on form submit, the login page is displayed with pwd=1.


DreamerZ

 

[DRJ478]

I suppose the session variable is never set.
$pwd is referred to as a plain variable - you porbably assume register globals id ON.
Put an echo statement after the check if $pwd==1. It will porbably not print because it never gets there.
You should be using $_POST['pwd'].

 

[DreamerZ]

The $pwd variable isn't the one I want to set across all pages. It's used to navigate to another section for password check in the form action on the first section. The variable that I need is 'site' which is set within the $pwd section.

Your information leads me to believe, however, that I must POST the created SESSION variable so it's stored for later use. Is that correct?

DreamerZ

 

[kenrbnsn]

You need to store any values in the SESSION array if you want them to be accesible in all of your scripts.

Ken

 

[DreamerZ]

How do I do that? The $_SESSION['site'] = 'WestSac' isn't enough? Do I have to do something different?


DreamerZ

 

[DRJ478]

You did not understand what I tried to tell you.
The plain variable $pwd might be mot initialized, same for $siteNum. Replace those variables with $_POST['pwd'] and $_POST['siteNum'].
register_globals OFF means that posted information is only accessible through the superglobal array $_POST.

IMO the session var is not set since the code never gets to a line where such an assignment would occur.
Footprint your code, put some echo statements in the various places.

POSTing a SESSION var is not correct. You post info from a form. A session var is created by the simple assignment of $_SESSION['varnam'] = $value; in a script where session_start() was called.

 

[DreamerZ]

I guess I'm confused as to why I need to post the $pwd variable as it does nothing but identify the form action from the previous section.

<form method=post name=frm_Pwd action='bstAbsence.phtml?pwd=1'>

So, the "Log In" button is clicked, the form is submitted to $pwd=1. Under $pwd=1 the Session variable is set based on the info passed from the form.
Anyway, I'll go one more. I changed the code under $pwd==1 to the following:

if ($pwd == 1)
{
  if ($site == 1)
  {
    if ($user == 'BST' && $userPWD == 'BSTabs05')
    {
	$_SESSION['site1'] = 'BST';
	echo "<body onload=subLog()>
	<form method=post action='[URL unfurl="true"]http://test2s.bst.sbc.com:8181/jfe/cm_test/ats/bstAbsence.phtml?".$_SESSION[/URL]['site1']."' 

name=frm_Log>
	<input type=hidden name=site value='$site'></form>\n
	<script>function subLog() { document.frm_Log.submit(); }</script>";
    }
  }

Notice now the the action of the form post includes the $_SESSION['site1'] variable. When that form is submitted, the address URL shows "?BST". Now, if I include a ?site1=$_SESSION['site1'] in the action of the form, the SESSION variable is passed as site1, which shows up fine on the next pages. That tells me the $_SESSION variable is being set correctly, but not passed to the subsequent pages on it's own.
Do I have to include something in the subsequent pages for that variable? Simply putting an echo $_SESSION['site'] shows nothing like the variable is empty.

DreamerZ

 

[DRJ478]

Script:
1. The page is drawn and sent to the browser.
2. The user enters data and POSTs the result to the server.
3. The server loads the PHP script and uses the POSTed values.

Between step 1 and 2 there is absolutely NO connection between client and server. When the user submits the form the values are available through the $_POST array.

The mere fact that the code is in the same file has no implications on this at all. Only the portions in the conditionals that are applicable are executed. One run at a time.

Get it?

 

[kenrbnsn]

You shouldn't include any parameters on an action URL in a form. If you want to pass information via the form, use HIDDEN fields:

<input name=pwd value="1" type=hidden>

Then you access the value by referencing $_POST['pwd']

You could also pass variable via the SESSION array. In script 1:

<?
session_start();
$_SESSION['pwd'] = 1;
?>

In script 2:

session_start();
$pwd = $_SESSION['pwd'];

If you want to reference any fields that are used in a form, use $_POST['field_name'].

Ken

 

[DreamerZ]

Well, you'll be happy to know I got it to work. I'm not exactly sure what I did since all I think I really did was change WHERE the login script appeared in the file. I had them at the beginning of the file initially. Moving them to the end seemed to fix the problem. I'm sure I did something else to make it work too, but I'm so frazzled at the moment that I'm not sure what I did. Now, duplicating my success might be a problem, but...

Thanks all for the input.



DreamerZ

 

[DreamerZ]

Okay, well, I thought I got this working, but...

Forget the code above. I'm going to try and simplify what I'm doing. Here's the "simple" code:

<?
session_start();
if($pwd==1) //Password validation
{
  alert('test');
  //check user name and password.  If correct, continue below.
  $_SESSION['siteName'] = "BST";
  alert($_SESSION['siteName']);
  echo "<script>window.location = 'page.phtml'</script>";
  exit;
}

if ($_SESSION['siteName']) //Go here if session variable is true/set
{
  //Main page code after login
  exit;
}

//Login Section displayed if all other variables are false
echo "<form>USER Name / Password text boxes
  <input type=hidden name=pwd><form submit button></form>
</body></html>";

?>

Alright, the particulars. The register_globals is ON, hence the $pwd and not $_POST['pwd']. Either way works.

Here's what's happening:

First time opening the page displays the login page. Enter user name and password, submit form to $pwd==1. Have an alert right at the beginning of $pwd==1 to ensure I'm getting there. Alert fires everytime on login submit. If user name and password match, the $_SESSION['siteName'] variable is set. I have an alert after that to ensure it is set. It is everytime.

So, now with the $_SESSION variable set, I have a page redirect to the file again and the if($_SESSION['siteName']) section should be displayed. It doesn't at all. The original login page is displayed again.

If I enter the user name and password in again, the alerts fire, and THEN the if($SESSION['siteName']) section is displayed.

What am I doing wrong? Everything I've read says start the session, set the variables you want and you're done. There's obviously something I'm missing. Also, do you need to know all of the above is in one file? I've tried to put the login page section in another file, but that didn't work either. Same results.

Thanks,



DreamerZ