You don't need to accept cookies for sessions. That's the beauty of it.
PHP automatically appends ?PHPSESSID=$sessid to URLs.
If you do header("Location: abc") however you will need to add the seession ID to the
URL.
You cannot read a session var on the same page that you set it I found.
To get around this I personally register the sessions vars and also set
$_SESSION['whatever'] = 1;
That way the next time I call the function I can still look for it under the same name.
I use a auth.php include file on eachprotected page. It basically looks to see if you
have a session... if not asks you to log in and creates the session for you.
If you have a session it just skips all the checking.
You will have to tweak this... especiallu since I use my own class for db stuff...
but here it is... enjoy.
session_start();
$sessid = session_id();
// DEBUGGING
$debug=false;
if(!(session_is_registered("mysession"))){
// Are we coming from the form?
if (isset($authaction) && $authaction == 1 ) {
require_once("/lib/util.php");
// Lets clean up the email var
$email = strtolower(trim($_POST['email']));
// Create an SQL object
$sql = new MySQL_class;
$sql->Create("rconline_ca");
// Let see if we have this person as a registered user
$sql->QueryRow("Select unum, pw, cur_member, pref_lang
from user where lower(email) like '$email'");
if ($sql->rows == 0) {
ErrorMsg("Incorrect e-mail or password.");
exit();
}
// Compare passwords
$row = $sql->data;
if (strcmp($_POST['pw'], $row['pw']) != 0 ) {
ErrorMsg("Incorrect e-mail or password.");
exit();
}
// Everything matches up lets register our vars
$mysession = array ("unum" => $row['unum'], "email" =>
"$email", "lang" => $row['pref_lang']);
setcookie ("email", "", time() - 7776000, "/",
".rconline.ca", 0);
setcookie ("email", "$email", time() + 7776000, "/",
".rconline.ca", 0);
session_register("mysession");
$_SESSION['mysession']['unum'] = $row['unum'];
// update there last login
$sql->Update("UPDATE user SET last_login = now() WHERE
unum = " . $row['unum']);
} else {
if (isset($HTTP_COOKIE_VARS['email'])){
$email = $HTTP_COOKIE_VARS['email'];
} else {
$email ="";
}
echo "<HTML>\n";
echo "<HEAD>\n";
echo "<TITLE>$tags[title]</TITLE>\n";
echo "$tags[style]\n";
echo "</HEAD>\n\n";
echo "$tags[body]\n\n";
echo "<center>\n";
echo "<form method=\"POST\"
action=\"$_SERVER[REQUEST_URI]\">\n\n";
echo "<table border=\"0\" align=\"center\" width=\"100%\">\n";
echo "<tr><td align=\"center\" valign=\"middle\"
width=\"100%\" height=\"100%\">\n";
echo "<table border=\"0\" align=\"center\">\n";
echo "<tr><td colspan=\"2\" align=\"center\">\n<h3>Please log
in to use this feature.<br>";
echo "<i>Seuls les membres authentifiés peuvent
continuer.</i></h3><br /></td></tr>\n";
echo "<tr><td align=\"center\">";
// Start of inner table
echo "<table border=\"0\">";
echo "<tr>\n\n";
echo "<td valign=\"bottom\"> E-Mail:
<br><i>Courriel:</i></td><td valign=\"bottom\"><input type=\"TEXT\" name=\"email\"
size=\"32\" value=\"";
echo $email;
echo "\"></td>\n";
echo "</tr><tr>\n";
echo "<td valign=\"bottom\">Password:
<br><i>Mot-de-passe:</i></td><td valign=\"bottom\"><input type=\"password\"
name=\"pw\">";
echo "</td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\">\n";
echo "<input type=\"hidden\" name=\"authaction\"
value=\"1\">\n";
echo "<input type=\"submit\" value=\"Login\">";
echo "</td></tr></table>";
// End of innner table
echo "</td></tr><tr><td>";
echo " ";
echo "</td></tr><tr><td>";
echo "<p>If you are not a registered user please go to our \n
<a href=\"/reg/member_reg.php\">registration page</a>.<br>\n";
echo "Please note, you do not have to be a club member to
register for the site.</p>\n";
// echo "<p>Si vous n'etes pas \n <a
href=\"/reg/member_reg.php\">registration page</a>.<br>\n";
// echo "Please note, you do not have to be a club member to
register for the site.</p>\n";
echo "<p>If you forgot your password <a
href=\"/lostpw.php\">click here</a> to retrieve it.</p>\n";
echo "</td></tr>\n";
echo "</table>\n";
echo "</form>";
echo "</td></tr></table>";
echo "</center>\n";
echo "</BODY>\n";
echo "</HTML>\n";
if($debug) {
echo "<pre>\n\n\n";
print_r($_SESSION);
echo "</pre>\n";
}
exit();
}
}
?>
*********** REPLY SEPARATOR ***********
On 02/01/2003 at 11:14 AM Andrew Williams wrote:
>Hi,
>
>Justin has made some suggestions below.
>
>But it still doesn't work, I have noticed that in the c:/temp directory
>session files have been created.
>
>Does anyone have any other suggestions as to why this is not working
>
>Apache is version Apache/2.0.39 (Win32)
>Internet explorer 6.0.2800.1106
>
>Andrew
>
>
>
>>Try this code:
>>test.php
>>---
>><?
>>session_start();
>>if (!isset($_SESSION['count'])) {
>>$_SESSION['count'] = 0;
>>} else {
>>$_SESSION['count']++;
>>}
>>?>
>>Hello visitor, you have seen this page <?=$_SESSION['count']?> times.<p>
>>To continue, <A HREF="<?=$_SERVER['PHP_SELF']?>">click here</A>
>>---
>>Each time you click "click here", the counter should increase by 1. This
>>code is lifted straight from the manual, and I've tested it on my machine.
>
>Tried this no banana!
>
>
>> Does your browser accept cookies?
>Privacy settings set to Medium, allowed IP address of machine to except all
>cookies
>
>> I'm going to assume PHP > 4.1 ????
>PHP 4.2.2
>>I'm also going to assume you're allowing cookies on your browser???
>Allowed
>
>> session_register_var.php
>>change your script to:
>><?
>>// set up a session
>>session_start();
>>// register the variable to the session
>>$_SESSION['my_favourite_colour'] = "blue";
>>// show a hyperlink to get to the next page
>>echo "<A HREF='show_session_var.php'>Click here to go to the next
>page</A>";
>>?>
>
>> and
>> show_session_var.php
>>change this script to:
>><?
>>// continue using the session
>>session_start();
>>// show the variable's value
>>echo "My favourite colour is... ".$_SESSION['my_favourite_colour'];
>>?>
>
>Changed all of this still not happy.
>
>
>
>Thanks
>
>
>
>Andrew
>
>Andrew Williams
>Sales Engineer
>people telecom
>
>Contacts:
>mailto:[EMAIL PROTECTED]
><mailto:[EMAIL PROTECTED]>
>Direct Tel: (02) 9458 5861
>Mobile: 0403 479 990
>Reception: (02) 9458 5888
>Facsimile: (02) 9458 5858
>Customer Service: 1300 55 88 88
>www.peopletelecom.com.au
>
>talk to people
>
>
>
>This e-mail and any attachments are confidential and may contain copyright
>material of people telecom Ltd or third parties. If you are not the
>intended
>recipient of this email you should not read, print, re-transmit, store or
>act in reliance on this e-mail or any attachments, and should destroy all
>copies of them. people telecom Ltd does not guarantee the integrity of any
>emails or any attached files. The views or opinions expressed are the
>author's own and may not reflect the views or opinions of people telecom
>Ltd.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
