[PHP] Re: headers and session
* Alessandro Rosa [EMAIL PROTECTED]: Hi to all, I got a problem while storing session variables. ?php session_start(); header( Cache-control: private ); require_once(config.inc.php); $_SESSION['session_psw'] = $_POST['txtPassword']; $_SESSION['session_user'] = $_POST['txtIdUtente']; $PHPcmd = $GLOBALS['gestionale_path_name'].test/2.php ; header( Location: .$PHPcmd ); ? After the call to header(...), the values of session variables are lost. Does config.inc.php have any whitespace following the closing ? tag, or does it output any HTML? That could be your culprit. What happens if you do your $_SESSION setting *before* the require, but directly after the initial header() call? -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: headers and session
You have two calls to header?
The first should be changed to:-
session_cache_limiter('private');
http://php.net/manual/en/function.session-cache-limiter.php
Alessandro Rosa wrote:
Hi to all,
I got a problem while storing session variables.
?php
session_start();
header( Cache-control: private );
require_once(config.inc.php);
$_SESSION['session_psw'] = $_POST['txtPassword'];
$_SESSION['session_user'] = $_POST['txtIdUtente'];
$PHPcmd = $GLOBALS['gestionale_path_name'].test/2.php ;
header( Location: .$PHPcmd );
?
After the call to header(...), the values of session variables are lost.
I think I should fix this up with some settings in my php.ini
Could you help me, please?
Alessandro Rosa
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: headers and session (2)
Ahhh, for storing session passwords...if you really need to store a
password in the session then try using md5, like so...
$psw = md5($_POST['txtPassword']);
Then to verify a users password just do the same and compare to the
stored md5 value in your database.
But, its a very bad idea storing passwords in your sessions full stop if
using a shared server.
James
Alessandro Rosa wrote:
I want to thank you all for previous helpings.
Really the first code was easy to be solved, but
this is how it shall work out. This is a program running
locally and the trouble is that session vars are stored
in local files. I must avoid to store a plain text password
therein, thus I need to crypt and save it into session.
When 2.php file just displays session data (it is test environemnt),
but the output is blank !
Suggest a different approach ?
Alessandro Rosa
?php
session_start();
require_once('crypting.php');
require_once(dirname(__FILE__).'/../mysql_wrap/mysql_man.php');
$handle_db = connect_to_mysql_server();
$psw = $_POST['txtPassword'];
$psw = encrypt( $psw, get_crypt_key() );
sql_disconnect( $handle_db );
$_SESSION['session_user'] = $_POST['txtIdUtente'];
$_SESSION['session_password'] = $psw;
session_cache_limiter('private');
require_once(config.inc.php);
$PHPcmd = $GLOBALS['gestionale_path_name'].phpcode/login/2.php ;
header( Location: .$PHPcmd );
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: headers and session (question)
I use sessions, I also dont store the users password into the session, if you use flat file sessions on a shared server then storing the password should be avoided, What I do is take a username and password, verify their details against database, if their details match one in database I simply add their username to the session, to check if someone is logged in I just check whether their username exists in the session, if it does I deliver my protected content but if not I display a login box. Alessandro Rosa wrote: Here's below the solution (the encryption will be shortly performed into login.php). 1 ?php 2 session_start(); 3 $_SESSION['session_user'] = $_POST['txtIdUtente']; 4 $_SESSION['session_password'] = $_POST['txtPassword']; 5 $PHPcmd = login.php ; 6 header( Location: .$PHPcmd ); 7 ? But a QUESTION now : if line 5 is replaced by these two lines, say here 5a and 5b: 5a require_once(config.inc.php); 5b $PHPcmd = $GLOBALS['gestionale_path_name'].phpcode/login/login.php ; this does not work (meaning user and psw are not passed to login.php); but again the below code works again: 5a require_once(config.inc.php); 5b $PHPcmd = $gestionale_path_name.phpcode/login/login.php ; Thanks, Alessandro -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: headers and session (question)
* Alessandro Rosa [EMAIL PROTECTED]: Here's below the solution (the encryption will be shortly performed into login.php). 1 ?php 2 session_start(); 3 $_SESSION['session_user'] = $_POST['txtIdUtente']; 4 $_SESSION['session_password'] = $_POST['txtPassword']; 5 $PHPcmd = login.php ; 6 header( Location: .$PHPcmd ); 7 ? But a QUESTION now : if line 5 is replaced by these two lines, say here 5a and 5b: 5a require_once(config.inc.php); 5b $PHPcmd = $GLOBALS['gestionale_path_name'].phpcode/login/login.php ; this does not work (meaning user and psw are not passed to login.php); but again the below code works again: 5a require_once(config.inc.php); 5b $PHPcmd = $gestionale_path_name.phpcode/login/login.php ; Again, look at your config.inc.php and make sure it's not sending any output. If you have even a blank line before an opening ?php tag or a blank line following, output will have been sent, and you will not be able to send a cookie or additional HTTP headers. -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: headers and session (question)
It wont get passed because your not passing it along to the script in anyway, at line 3/4 you set the details into the session, then you redirect them to the login page so in your login.php just call the session variables which you just stored at line 3/4. login.php example: ?php echo $_SESSION['session_user']; echo $_SESSION['session_password']; ? Now when you redirect the user it will have these session variables stored. James Alessandro Rosa wrote: Here's below the solution (the encryption will be shortly performed into login.php). 1 ?php 2 session_start(); 3 $_SESSION['session_user'] = $_POST['txtIdUtente']; 4 $_SESSION['session_password'] = $_POST['txtPassword']; 5 $PHPcmd = login.php ; 6 header( Location: .$PHPcmd ); 7 ? But a QUESTION now : if line 5 is replaced by these two lines, say here 5a and 5b: 5a require_once(config.inc.php); 5b $PHPcmd = $GLOBALS['gestionale_path_name'].phpcode/login/login.php ; this does not work (meaning user and psw are not passed to login.php); but again the below code works again: 5a require_once(config.inc.php); 5b $PHPcmd = $gestionale_path_name.phpcode/login/login.php ; Thanks, Alessandro -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
