[PHP] Re: headers and session
* Alessandro Rosa [EMAIL PROTECTED]: Hi to all, I got a problem while storing session variables. ?php session_start(); header( Cache-control: private ); require_once(config.inc.php); $_SESSION['session_psw'] = $_POST['txtPassword']; $_SESSION['session_user'] = $_POST['txtIdUtente']; $PHPcmd = $GLOBALS['gestionale_path_name'].test/2.php ; header( Location: .$PHPcmd ); ? After the call to header(...), the values of session variables are lost. Does config.inc.php have any whitespace following the closing ? tag, or does it output any HTML? That could be your culprit. What happens if you do your $_SESSION setting *before* the require, but directly after the initial header() call? -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: headers and session
You have two calls to header? The first should be changed to:- session_cache_limiter('private'); http://php.net/manual/en/function.session-cache-limiter.php Alessandro Rosa wrote: Hi to all, I got a problem while storing session variables. ?php session_start(); header( Cache-control: private ); require_once(config.inc.php); $_SESSION['session_psw'] = $_POST['txtPassword']; $_SESSION['session_user'] = $_POST['txtIdUtente']; $PHPcmd = $GLOBALS['gestionale_path_name'].test/2.php ; header( Location: .$PHPcmd ); ? After the call to header(...), the values of session variables are lost. I think I should fix this up with some settings in my php.ini Could you help me, please? Alessandro Rosa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: headers and session (2)
Ahhh, for storing session passwords...if you really need to store a password in the session then try using md5, like so... $psw = md5($_POST['txtPassword']); Then to verify a users password just do the same and compare to the stored md5 value in your database. But, its a very bad idea storing passwords in your sessions full stop if using a shared server. James Alessandro Rosa wrote: I want to thank you all for previous helpings. Really the first code was easy to be solved, but this is how it shall work out. This is a program running locally and the trouble is that session vars are stored in local files. I must avoid to store a plain text password therein, thus I need to crypt and save it into session. When 2.php file just displays session data (it is test environemnt), but the output is blank ! Suggest a different approach ? Alessandro Rosa ?php session_start(); require_once('crypting.php'); require_once(dirname(__FILE__).'/../mysql_wrap/mysql_man.php'); $handle_db = connect_to_mysql_server(); $psw = $_POST['txtPassword']; $psw = encrypt( $psw, get_crypt_key() ); sql_disconnect( $handle_db ); $_SESSION['session_user'] = $_POST['txtIdUtente']; $_SESSION['session_password'] = $psw; session_cache_limiter('private'); require_once(config.inc.php); $PHPcmd = $GLOBALS['gestionale_path_name'].phpcode/login/2.php ; header( Location: .$PHPcmd ); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: headers and session (question)
I use sessions, I also dont store the users password into the session, if you use flat file sessions on a shared server then storing the password should be avoided, What I do is take a username and password, verify their details against database, if their details match one in database I simply add their username to the session, to check if someone is logged in I just check whether their username exists in the session, if it does I deliver my protected content but if not I display a login box. Alessandro Rosa wrote: Here's below the solution (the encryption will be shortly performed into login.php). 1 ?php 2 session_start(); 3 $_SESSION['session_user'] = $_POST['txtIdUtente']; 4 $_SESSION['session_password'] = $_POST['txtPassword']; 5 $PHPcmd = login.php ; 6 header( Location: .$PHPcmd ); 7 ? But a QUESTION now : if line 5 is replaced by these two lines, say here 5a and 5b: 5a require_once(config.inc.php); 5b $PHPcmd = $GLOBALS['gestionale_path_name'].phpcode/login/login.php ; this does not work (meaning user and psw are not passed to login.php); but again the below code works again: 5a require_once(config.inc.php); 5b $PHPcmd = $gestionale_path_name.phpcode/login/login.php ; Thanks, Alessandro -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: headers and session (question)
* Alessandro Rosa [EMAIL PROTECTED]: Here's below the solution (the encryption will be shortly performed into login.php). 1 ?php 2 session_start(); 3 $_SESSION['session_user'] = $_POST['txtIdUtente']; 4 $_SESSION['session_password'] = $_POST['txtPassword']; 5 $PHPcmd = login.php ; 6 header( Location: .$PHPcmd ); 7 ? But a QUESTION now : if line 5 is replaced by these two lines, say here 5a and 5b: 5a require_once(config.inc.php); 5b $PHPcmd = $GLOBALS['gestionale_path_name'].phpcode/login/login.php ; this does not work (meaning user and psw are not passed to login.php); but again the below code works again: 5a require_once(config.inc.php); 5b $PHPcmd = $gestionale_path_name.phpcode/login/login.php ; Again, look at your config.inc.php and make sure it's not sending any output. If you have even a blank line before an opening ?php tag or a blank line following, output will have been sent, and you will not be able to send a cookie or additional HTTP headers. -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: headers and session (question)
It wont get passed because your not passing it along to the script in anyway, at line 3/4 you set the details into the session, then you redirect them to the login page so in your login.php just call the session variables which you just stored at line 3/4. login.php example: ?php echo $_SESSION['session_user']; echo $_SESSION['session_password']; ? Now when you redirect the user it will have these session variables stored. James Alessandro Rosa wrote: Here's below the solution (the encryption will be shortly performed into login.php). 1 ?php 2 session_start(); 3 $_SESSION['session_user'] = $_POST['txtIdUtente']; 4 $_SESSION['session_password'] = $_POST['txtPassword']; 5 $PHPcmd = login.php ; 6 header( Location: .$PHPcmd ); 7 ? But a QUESTION now : if line 5 is replaced by these two lines, say here 5a and 5b: 5a require_once(config.inc.php); 5b $PHPcmd = $GLOBALS['gestionale_path_name'].phpcode/login/login.php ; this does not work (meaning user and psw are not passed to login.php); but again the below code works again: 5a require_once(config.inc.php); 5b $PHPcmd = $gestionale_path_name.phpcode/login/login.php ; Thanks, Alessandro -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php