0

So I have this form that asks for user and password:

    <?php
    $emmagatzemarSessions="/u/alum/u1920477/public_html/tmp";
    ini_set('session.save_path',$emmagatzemarSessions);
    session_start();
    include 'vars.php'; 
?>
<html>
<h1>Identificacio</h1>
<h3>Introdueix el teu usuari i contrasenya per entrar a oracle</h3>
<hr>
<form action="menu.php" method="post">

    Usuari: 
    <input  type="text" 
            name="user" />
    Contrasenya: 
    <input 
            type="password" 
            name="pass" />

<input type="submit"/>
</form>
<hr>
<?php   

    $_SESSION["user"] = $_POST["user"];
    $_SESSION["pass"] = $_POST["pass"];
?>
</html>

However, in the next file, 'menu.php' it says I couldn't acces the database. The user and password I'm inserting are correct. Here is the code to connect that I'm using:

    #!/usr/bin/php-cgi
<?php
    $emmagatzemarSessions="/u/alum/u1920477/public_html/tmp";
    ini_set('session.save_path',$emmagatzemarSessions);
    session_start();
    include 'vars.php'; 

    $conn = oci_connect($_SESSION["user"], $_SESSION["pass"], 'oracleps');

    echo("username is: " . $_SESSION["user"]);
    if (!$conn) { 
    echo "<p>No hem pogut connectar amb la BD.</p>";

?>
<html>
        <br><br><br>
        <div id="tornar">
            <li><a href="index.php">Tornar a l'inici</a></li>
        </div>
<?php 
    die;
    }
?>
<head>
<title>Menú empresa</title>
</head>
<body>
<div id="menu">
  <h1>Menú</h1>
</div>
<div id="alta">
  <ul>
    <li><a href="alta.html">Donar d'alta un client</a></li>

    <li><a href="consulta.php">Consultar vehicles disponibles</a></li>

    <li><a href="llogar.html">Llogar un vehicle</a></li>

    <li><a href="retorn.html">Retornar un vehicle llogat</a></li>

    <li><a href="revisio.php">Veure revisions</a></li>
  </ul>
</div>
        <br><br><br>
        <div id="tornar">
            <li><a href="index.php">Tornar a l'inici</a></li>
        </div>
</body>
</html>

I have looked for similar questions, asked my collegues who are doing the same thing but I can't find out why this isn't working! It would be amazing if I could get some help from you guys! Thanks a lot.

Edited with the full code of both files. Ignore the 4 first lines. I hope you guys can help me because I have no clue what I'm doing wrong!

p. bosch
  • 139
  • 2
  • 10

2 Answers2

2

This line of code should be at the top of every php page where you want to track session:

session_start();

You should also always check if variables are really sent from the form, like this:

if(isset($_SESSION['username']))
{
   // do something
}

If you are sure that your logic for connecting to the database is ok, you should log the data you receive from the form, to check if it is correct:

error_log("username is: " . $_POST["username"]);
Danilo Radenovic
  • 1,019
  • 1
  • 11
  • 23
  • session_start(); is on every page yes. I'm using your error_log on the next page after the form, and when I type exactly as you did, with the $_POST["user"], it displays the user, but if I try $_SESSION["user"] it doesn't. So apparently the information I want to store with the form doesn't store anywhere. – p. bosch Jan 03 '13 at 13:26
  • Hm...this just doesn't seem right... Have you tried it exactly like this: $_SESSION["user"] = $_POST["user"]; error_log($_SESSION["user"]; ? – Danilo Radenovic Jan 03 '13 at 15:45
  • Also, it would be good if you could copy some more php code, maybe the error lies somewhere else. – Danilo Radenovic Jan 03 '13 at 15:51
  • Thanks mike, I know edited it with the full code of both files. – p. bosch Jan 04 '13 at 16:26
0

Start a session on every page that can only be accessed by a user and if it is not set redirect the user

session_start(); //start session

if (!isset($_SESSION['user'])) {    
redirect_user();    
}

function redirect_user() { //redirect user to home page
    $url = BASE_URL . 'index.php'; // Define the URL.
    ob_end_clean(); // Delete the buffer.
    header("Location: $url");
    exit(); #quit
}