1

I have a simple authentication: you login in the login.php page and you are redirected to the home.php page.

This is the code of login.php:

if(pg_num_rows($rs) == 0){ //I search in db for a row with username and password
        $errMess = "error";
        pg_close($conn); 
    }else{
        $row = pg_fetch_row($rs);
        session_start(); 
        $_SESSION['username']=$_POST["nick"];
        $_SESSION['admin'] = $row[0];
        pg_close($conn); 
        header("Location: /home.php");
    }

now in the home I have the header done in this way:

<?php require_once("scripts/functions.php"); 
      require_once("scripts/config.php");
      session_start(); 
?>
 <div id="siteHeader" class="headersLeft"><?php echo WELCOME;?></div>
        <div id="userContainer" class="headersRight"> 

            Logged as: <?php echo getDisplayName(); ?>
            <?php if(isset($_SESSION['username'])) {?>
                <button class="button" onclick="location.href='/logout.php';">logout</button>
            <?php }else{ ?>
                <button class="button" onclick="location.href='/login.php';">login</button>
            <?php }
            ?>
        </div>

it doesn't work: even if data is correct it still gives me "guest", the session variable is lost in the header passage..how come?

Sumurai8
  • 20,333
  • 11
  • 66
  • 100
Phate
  • 6,066
  • 15
  • 73
  • 138
  • How much data are you storing in the session? If its over the limit then that's your problem. – SamV Nov 02 '13 at 19:31
  • Set breakpoints in your code and try to understand which part is going wrong. A good start would be to see what `var_dump(pg_num_rows($rs) == 0));` outputs. – Amal Murali Nov 02 '13 at 19:31
  • 1
    Is there any output before `session_start()`? – Sumurai8 Nov 02 '13 at 19:32
  • Authentication is fine: it brings to me to the home.php page so num_rows gives the correct output..I think it is something about the session – Phate Nov 02 '13 at 19:33
  • What happens if you put `session_start()` at the _very beginning_ of each file? – geomagas Nov 02 '13 at 19:36
  • nothing..always the same problem – Phate Nov 02 '13 at 19:38
  • The issue might be that you need to add session_start again if you close the php tags,not sure. – Mihai Nov 02 '13 at 19:39
  • @Mihai That is not required (and will generate a warning too). – Sumurai8 Nov 02 '13 at 19:48
  • http://stackoverflow.com/questions/17242346/php-session-lost-after-redirect – Mihai Nov 02 '13 at 19:49
  • [Reading the docs](http://php.net/manual/en/function.session-start.php): What does `$a = session_start(); var_dump( $a );` output on both pages? If you make a testpage with just `session_start()` and some dummy variables you read/write and display on the screen, does that work? I assume you already tested this, but are you sure `$_POST['nick']` exists? – Sumurai8 Nov 02 '13 at 19:49
  • Is there any `$_SESSION`-manipulating code after the first snippet? Where does `$_SESSION['username']` get the `'guest'` value? – geomagas Nov 02 '13 at 20:51

4 Answers4

1

Solved: i was under windows and the default path to the temp folder, where php actually saves session files, was wrong: was "/tmp" and was not recognized. I set it to "C:\php\tmp" and it worked: session file was not saved at all!

Phate
  • 6,066
  • 15
  • 73
  • 138
0

Write session_start(); on top of everything (right after 

<?php 
session_start(); 
require_once("scripts/functions.php"); 
require_once("scripts/config.php");
?>

or if still doesn't work then write your code like this:

<?php 
ob_start();
session_start(); 
require_once("scripts/functions.php"); 
require_once("scripts/config.php");
?>

Also don't forget to put these two lines at the top of your login.php page. Hope it helps :)

Ali
  • 5,021
  • 4
  • 26
  • 45
  • 1
    Just a side-note: Even the second one would fail if you save the file as UTF-8 with BOM mark. *If* this is the problem, OP should get the "headers already sent" error if errors are shown. – Sumurai8 Nov 02 '13 at 19:58
0

I'm guessing there's some more code after the if statement that continues to manipulate $_SESSION. That's where $_SESSION['username'] is assigned the 'guest' value.

Remember, header("Location: /home.php"); only sets a response header. It doesn't redirect immediately, stopping script execution.

Place a exit; command right after header() to prevent execution from reaching the rest of the code:

    header("Location: /home.php");
    exit;
geomagas
  • 3,230
  • 1
  • 17
  • 27
0

this works for me:

session_save_path ( "" ) ;  
session_start();
dsdsdsdsd
  • 2,880
  • 6
  • 41
  • 56