Problemas con la página de inicio de sesión

After processing submitted data, my signing script redirects user back to index page. The problem is, in my index page I can't check if user signed in or not. I've inserted:

if (isset($_SESSION['id'])) 
{echo $_SESSION['id']; die();}

at the beginning of the index page for checking purposes. But it doesn't echo anything.
My signin script looks like this:

<?php
include '../includes/common.php';
$page='signin';
$err = array();

foreach($_GET as $key => $value) {
    $get[$key] = filter($value);
}

if ($_POST['dologin']=='Daxil ol') {
    foreach($_POST as $key => $value) {
        $data[$key] = filter($value);
    }

    $login = $data['login'];
    $pass = $data['pwd'];


    if (strpos($login,'@') === false) {
        $user_cond = "login='$login'";
    } else {
        $user_cond="email='$login'";
    }

    $result = $db->query("SELECT `id`,`pwd`,`fname`,`lname`,`approved`,`type`,`level` FROM users WHERE $user_cond AND `ban` = '0'") or die($db->error());

    $num = $result->num_rows;

    if ($num > 0 ) {
        list($id,$pwd,$fname,$lname,$approved, $type, $level) = $result->fetch_row();
        if (!$approved) {
            $err[] = 6;
        }
        if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
            if (empty($err)) {

                session_start();
                session_regenerate_id(true);

                $_SESSION['id']= $id;
                $_SESSION['fname'] = $fname;
                $_SESSION['lname'] = $lname;
                $_SESSION['type'] = $type;
                $_SESSION['level'] = $level;
                $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

                $stamp = time();
                $ckey = GenKey();
                $db->query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die($db->error());

                //set a cookie

                if (isset($_POST['remember'])) {
                    setcookie("id", $_SESSION['id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                    setcookie("key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
                    setcookie("fname",$_SESSION['fname'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                }
                header("Location: ../../../index.php");
            }
        } else {
            $err[] = 7;
        }
    } else {
        $err[] = 8;
    }
    if (!empty($err)) {
    include "../includes/error.php";
    }

} 
?>

Checked php error log. No error. Also checked MySql DB tables. It sets ctime and ckey. The signin part works (I think). The filter function is from common.php (for sanitizing post data)

preguntado el 30 de agosto de 11 a las 22:08

Aren't you supposed to session_start() first before checking if there any $_SESSION variables are set? -

Do you have session_start(); on your index page as well? -

yes i have at the beginning of the page -

Not the problem, but a problem is that you should not use relative paths for a Location: cabecera. RFC2616 states about the location header: The field value consists of a single absolute URI. You MUST use the absolute path of the new location. You can calculate this dynamically from $_SERVER['HTTP_HOST'] y $_SERVER['PHP_SELF'] p.ej header('http://'.$_SERVER['HTTP_HOST'].rtrim(dirname(dirname(dirname($_SERVER['PHP_SELF']))),'/').'/index.php'); -

but redirect works well. i wonder, how to start session if someone signs in or it doesn't matter if session will be active for guests too? -

2 Respuestas

You need to start session (even before sending any headers to the page). You also need to start session on each page you need session data unless you have the session auto start directive establecido en verdadero

<?php
session_start();
//$_SESSION data available here!
?>
<html>...
<?
   //other php code
   //$_SESSION data available here!
?>
...</html>

Respondido 31 ago 11, 03:08

I edited, in both of them place session_start() in the beginning. In every page you need session data. Look at the links I posted! - CANNADARK

Parece que te falta session_start() at the beginning of both files.

PHP wont pass session information if this function call is not present. It is a good practice to have this call be the first thing in the file.

Respondido 31 ago 11, 02:08

I need to always start session in my index page? - Tural Ali

Yes, all pages that will use session infomation need to have session_start() - johnluetke

i wonder, how to start session if someone signs in or it doesn't matter if session will be active for guests too? - Tural Ali

session_start() is oblivious to whether a user has signed in or not. It is up to you as the programmer to determine what information gets saved in a session and is thus available between pages. - johnluetke

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.