PDA

View Full Version : php sessions problem



gnossos
01-28-2004, 12:05 PM
<?php
session_start();
header("Cache-control: private");
if ((!$_POST[user]) || (!$_POST[password])) {
header("Location: http://69.36.167.110/test/login.php");
exit;
}

$filename = ".htdbaccess";
$file = fopen($filename, "r");
$contents = fread($file, filesize($filename));
fclose($file);

$dbvars = explode("\n", $contents);
$dbuser = stripslashes($dbvars[0]);
$dbpass = stripslashes($dbvars[1]);
$host = 'localhost';
$db_name = 'internal';
$table_name='user';

$connection = @mysql_connect($host, $dbuser, $dbpass) or die (mysql_error());
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());

$sql = "SELECT * FROM $table_name WHERE user = '$_POST[user]' AND password = '$_POST[password]'";
$result = @mysql_query($sql, $connection) or die(mysql_error());

$num = mysql_num_rows($result);
if ($num == 0) {
header("Location: http://69.36.167.110/test/login.php");
exit;
}

while ($row = mysql_fetch_array($result)) {
$usertype = $row['type'];
}

$_SESSION['usertype'] = $usertype;


the page download.php (linked off of downloads.php) has the following code to check that a user has logged in



<?
session_start();
header("Cache-control: private");

if (!($_SESSION['usertype'])){
header("Location: http://69.36.167.110/test/login.php");
exit;
}
?>



Now, my login page, login.php is linked to from a drop down menu, I put the following code into the login.php page to forward users on to the downloads.php page if they had already logged in once (e.g., logged in and then went up to the menu to select download again).



<?
session_start();
header ("Cache-control: private");

if ($_SESSION['usertype']){
header ("Location: http://69.36.167.110/test/downloads.php");
exit;
}
?>



however, when I log in and then try to select the login link (that uses the above to check if I am already logged in), in FB I get an Alert window that says
"Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked"
and in ie6 the page just doesn't load and spits out an error page (e.g., page could not be found).

Any suggestions (my understanding of sessions isn't terrific and this was sort of cobbled together so I wouldn't be surprised if I was violating some cardinal rule )

jalal
01-28-2004, 02:21 PM
Is the first section of code you posted called 'downloads.php'?

So, what I see happening is:
1. login.php - you login and get moved to downloads.php. Because you are logging in there is a _POST array with username and pass in it. Then it creates a session.
2. downloads.php - now you click on login.php
3. login.php - there is a session so get redirected to downloads.php
4. downloads.php - there is a session but no _POST variable, so get redirected to login.php, return to 3.

And keeps looping....

You probably need to add a session check to downloads.php.
And maybe have your login code in the login.php, with a redirect if it passes.

HTH

gnossos
01-28-2004, 03:22 PM
jalal,
thanks for the reply, after staring at the code for a few minutes I realized that just after I posted ;), I wrapped the whole downloads.php login check in an
if(!($_SESSION['usertype'])){
check for post data
check validity of login/pw
register session
}

just wondering if this is the correct way to be going about sessions.
thanks!