login problem

I have written a login code. It works fine in my localhost xampp but
when i upload my files on the web hosting server, i can login but when
i click on the other link within the page, it logs out. What could be
the problem? is it something to do with web hosting?

Re: login problem

white lightning wrote:
> I have written a login code. It works fine in my localhost xampp but
> when i upload my files on the web hosting server, i can login but when
> i click on the other link within the page, it logs out. What could be
> the problem? is it something to do with web hosting?
>

Probably not. But without seeing the code you're using, it's impossible
to tell.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: login problem

white lightning wrote:
> I have written a login code. It works fine in my localhost xampp but
> when i upload my files on the web hosting server, i can login but when
> i click on the other link within the page, it logs out. What could be
> the problem? is it something to do with web hosting?
>

Probably not. But without seeing the code you're using, it's impossible
to tell.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: login problem

On Mon, 28 Jan 2008 14:18:01 -0800, white lightning wrote:

> I have written a login code. It works fine in my localhost xampp but
> when i upload my files on the web hosting server, i can login but when i
> click on the other link within the page, it logs out. What could be the
> problem? is it something to do with web hosting?

My Magic 8 Ball says: The webserver isn't handling sessions they way you
expect it to... but that's a wild guess based on almost no information.

--
I told you this was going to happen.

Re: login problem

On Mon, 28 Jan 2008 14:18:01 -0800, white lightning wrote:

> I have written a login code. It works fine in my localhost xampp but
> when i upload my files on the web hosting server, i can login but when i
> click on the other link within the page, it logs out. What could be the
> problem? is it something to do with web hosting?

My Magic 8 Ball says: The webserver isn't handling sessions they way you
expect it to... but that's a wild guess based on almost no information.

--
I told you this was going to happen.

Re: login problem

Thanks for replies... Do I need to provide more info?
Please let me know what I need to provide

thanks!!







On Jan 29, 9:43 am, Ivan Marsh wrote:
> On Mon, 28 Jan 2008 14:18:01 -0800, white lightning wrote:
> > I have written a login code. It works fine in my localhost xampp but
> > when i upload my files on the web hosting server, i can login but when i
> > click on the other link within the page, it logs out. What could be the
> > problem? is it something to do with web hosting?
>
> My Magic 8 Ball says: The webserver isn't handling sessions they way you
> expect it to... but that's a wild guess based on almost no information.
>
> --
> I told you this was going to happen.

Re: login problem

On Mon, 28 Jan 2008 14:49:21 -0800, white lightning wrote:

> On Jan 29, 9:43 am, Ivan Marsh wrote:
>> On Mon, 28 Jan 2008 14:18:01 -0800, white lightning wrote:
>> > I have written a login code. It works fine in my localhost xampp but
>> > when i upload my files on the web hosting server, i can login but
>> > when i click on the other link within the page, it logs out. What
>> > could be the problem? is it something to do with web hosting?
>>
>> My Magic 8 Ball says: The webserver isn't handling sessions they way
>> you expect it to... but that's a wild guess based on almost no
>> information.
>
> Thanks for replies... Do I need to provide more info? Please let me know
> what I need to provide
>
> thanks!!

A code example and some idea of the server setup would help people help
you. Mask or delete any IP or password info of course.

--
I told you this was going to happen.

Re: login problem

On Mon, 28 Jan 2008 14:49:21 -0800, white lightning wrote:

> On Jan 29, 9:43 am, Ivan Marsh wrote:
>> On Mon, 28 Jan 2008 14:18:01 -0800, white lightning wrote:
>> > I have written a login code. It works fine in my localhost xampp but
>> > when i upload my files on the web hosting server, i can login but
>> > when i click on the other link within the page, it logs out. What
>> > could be the problem? is it something to do with web hosting?
>>
>> My Magic 8 Ball says: The webserver isn't handling sessions they way
>> you expect it to... but that's a wild guess based on almost no
>> information.
>
> Thanks for replies... Do I need to provide more info? Please let me know
> what I need to provide
>
> thanks!!

A code example and some idea of the server setup would help people help
you. Mask or delete any IP or password info of course.

--
I told you this was going to happen.

Re: login problem

>
> On Jan 29, 9:43 am, Ivan Marsh wrote:
>
> > On Mon, 28 Jan 2008 14:18:01 -0800, white lightning wrote:
> > > I have written a login code. It works fine in my localhost xampp but
> > > when i upload my files on the web hosting server, i can login but when i
> > > click on the other link within the page, it logs out. What could be the
> > > problem? is it something to do with web hosting?
>
> > My Magic 8 Ball says: The webserver isn't handling sessions they way you
> > expect it to... but that's a wild guess based on almost no information.


I just checked the phpinfo for session on my localhost and web
hosting. This is what i got:

localhost:
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary wddx

web hosting:
Session Support enabled
Registered save handlers files user mm


Is this causing the problem?

thanks!!





>
> > --
> > I told you this was going to happen.

Re: login problem

On Jan 28, 10:53 pm, white lightning wrote:
> > On Jan 29, 9:43 am, Ivan Marsh wrote:
>
> > > On Mon, 28 Jan 2008 14:18:01 -0800, white lightning wrote:
> > > > I have written a login code. It works fine in my localhost xampp but
> > > > when i upload my files on the web hosting server, i can login but when i
> > > > click on the other link within the page, it logs out. What could be the
> > > > problem? is it something to do with web hosting?
>
> > > My Magic 8 Ball says: The webserver isn't handling sessions they way you
> > > expect it to... but that's a wild guess based on almost no information.
>
> I just checked the phpinfo for session on my localhost and web
> hosting. This is what i got:
>
> localhost:
> Session Support enabled
> Registered save handlers files user sqlite
> Registered serializer handlers php php_binary wddx
>
> web hosting:
> Session Support enabled
> Registered save handlers files user mm
>
> Is this causing the problem?
>
> thanks!!
>
>
>
> > > --
> > > I told you this was going to happen.

Are you using php sessions at all? If you're using plain cookies, the
issue might be wrong cookie-domain / cookie-path.

--
Kailash Nadh | http://kailashnadh.name

Re: login problem

white lightning wrote:
>> On Jan 29, 9:43 am, Ivan Marsh wrote:
>>
>>> On Mon, 28 Jan 2008 14:18:01 -0800, white lightning wrote:
>>>> I have written a login code. It works fine in my localhost xampp but
>>>> when i upload my files on the web hosting server, i can login but when i
>>>> click on the other link within the page, it logs out. What could be the
>>>> problem? is it something to do with web hosting?
>>> My Magic 8 Ball says: The webserver isn't handling sessions they way you
>>> expect it to... but that's a wild guess based on almost no information.
>
>
> I just checked the phpinfo for session on my localhost and web
> hosting. This is what i got:
>
> localhost:
> Session Support enabled
> Registered save handlers files user sqlite
> Registered serializer handlers php php_binary wddx
>
> web hosting:
> Session Support enabled
> Registered save handlers files user mm
>
>
> Is this causing the problem?
>
> thanks!!
>
>
>
>
>
>>> --
>>> I told you this was going to happen.
>
>

Who knows? As Ivan said - show us the code.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: login problem

white lightning wrote:
>> On Jan 29, 9:43 am, Ivan Marsh wrote:
>>
>>> On Mon, 28 Jan 2008 14:18:01 -0800, white lightning wrote:
>>>> I have written a login code. It works fine in my localhost xampp but
>>>> when i upload my files on the web hosting server, i can login but when i
>>>> click on the other link within the page, it logs out. What could be the
>>>> problem? is it something to do with web hosting?
>>> My Magic 8 Ball says: The webserver isn't handling sessions they way you
>>> expect it to... but that's a wild guess based on almost no information.
>
>
> I just checked the phpinfo for session on my localhost and web
> hosting. This is what i got:
>
> localhost:
> Session Support enabled
> Registered save handlers files user sqlite
> Registered serializer handlers php php_binary wddx
>
> web hosting:
> Session Support enabled
> Registered save handlers files user mm
>
>
> Is this causing the problem?
>
> thanks!!
>
>
>
>
>
>>> --
>>> I told you this was going to happen.
>
>

Who knows? As Ivan said - show us the code.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: login problem

Here is my login code. As I said earlier, it works perfect in
localhost but not in web hosting server... Perhaps it's something to
do with something else.. Not sure if i could attach files here...
otherwise i could have sent more codes....

class User {
function User(&$db) {
$this->db = $db;
}

function session_defaults() {
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
$_SESSION['cookie'] = 0;
$_SESSION['remember'] = false;
}

function _checkLogin($username, $password, $remember = false) {
$username = mysql_escape_string($username);
$password = $password;
$sql = "SELECT * FROM member WHERE username = '$username' AND
password = '$password'";
$result = mysql_query($sql) or die("Could not select");
$return_result = mysql_fetch_assoc($result);
if (mysql_num_rows($result)) {
if ($this->_setSession($return_result, $remember)) {
return $return_result['username'];
}
} else {
$this->failed = true;
$this->_logout();
return false;
}
}


function _setSession(&$values, $remember, $init = true) {
$this->id = $values['member_id'];
$_SESSION['uid'] = $this->id;
$_SESSION['username'] = htmlspecialchars($values['username']);
$_SESSION['cookie'] = $values['cookie'];
$_SESSION['logged'] = true;
echo "session_logged: ".$_SESSION['logged'];
if ($remember) {
$this->updateCookie($values['cookie'], true);
}
if ($init) {
$session = session_id();
$ip = $_SERVER['REMOTE_ADDR'];

$sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
member_id = '$this->id'";
mysql_query($sql);
return true;
}
}

function _logout() {
$query = "UPDATE member SET cookie='', session='', ip='' WHERE
member_id='{$_SESSION['uid']}'";
mysql_query($query) or die("Could not select");

$_SESSION['logged'] = false;
$_SESSION = array();
session_destroy();
return true;
}
}

Re: login problem

white lightning wrote:
> Here is my login code. As I said earlier, it works perfect in
> localhost but not in web hosting server... Perhaps it's something to
> do with something else.. Not sure if i could attach files here...
> otherwise i could have sent more codes....
>
> class User {
> function User(&$db) {
> $this->db = $db;
> }
>
> function session_defaults() {
> $_SESSION['logged'] = false;
> $_SESSION['uid'] = 0;
> $_SESSION['username'] = '';
> $_SESSION['cookie'] = 0;
> $_SESSION['remember'] = false;
> }
>
> function _checkLogin($username, $password, $remember = false) {
> $username = mysql_escape_string($username);
> $password = $password;
> $sql = "SELECT * FROM member WHERE username = '$username' AND
> password = '$password'";
> $result = mysql_query($sql) or die("Could not select");
> $return_result = mysql_fetch_assoc($result);
> if (mysql_num_rows($result)) {
> if ($this->_setSession($return_result, $remember)) {
> return $return_result['username'];
> }
> } else {
> $this->failed = true;
> $this->_logout();
> return false;
> }
> }
>
>
> function _setSession(&$values, $remember, $init = true) {
> $this->id = $values['member_id'];
> $_SESSION['uid'] = $this->id;
> $_SESSION['username'] = htmlspecialchars($values['username']);
> $_SESSION['cookie'] = $values['cookie'];
> $_SESSION['logged'] = true;
> echo "session_logged: ".$_SESSION['logged'];
> if ($remember) {
> $this->updateCookie($values['cookie'], true);
> }
> if ($init) {
> $session = session_id();
> $ip = $_SERVER['REMOTE_ADDR'];
>
> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
> member_id = '$this->id'";
> mysql_query($sql);
> return true;
> }
> }
>
> function _logout() {
> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
> member_id='{$_SESSION['uid']}'";
> mysql_query($query) or die("Could not select");
>
> $_SESSION['logged'] = false;
> $_SESSION = array();
> session_destroy();
> return true;
> }
> }
>

OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
more to it than this.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: login problem

white lightning wrote:
> Here is my login code. As I said earlier, it works perfect in
> localhost but not in web hosting server... Perhaps it's something to
> do with something else.. Not sure if i could attach files here...
> otherwise i could have sent more codes....
>
> class User {
> function User(&$db) {
> $this->db = $db;
> }
>
> function session_defaults() {
> $_SESSION['logged'] = false;
> $_SESSION['uid'] = 0;
> $_SESSION['username'] = '';
> $_SESSION['cookie'] = 0;
> $_SESSION['remember'] = false;
> }
>
> function _checkLogin($username, $password, $remember = false) {
> $username = mysql_escape_string($username);
> $password = $password;
> $sql = "SELECT * FROM member WHERE username = '$username' AND
> password = '$password'";
> $result = mysql_query($sql) or die("Could not select");
> $return_result = mysql_fetch_assoc($result);
> if (mysql_num_rows($result)) {
> if ($this->_setSession($return_result, $remember)) {
> return $return_result['username'];
> }
> } else {
> $this->failed = true;
> $this->_logout();
> return false;
> }
> }
>
>
> function _setSession(&$values, $remember, $init = true) {
> $this->id = $values['member_id'];
> $_SESSION['uid'] = $this->id;
> $_SESSION['username'] = htmlspecialchars($values['username']);
> $_SESSION['cookie'] = $values['cookie'];
> $_SESSION['logged'] = true;
> echo "session_logged: ".$_SESSION['logged'];
> if ($remember) {
> $this->updateCookie($values['cookie'], true);
> }
> if ($init) {
> $session = session_id();
> $ip = $_SERVER['REMOTE_ADDR'];
>
> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
> member_id = '$this->id'";
> mysql_query($sql);
> return true;
> }
> }
>
> function _logout() {
> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
> member_id='{$_SESSION['uid']}'";
> mysql_query($query) or die("Could not select");
>
> $_SESSION['logged'] = false;
> $_SESSION = array();
> session_destroy();
> return true;
> }
> }
>

OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
more to it than this.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: login problem

"Jerry Stuckle" wrote in message
news:XdadneMF3qDgmALanZ2dnUVZ_sLinZ2d@comcast.com...
> white lightning wrote:
>> Here is my login code. As I said earlier, it works perfect in
>> localhost but not in web hosting server... Perhaps it's something to
>> do with something else.. Not sure if i could attach files here...
>> otherwise i could have sent more codes....
>>
>> class User {
>> function User(&$db) {
>> $this->db = $db;
>> }
>>
>> function session_defaults() {
>> $_SESSION['logged'] = false;
>> $_SESSION['uid'] = 0;
>> $_SESSION['username'] = '';
>> $_SESSION['cookie'] = 0;
>> $_SESSION['remember'] = false;
>> }
>>
>> function _checkLogin($username, $password, $remember = false) {
>> $username = mysql_escape_string($username);
>> $password = $password;
>> $sql = "SELECT * FROM member WHERE username = '$username' AND
>> password = '$password'";
>> $result = mysql_query($sql) or die("Could not select");
>> $return_result = mysql_fetch_assoc($result);
>> if (mysql_num_rows($result)) {
>> if ($this->_setSession($return_result, $remember)) {
>> return $return_result['username'];
>> }
>> } else {
>> $this->failed = true;
>> $this->_logout();
>> return false;
>> }
>> }
>>
>>
>> function _setSession(&$values, $remember, $init = true) {
>> $this->id = $values['member_id'];
>> $_SESSION['uid'] = $this->id;
>> $_SESSION['username'] = htmlspecialchars($values['username']);
>> $_SESSION['cookie'] = $values['cookie'];
>> $_SESSION['logged'] = true;
>> echo "session_logged: ".$_SESSION['logged'];
>> if ($remember) {
>> $this->updateCookie($values['cookie'], true);
>> }
>> if ($init) {
>> $session = session_id();
>> $ip = $_SERVER['REMOTE_ADDR'];
>>
>> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
>> member_id = '$this->id'";
>> mysql_query($sql);
>> return true;
>> }
>> }
>>
>> function _logout() {
>> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
>> member_id='{$_SESSION['uid']}'";
>> mysql_query($query) or die("Could not select");
>>
>> $_SESSION['logged'] = false;
>> $_SESSION = array();
>> session_destroy();
>> return true;
>> }
>> }
>>
>
> OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
> more to it than this.

not really much more needed...this stuff is not what i'd call well written
though.

for the OP, check to make sure your isp/host is having php store session
information on the server's side rather than client-side.

as for the code, your class has several members/interfaces that are not
defined...i.e id, db, etc.. to be clear and gain other php features, you
need to declare them in your class. also, your class is not decoupled from
your db implementation. however, the big killer is that ALL your pertanent,
supposedly secure user information is stored and accessed via $_SESSION.
that should be the primary use of your user class...not to simply run
queries. you need to be forcing any caller to access user information -
where the user class is in complete control.

btw, we know for a fact that this is not your complete working code...or
else $this->updateCookie would explode in your browser. oh, and one more
thought...you do know that _interfaceName is typically always/only used to
denote that the interface has class-only scope? that's not just a php thing
either. i can't imagine that session_defaults is the only function used by a
caller, i mean, how would you log in/out anyone. :)

Re: login problem

"Jerry Stuckle" wrote in message
news:XdadneMF3qDgmALanZ2dnUVZ_sLinZ2d@comcast.com...
> white lightning wrote:
>> Here is my login code. As I said earlier, it works perfect in
>> localhost but not in web hosting server... Perhaps it's something to
>> do with something else.. Not sure if i could attach files here...
>> otherwise i could have sent more codes....
>>
>> class User {
>> function User(&$db) {
>> $this->db = $db;
>> }
>>
>> function session_defaults() {
>> $_SESSION['logged'] = false;
>> $_SESSION['uid'] = 0;
>> $_SESSION['username'] = '';
>> $_SESSION['cookie'] = 0;
>> $_SESSION['remember'] = false;
>> }
>>
>> function _checkLogin($username, $password, $remember = false) {
>> $username = mysql_escape_string($username);
>> $password = $password;
>> $sql = "SELECT * FROM member WHERE username = '$username' AND
>> password = '$password'";
>> $result = mysql_query($sql) or die("Could not select");
>> $return_result = mysql_fetch_assoc($result);
>> if (mysql_num_rows($result)) {
>> if ($this->_setSession($return_result, $remember)) {
>> return $return_result['username'];
>> }
>> } else {
>> $this->failed = true;
>> $this->_logout();
>> return false;
>> }
>> }
>>
>>
>> function _setSession(&$values, $remember, $init = true) {
>> $this->id = $values['member_id'];
>> $_SESSION['uid'] = $this->id;
>> $_SESSION['username'] = htmlspecialchars($values['username']);
>> $_SESSION['cookie'] = $values['cookie'];
>> $_SESSION['logged'] = true;
>> echo "session_logged: ".$_SESSION['logged'];
>> if ($remember) {
>> $this->updateCookie($values['cookie'], true);
>> }
>> if ($init) {
>> $session = session_id();
>> $ip = $_SERVER['REMOTE_ADDR'];
>>
>> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
>> member_id = '$this->id'";
>> mysql_query($sql);
>> return true;
>> }
>> }
>>
>> function _logout() {
>> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
>> member_id='{$_SESSION['uid']}'";
>> mysql_query($query) or die("Could not select");
>>
>> $_SESSION['logged'] = false;
>> $_SESSION = array();
>> session_destroy();
>> return true;
>> }
>> }
>>
>
> OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
> more to it than this.

not really much more needed...this stuff is not what i'd call well written
though.

for the OP, check to make sure your isp/host is having php store session
information on the server's side rather than client-side.

as for the code, your class has several members/interfaces that are not
defined...i.e id, db, etc.. to be clear and gain other php features, you
need to declare them in your class. also, your class is not decoupled from
your db implementation. however, the big killer is that ALL your pertanent,
supposedly secure user information is stored and accessed via $_SESSION.
that should be the primary use of your user class...not to simply run
queries. you need to be forcing any caller to access user information -
where the user class is in complete control.

btw, we know for a fact that this is not your complete working code...or
else $this->updateCookie would explode in your browser. oh, and one more
thought...you do know that _interfaceName is typically always/only used to
denote that the interface has class-only scope? that's not just a php thing
either. i can't imagine that session_defaults is the only function used by a
caller, i mean, how would you log in/out anyone. :)

Re: login problem

Steve wrote:
> "Jerry Stuckle" wrote in message
> news:XdadneMF3qDgmALanZ2dnUVZ_sLinZ2d@comcast.com...
>> white lightning wrote:
>>> Here is my login code. As I said earlier, it works perfect in
>>> localhost but not in web hosting server... Perhaps it's something to
>>> do with something else.. Not sure if i could attach files here...
>>> otherwise i could have sent more codes....
>>>
>>> class User {
>>> function User(&$db) {
>>> $this->db = $db;
>>> }
>>>
>>> function session_defaults() {
>>> $_SESSION['logged'] = false;
>>> $_SESSION['uid'] = 0;
>>> $_SESSION['username'] = '';
>>> $_SESSION['cookie'] = 0;
>>> $_SESSION['remember'] = false;
>>> }
>>>
>>> function _checkLogin($username, $password, $remember = false) {
>>> $username = mysql_escape_string($username);
>>> $password = $password;
>>> $sql = "SELECT * FROM member WHERE username = '$username' AND
>>> password = '$password'";
>>> $result = mysql_query($sql) or die("Could not select");
>>> $return_result = mysql_fetch_assoc($result);
>>> if (mysql_num_rows($result)) {
>>> if ($this->_setSession($return_result, $remember)) {
>>> return $return_result['username'];
>>> }
>>> } else {
>>> $this->failed = true;
>>> $this->_logout();
>>> return false;
>>> }
>>> }
>>>
>>>
>>> function _setSession(&$values, $remember, $init = true) {
>>> $this->id = $values['member_id'];
>>> $_SESSION['uid'] = $this->id;
>>> $_SESSION['username'] = htmlspecialchars($values['username']);
>>> $_SESSION['cookie'] = $values['cookie'];
>>> $_SESSION['logged'] = true;
>>> echo "session_logged: ".$_SESSION['logged'];
>>> if ($remember) {
>>> $this->updateCookie($values['cookie'], true);
>>> }
>>> if ($init) {
>>> $session = session_id();
>>> $ip = $_SERVER['REMOTE_ADDR'];
>>>
>>> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
>>> member_id = '$this->id'";
>>> mysql_query($sql);
>>> return true;
>>> }
>>> }
>>>
>>> function _logout() {
>>> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
>>> member_id='{$_SESSION['uid']}'";
>>> mysql_query($query) or die("Could not select");
>>>
>>> $_SESSION['logged'] = false;
>>> $_SESSION = array();
>>> session_destroy();
>>> return true;
>>> }
>>> }
>>>
>> OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
>> more to it than this.
>
> not really much more needed...this stuff is not what i'd call well written
> though.
>
> for the OP, check to make sure your isp/host is having php store session
> information on the server's side rather than client-side.
>

I don't know of any hosts which store session data client-side.

> as for the code, your class has several members/interfaces that are not
> defined...i.e id, db, etc.. to be clear and gain other php features, you
> need to declare them in your class. also, your class is not decoupled from
> your db implementation. however, the big killer is that ALL your pertanent,
> supposedly secure user information is stored and accessed via $_SESSION.
> that should be the primary use of your user class...not to simply run
> queries. you need to be forcing any caller to access user information -
> where the user class is in complete control.
>

$db is defined in the constructor.

> btw, we know for a fact that this is not your complete working code...or
> else $this->updateCookie would explode in your browser. oh, and one more
> thought...you do know that _interfaceName is typically always/only used to
> denote that the interface has class-only scope? that's not just a php thing
> either. i can't imagine that session_defaults is the only function used by a
> caller, i mean, how would you log in/out anyone. :)
>
>
>

As I said - the complete code is not there, so we don't know what's
going on.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: login problem

Steve wrote:
> "Jerry Stuckle" wrote in message
> news:XdadneMF3qDgmALanZ2dnUVZ_sLinZ2d@comcast.com...
>> white lightning wrote:
>>> Here is my login code. As I said earlier, it works perfect in
>>> localhost but not in web hosting server... Perhaps it's something to
>>> do with something else.. Not sure if i could attach files here...
>>> otherwise i could have sent more codes....
>>>
>>> class User {
>>> function User(&$db) {
>>> $this->db = $db;
>>> }
>>>
>>> function session_defaults() {
>>> $_SESSION['logged'] = false;
>>> $_SESSION['uid'] = 0;
>>> $_SESSION['username'] = '';
>>> $_SESSION['cookie'] = 0;
>>> $_SESSION['remember'] = false;
>>> }
>>>
>>> function _checkLogin($username, $password, $remember = false) {
>>> $username = mysql_escape_string($username);
>>> $password = $password;
>>> $sql = "SELECT * FROM member WHERE username = '$username' AND
>>> password = '$password'";
>>> $result = mysql_query($sql) or die("Could not select");
>>> $return_result = mysql_fetch_assoc($result);
>>> if (mysql_num_rows($result)) {
>>> if ($this->_setSession($return_result, $remember)) {
>>> return $return_result['username'];
>>> }
>>> } else {
>>> $this->failed = true;
>>> $this->_logout();
>>> return false;
>>> }
>>> }
>>>
>>>
>>> function _setSession(&$values, $remember, $init = true) {
>>> $this->id = $values['member_id'];
>>> $_SESSION['uid'] = $this->id;
>>> $_SESSION['username'] = htmlspecialchars($values['username']);
>>> $_SESSION['cookie'] = $values['cookie'];
>>> $_SESSION['logged'] = true;
>>> echo "session_logged: ".$_SESSION['logged'];
>>> if ($remember) {
>>> $this->updateCookie($values['cookie'], true);
>>> }
>>> if ($init) {
>>> $session = session_id();
>>> $ip = $_SERVER['REMOTE_ADDR'];
>>>
>>> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
>>> member_id = '$this->id'";
>>> mysql_query($sql);
>>> return true;
>>> }
>>> }
>>>
>>> function _logout() {
>>> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
>>> member_id='{$_SESSION['uid']}'";
>>> mysql_query($query) or die("Could not select");
>>>
>>> $_SESSION['logged'] = false;
>>> $_SESSION = array();
>>> session_destroy();
>>> return true;
>>> }
>>> }
>>>
>> OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
>> more to it than this.
>
> not really much more needed...this stuff is not what i'd call well written
> though.
>
> for the OP, check to make sure your isp/host is having php store session
> information on the server's side rather than client-side.
>

I don't know of any hosts which store session data client-side.

> as for the code, your class has several members/interfaces that are not
> defined...i.e id, db, etc.. to be clear and gain other php features, you
> need to declare them in your class. also, your class is not decoupled from
> your db implementation. however, the big killer is that ALL your pertanent,
> supposedly secure user information is stored and accessed via $_SESSION.
> that should be the primary use of your user class...not to simply run
> queries. you need to be forcing any caller to access user information -
> where the user class is in complete control.
>

$db is defined in the constructor.

> btw, we know for a fact that this is not your complete working code...or
> else $this->updateCookie would explode in your browser. oh, and one more
> thought...you do know that _interfaceName is typically always/only used to
> denote that the interface has class-only scope? that's not just a php thing
> either. i can't imagine that session_defaults is the only function used by a
> caller, i mean, how would you log in/out anyone. :)
>
>
>

As I said - the complete code is not there, so we don't know what's
going on.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: login problem

"Jerry Stuckle" wrote in message
news:y66dnRrY6-eMHALanZ2dnUVZ_vDinZ2d@comcast.com...
> Steve wrote:
>> "Jerry Stuckle" wrote in message
>> news:XdadneMF3qDgmALanZ2dnUVZ_sLinZ2d@comcast.com...
>>> white lightning wrote:
>>>> Here is my login code. As I said earlier, it works perfect in
>>>> localhost but not in web hosting server... Perhaps it's something to
>>>> do with something else.. Not sure if i could attach files here...
>>>> otherwise i could have sent more codes....
>>>>
>>>> class User {
>>>> function User(&$db) {
>>>> $this->db = $db;
>>>> }
>>>>
>>>> function session_defaults() {
>>>> $_SESSION['logged'] = false;
>>>> $_SESSION['uid'] = 0;
>>>> $_SESSION['username'] = '';
>>>> $_SESSION['cookie'] = 0;
>>>> $_SESSION['remember'] = false;
>>>> }
>>>>
>>>> function _checkLogin($username, $password, $remember = false) {
>>>> $username = mysql_escape_string($username);
>>>> $password = $password;
>>>> $sql = "SELECT * FROM member WHERE username = '$username' AND
>>>> password = '$password'";
>>>> $result = mysql_query($sql) or die("Could not select");
>>>> $return_result = mysql_fetch_assoc($result);
>>>> if (mysql_num_rows($result)) {
>>>> if ($this->_setSession($return_result, $remember)) {
>>>> return $return_result['username'];
>>>> }
>>>> } else {
>>>> $this->failed = true;
>>>> $this->_logout();
>>>> return false;
>>>> }
>>>> }
>>>>
>>>>
>>>> function _setSession(&$values, $remember, $init = true) {
>>>> $this->id = $values['member_id'];
>>>> $_SESSION['uid'] = $this->id;
>>>> $_SESSION['username'] = htmlspecialchars($values['username']);
>>>> $_SESSION['cookie'] = $values['cookie'];
>>>> $_SESSION['logged'] = true;
>>>> echo "session_logged: ".$_SESSION['logged'];
>>>> if ($remember) {
>>>> $this->updateCookie($values['cookie'], true);
>>>> }
>>>> if ($init) {
>>>> $session = session_id();
>>>> $ip = $_SERVER['REMOTE_ADDR'];
>>>>
>>>> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
>>>> member_id = '$this->id'";
>>>> mysql_query($sql);
>>>> return true;
>>>> }
>>>> }
>>>>
>>>> function _logout() {
>>>> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
>>>> member_id='{$_SESSION['uid']}'";
>>>> mysql_query($query) or die("Could not select");
>>>>
>>>> $_SESSION['logged'] = false;
>>>> $_SESSION = array();
>>>> session_destroy();
>>>> return true;
>>>> }
>>>> }
>>>>
>>> OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
>>> more to it than this.
>>
>> not really much more needed...this stuff is not what i'd call well
>> written though.
>>
>> for the OP, check to make sure your isp/host is having php store session
>> information on the server's side rather than client-side.
>>
>
> I don't know of any hosts which store session data client-side.

rare, but worth checking.

>> as for the code, your class has several members/interfaces that are not
>> defined...i.e id, db, etc.. to be clear and gain other php features, you
>> need to declare them in your class. also, your class is not decoupled
>> from your db implementation. however, the big killer is that ALL your
>> pertanent, supposedly secure user information is stored and accessed via
>> $_SESSION. that should be the primary use of your user class...not to
>> simply run queries. you need to be forcing any caller to access user
>> information - where the user class is in complete control.
>>
>
> $db is defined in the constructor.

yet is definitively mysql...and thus, not loosely coupled.

>> btw, we know for a fact that this is not your complete working code...or
>> else $this->updateCookie would explode in your browser. oh, and one more
>> thought...you do know that _interfaceName is typically always/only used
>> to denote that the interface has class-only scope? that's not just a php
>> thing either. i can't imagine that session_defaults is the only function
>> used by a caller, i mean, how would you log in/out anyone. :)
>
> As I said - the complete code is not there, so we don't know what's going
> on.

exactly.

Re: login problem

"Jerry Stuckle" wrote in message
news:y66dnRrY6-eMHALanZ2dnUVZ_vDinZ2d@comcast.com...
> Steve wrote:
>> "Jerry Stuckle" wrote in message
>> news:XdadneMF3qDgmALanZ2dnUVZ_sLinZ2d@comcast.com...
>>> white lightning wrote:
>>>> Here is my login code. As I said earlier, it works perfect in
>>>> localhost but not in web hosting server... Perhaps it's something to
>>>> do with something else.. Not sure if i could attach files here...
>>>> otherwise i could have sent more codes....
>>>>
>>>> class User {
>>>> function User(&$db) {
>>>> $this->db = $db;
>>>> }
>>>>
>>>> function session_defaults() {
>>>> $_SESSION['logged'] = false;
>>>> $_SESSION['uid'] = 0;
>>>> $_SESSION['username'] = '';
>>>> $_SESSION['cookie'] = 0;
>>>> $_SESSION['remember'] = false;
>>>> }
>>>>
>>>> function _checkLogin($username, $password, $remember = false) {
>>>> $username = mysql_escape_string($username);
>>>> $password = $password;
>>>> $sql = "SELECT * FROM member WHERE username = '$username' AND
>>>> password = '$password'";
>>>> $result = mysql_query($sql) or die("Could not select");
>>>> $return_result = mysql_fetch_assoc($result);
>>>> if (mysql_num_rows($result)) {
>>>> if ($this->_setSession($return_result, $remember)) {
>>>> return $return_result['username'];
>>>> }
>>>> } else {
>>>> $this->failed = true;
>>>> $this->_logout();
>>>> return false;
>>>> }
>>>> }
>>>>
>>>>
>>>> function _setSession(&$values, $remember, $init = true) {
>>>> $this->id = $values['member_id'];
>>>> $_SESSION['uid'] = $this->id;
>>>> $_SESSION['username'] = htmlspecialchars($values['username']);
>>>> $_SESSION['cookie'] = $values['cookie'];
>>>> $_SESSION['logged'] = true;
>>>> echo "session_logged: ".$_SESSION['logged'];
>>>> if ($remember) {
>>>> $this->updateCookie($values['cookie'], true);
>>>> }
>>>> if ($init) {
>>>> $session = session_id();
>>>> $ip = $_SERVER['REMOTE_ADDR'];
>>>>
>>>> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
>>>> member_id = '$this->id'";
>>>> mysql_query($sql);
>>>> return true;
>>>> }
>>>> }
>>>>
>>>> function _logout() {
>>>> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
>>>> member_id='{$_SESSION['uid']}'";
>>>> mysql_query($query) or die("Could not select");
>>>>
>>>> $_SESSION['logged'] = false;
>>>> $_SESSION = array();
>>>> session_destroy();
>>>> return true;
>>>> }
>>>> }
>>>>
>>> OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
>>> more to it than this.
>>
>> not really much more needed...this stuff is not what i'd call well
>> written though.
>>
>> for the OP, check to make sure your isp/host is having php store session
>> information on the server's side rather than client-side.
>>
>
> I don't know of any hosts which store session data client-side.

rare, but worth checking.

>> as for the code, your class has several members/interfaces that are not
>> defined...i.e id, db, etc.. to be clear and gain other php features, you
>> need to declare them in your class. also, your class is not decoupled
>> from your db implementation. however, the big killer is that ALL your
>> pertanent, supposedly secure user information is stored and accessed via
>> $_SESSION. that should be the primary use of your user class...not to
>> simply run queries. you need to be forcing any caller to access user
>> information - where the user class is in complete control.
>>
>
> $db is defined in the constructor.

yet is definitively mysql...and thus, not loosely coupled.

>> btw, we know for a fact that this is not your complete working code...or
>> else $this->updateCookie would explode in your browser. oh, and one more
>> thought...you do know that _interfaceName is typically always/only used
>> to denote that the interface has class-only scope? that's not just a php
>> thing either. i can't imagine that session_defaults is the only function
>> used by a caller, i mean, how would you log in/out anyone. :)
>
> As I said - the complete code is not there, so we don't know what's going
> on.

exactly.

Re: login problem

More codes:

class User {
function User(&$db) {
$this->db = $db;
}

function session_defaults() {
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
$_SESSION['cookie'] = 0;
$_SESSION['remember'] = false;
}

function _checkLogin($username, $password, $remember = false)
{
$username = mysql_escape_string($username);
$password = $password;
$sql = "SELECT * FROM member WHERE username =
'$username' AND
password = '$password'";
$result = mysql_query($sql) or die("Could not
select");
$return_result = mysql_fetch_assoc($result);
if (mysql_num_rows($result)) {
if ($this->_setSession($return_result,
$remember)) {
return
$return_result['username'];
}
} else {
$this->failed = true;
$this->_logout();
return false;
}
}

function _setSession(&$values, $remember, $init = true) {
$this->id = $values['member_id'];
$_SESSION['uid'] = $this->id;
$_SESSION['username'] =
htmlspecialchars($values['username']);
$_SESSION['cookie'] = $values['cookie'];
$_SESSION['logged'] = true;
echo "session_logged: ".$_SESSION['logged'];
if ($remember) {
$this->updateCookie($values['cookie'], true);
}
if ($init) {
$session = session_id();
$ip = $_SERVER['REMOTE_ADDR'];

$sql = "UPDATE member SET session =
'$session', ip = '$ip' WHERE
member_id = '$this->id'";
mysql_query($sql);
return true;
}
}

function _logout() {
$query = "UPDATE member SET cookie='', session='',
ip='' WHERE
member_id='{$_SESSION['uid']}'";
mysql_query($query) or die("Could not select");

$_SESSION['logged'] = false;
$_SESSION = array();
session_destroy();
return true;
}
}


Here is the code that does the login.. This is what I have on every
page:
$_REQUEST['login'] and $_REQUEST['logout'] are sent from the form...
Login and logout works perfect in localhost using xampp.. on my
hosting sever, the login does not persist and $_SESSION['logged'] sets
to "false" whenever I click on another page within the site.

$db = new db_connect();
$db = $db->connectDB();
$user = new User($db);
if ($_SESSION['logged'] && isset($_REQUEST['logout'])) {
$logout = $user->_logout();
if ($_REQUEST['cid']) {
header("Location:".$_SERVER['PHP_SELF']."?cid=".
$_REQUEST['cid']);
} else if ($_REQUEST['prod']) {
header("Location:".$_SERVER['PHP_SELF']."?prod=".
$_REQUEST['prod']);
} else {
header("Location:".$_SERVER['PHP_SELF']);
}
?>

} else if (!$_SESSION['logged'] && isset($_REQUEST['login'])) {
$username = $user->_checkLogin($_REQUEST['username'],
$_REQUEST['password']);
echo "

Re: login problem

white lightning wrote:
> More codes:
>
> class User {
> function User(&$db) {
> $this->db = $db;
> }
>
> function session_defaults() {
> $_SESSION['logged'] = false;
> $_SESSION['uid'] = 0;
> $_SESSION['username'] = '';
> $_SESSION['cookie'] = 0;
> $_SESSION['remember'] = false;
> }
>
> function _checkLogin($username, $password, $remember = false)
> {
> $username = mysql_escape_string($username);
> $password = $password;
> $sql = "SELECT * FROM member WHERE username =
> '$username' AND
> password = '$password'";
> $result = mysql_query($sql) or die("Could not
> select");
> $return_result = mysql_fetch_assoc($result);
> if (mysql_num_rows($result)) {
> if ($this->_setSession($return_result,
> $remember)) {
> return
> $return_result['username'];
> }
> } else {
> $this->failed = true;
> $this->_logout();
> return false;
> }
> }
>
> function _setSession(&$values, $remember, $init = true) {
> $this->id = $values['member_id'];
> $_SESSION['uid'] = $this->id;
> $_SESSION['username'] =
> htmlspecialchars($values['username']);
> $_SESSION['cookie'] = $values['cookie'];
> $_SESSION['logged'] = true;
> echo "session_logged: ".$_SESSION['logged'];
> if ($remember) {
> $this->updateCookie($values['cookie'], true);
> }
> if ($init) {
> $session = session_id();
> $ip = $_SERVER['REMOTE_ADDR'];
>
> $sql = "UPDATE member SET session =
> '$session', ip = '$ip' WHERE
> member_id = '$this->id'";
> mysql_query($sql);
> return true;
> }
> }
>
> function _logout() {
> $query = "UPDATE member SET cookie='', session='',
> ip='' WHERE
> member_id='{$_SESSION['uid']}'";
> mysql_query($query) or die("Could not select");
>
> $_SESSION['logged'] = false;
> $_SESSION = array();
> session_destroy();
> return true;
> }
> }
>
>
> Here is the code that does the login.. This is what I have on every
> page:
> $_REQUEST['login'] and $_REQUEST['logout'] are sent from the form...
> Login and logout works perfect in localhost using xampp.. on my
> hosting sever, the login does not persist and $_SESSION['logged'] sets
> to "false" whenever I click on another page within the site.
>
> > $db = new db_connect();
> $db = $db->connectDB();
> $user = new User($db);
> if ($_SESSION['logged'] && isset($_REQUEST['logout'])) {
> $logout = $user->_logout();
> if ($_REQUEST['cid']) {
> header("Location:".$_SERVER['PHP_SELF']."?cid=".
> $_REQUEST['cid']);
> } else if ($_REQUEST['prod']) {
> header("Location:".$_SERVER['PHP_SELF']."?prod=".
> $_REQUEST['prod']);
> } else {
> header("Location:".$_SERVER['PHP_SELF']);
> }
> ?>
>
> > } else if (!$_SESSION['logged'] && isset($_REQUEST['login'])) {
> $username = $user->_checkLogin($_REQUEST['username'],
> $_REQUEST['password']);
> echo "

Re: login problem

white lightning wrote:
> More codes:
>
> class User {
> function User(&$db) {
> $this->db = $db;
> }
>
> function session_defaults() {
> $_SESSION['logged'] = false;
> $_SESSION['uid'] = 0;
> $_SESSION['username'] = '';
> $_SESSION['cookie'] = 0;
> $_SESSION['remember'] = false;
> }
>
> function _checkLogin($username, $password, $remember = false)
> {
> $username = mysql_escape_string($username);
> $password = $password;
> $sql = "SELECT * FROM member WHERE username =
> '$username' AND
> password = '$password'";
> $result = mysql_query($sql) or die("Could not
> select");
> $return_result = mysql_fetch_assoc($result);
> if (mysql_num_rows($result)) {
> if ($this->_setSession($return_result,
> $remember)) {
> return
> $return_result['username'];
> }
> } else {
> $this->failed = true;
> $this->_logout();
> return false;
> }
> }
>
> function _setSession(&$values, $remember, $init = true) {
> $this->id = $values['member_id'];
> $_SESSION['uid'] = $this->id;
> $_SESSION['username'] =
> htmlspecialchars($values['username']);
> $_SESSION['cookie'] = $values['cookie'];
> $_SESSION['logged'] = true;
> echo "session_logged: ".$_SESSION['logged'];
> if ($remember) {
> $this->updateCookie($values['cookie'], true);
> }
> if ($init) {
> $session = session_id();
> $ip = $_SERVER['REMOTE_ADDR'];
>
> $sql = "UPDATE member SET session =
> '$session', ip = '$ip' WHERE
> member_id = '$this->id'";
> mysql_query($sql);
> return true;
> }
> }
>
> function _logout() {
> $query = "UPDATE member SET cookie='', session='',
> ip='' WHERE
> member_id='{$_SESSION['uid']}'";
> mysql_query($query) or die("Could not select");
>
> $_SESSION['logged'] = false;
> $_SESSION = array();
> session_destroy();
> return true;
> }
> }
>
>
> Here is the code that does the login.. This is what I have on every
> page:
> $_REQUEST['login'] and $_REQUEST['logout'] are sent from the form...
> Login and logout works perfect in localhost using xampp.. on my
> hosting sever, the login does not persist and $_SESSION['logged'] sets
> to "false" whenever I click on another page within the site.
>
> > $db = new db_connect();
> $db = $db->connectDB();
> $user = new User($db);
> if ($_SESSION['logged'] && isset($_REQUEST['logout'])) {
> $logout = $user->_logout();
> if ($_REQUEST['cid']) {
> header("Location:".$_SERVER['PHP_SELF']."?cid=".
> $_REQUEST['cid']);
> } else if ($_REQUEST['prod']) {
> header("Location:".$_SERVER['PHP_SELF']."?prod=".
> $_REQUEST['prod']);
> } else {
> header("Location:".$_SERVER['PHP_SELF']);
> }
> ?>
>
> > } else if (!$_SESSION['logged'] && isset($_REQUEST['login'])) {
> $username = $user->_checkLogin($_REQUEST['username'],
> $_REQUEST['password']);
> echo "

Re: login problem

On Jan 30, 12:35 pm, Jerry Stuckle wrote:

>
> Do you have session_start() at the top of every page - before ANY output?
>

Yes i have session_start() at the top of every page.

Re: login problem

white lightning wrote:
> More codes:
>
> class User {
> function User(&$db) {
> $this->db = $db;
> }
>
> function session_defaults() {
> $_SESSION['logged'] = false;
> $_SESSION['uid'] = 0;
> $_SESSION['username'] = '';
> $_SESSION['cookie'] = 0;
> $_SESSION['remember'] = false;
> }
>
> function _checkLogin($username, $password, $remember = false)
> {
> $username = mysql_escape_string($username);
> $password = $password;
> $sql = "SELECT * FROM member WHERE username =
> '$username' AND
> password = '$password'";
> $result = mysql_query($sql) or die("Could not
> select");
> $return_result = mysql_fetch_assoc($result);
> if (mysql_num_rows($result)) {
> if ($this->_setSession($return_result,
> $remember)) {
> return
> $return_result['username'];
> }
> } else {
> $this->failed = true;
> $this->_logout();
> return false;
> }
> }
>
> function _setSession(&$values, $remember, $init = true) {
> $this->id = $values['member_id'];
> $_SESSION['uid'] = $this->id;
> $_SESSION['username'] =
> htmlspecialchars($values['username']);
> $_SESSION['cookie'] = $values['cookie'];
> $_SESSION['logged'] = true;
> echo "session_logged: ".$_SESSION['logged'];
> if ($remember) {
> $this->updateCookie($values['cookie'], true);
> }
> if ($init) {
> $session = session_id();
> $ip = $_SERVER['REMOTE_ADDR'];
>
> $sql = "UPDATE member SET session =
> '$session', ip = '$ip' WHERE
> member_id = '$this->id'";
> mysql_query($sql);
> return true;
> }
> }
>
> function _logout() {
> $query = "UPDATE member SET cookie='', session='',
> ip='' WHERE
> member_id='{$_SESSION['uid']}'";
> mysql_query($query) or die("Could not select");
>
> $_SESSION['logged'] = false;
> $_SESSION = array();
> session_destroy();
> return true;
> }
> }
>
>
> Here is the code that does the login.. This is what I have on every
> page:
> $_REQUEST['login'] and $_REQUEST['logout'] are sent from the form...
> Login and logout works perfect in localhost using xampp.. on my
> hosting sever, the login does not persist and $_SESSION['logged'] sets
> to "false" whenever I click on another page within the site.
>
> > $db = new db_connect();
> $db = $db->connectDB();
> $user = new User($db);
> if ($_SESSION['logged'] && isset($_REQUEST['logout'])) {
> $logout = $user->_logout();
> if ($_REQUEST['cid']) {
> header("Location:".$_SERVER['PHP_SELF']."?cid=".
> $_REQUEST['cid']);
> } else if ($_REQUEST['prod']) {
> header("Location:".$_SERVER['PHP_SELF']."?prod=".
> $_REQUEST['prod']);
> } else {
> header("Location:".$_SERVER['PHP_SELF']);
> }
> ?>
>
> > } else if (!$_SESSION['logged'] && isset($_REQUEST['login'])) {
> $username = $user->_checkLogin($_REQUEST['username'],
> $_REQUEST['password']);
> echo "

\n";

print_r($_SESSION);

echo "

Re: login problem

white lightning wrote:
> More codes:
>
> class User {
> function User(&$db) {
> $this->db = $db;
> }
>
> function session_defaults() {
> $_SESSION['logged'] = false;
> $_SESSION['uid'] = 0;
> $_SESSION['username'] = '';
> $_SESSION['cookie'] = 0;
> $_SESSION['remember'] = false;
> }
>
> function _checkLogin($username, $password, $remember = false)
> {
> $username = mysql_escape_string($username);
> $password = $password;
> $sql = "SELECT * FROM member WHERE username =
> '$username' AND
> password = '$password'";
> $result = mysql_query($sql) or die("Could not
> select");
> $return_result = mysql_fetch_assoc($result);
> if (mysql_num_rows($result)) {
> if ($this->_setSession($return_result,
> $remember)) {
> return
> $return_result['username'];
> }
> } else {
> $this->failed = true;
> $this->_logout();
> return false;
> }
> }
>
> function _setSession(&$values, $remember, $init = true) {
> $this->id = $values['member_id'];
> $_SESSION['uid'] = $this->id;
> $_SESSION['username'] =
> htmlspecialchars($values['username']);
> $_SESSION['cookie'] = $values['cookie'];
> $_SESSION['logged'] = true;
> echo "session_logged: ".$_SESSION['logged'];
> if ($remember) {
> $this->updateCookie($values['cookie'], true);
> }
> if ($init) {
> $session = session_id();
> $ip = $_SERVER['REMOTE_ADDR'];
>
> $sql = "UPDATE member SET session =
> '$session', ip = '$ip' WHERE
> member_id = '$this->id'";
> mysql_query($sql);
> return true;
> }
> }
>
> function _logout() {
> $query = "UPDATE member SET cookie='', session='',
> ip='' WHERE
> member_id='{$_SESSION['uid']}'";
> mysql_query($query) or die("Could not select");
>
> $_SESSION['logged'] = false;
> $_SESSION = array();
> session_destroy();
> return true;
> }
> }
>
>
> Here is the code that does the login.. This is what I have on every
> page:
> $_REQUEST['login'] and $_REQUEST['logout'] are sent from the form...
> Login and logout works perfect in localhost using xampp.. on my
> hosting sever, the login does not persist and $_SESSION['logged'] sets
> to "false" whenever I click on another page within the site.
>
> > $db = new db_connect();
> $db = $db->connectDB();
> $user = new User($db);
> if ($_SESSION['logged'] && isset($_REQUEST['logout'])) {
> $logout = $user->_logout();
> if ($_REQUEST['cid']) {
> header("Location:".$_SERVER['PHP_SELF']."?cid=".
> $_REQUEST['cid']);
> } else if ($_REQUEST['prod']) {
> header("Location:".$_SERVER['PHP_SELF']."?prod=".
> $_REQUEST['prod']);
> } else {
> header("Location:".$_SERVER['PHP_SELF']);
> }
> ?>
>
> > } else if (!$_SESSION['logged'] && isset($_REQUEST['login'])) {
> $username = $user->_checkLogin($_REQUEST['username'],
> $_REQUEST['password']);
> echo "

\n";

print_r($_SESSION);

echo "

Re: login problem

On Jan 30, 1:19 pm, Jerry Stuckle wrote:

> OK, what do you have in $_SESSION when it fails?
>
> echo "

\n";

> print_r($_SESSION);

> echo "

Re: login problem

white lightning wrote:
> On Jan 30, 1:19 pm, Jerry Stuckle wrote:
>
>> OK, what do you have in $_SESSION when it fails?
>>
>> echo "

\n";

>> print_r($_SESSION);

>> echo "

Re: login problem

white lightning wrote:
> On Jan 30, 1:19 pm, Jerry Stuckle wrote:
>
>> OK, what do you have in $_SESSION when it fails?
>>
>> echo "

\n";

>> print_r($_SESSION);

>> echo "

Re: login problem

On Jan 31, 12:36 am, Jerry Stuckle wrote:

>
> >> OK, what do you have in $_SESSION when it fails?
>
> >> echo "

\n";

> >> print_r($_SESSION);

> >> echo "

Re: login problem

white lightning wrote:
> On Jan 31, 12:36 am, Jerry Stuckle wrote:
>
>>>> OK, what do you have in $_SESSION when it fails?
>>>> echo "

\n";

>>>> print_r($_SESSION);

>>>> echo "

Re: login problem

white lightning wrote:
> On Jan 31, 12:36 am, Jerry Stuckle wrote:
>
>>>> OK, what do you have in $_SESSION when it fails?
>>>> echo "

\n";

>>>> print_r($_SESSION);

>>>> echo "

Re: login problem

On Jan 31, 11:32 pm, Jerry Stuckle wrote:
>>>
>
> Did you do as I said - put another value in the $_SESSION array duringloginwhich is NOT cleared when you log out?
>

well this is what i did in the logout() function in my User class..
function _logout() {
$query = "UPDATE member SET cookie='', session='',
ip='' WHERE
member_id='{$_SESSION['uid']}'";
mysql_query($query) or die("Could not select");

$_SESSION['logged'] = false;
//$_SESSION = array();
//session_destroy();
return true;
}

I commented out 2 lines that is supposed to keep the session array as
it is after logout but the result is same as before. Is that what you
are asking me to do? something like this, right?

> Also, did you enable the E_NOTICE errors display?
>

when i add "error_reporting(E_ALL);" or "error_reporting(E_NOTICE);"
in my code, I get the following error after I press the "login"
button.. but normal browsing is ok..

Error 405 Method Not Allowed

The requested method POST is not allowed for URL

Re: login problem

white lightning wrote:
> On Jan 31, 11:32 pm, Jerry Stuckle wrote:
>> Did you do as I said - put another value in the $_SESSION array duringloginwhich is NOT cleared when you log out?
>>
>
> well this is what i did in the logout() function in my User class..
> function _logout() {
> $query = "UPDATE member SET cookie='', session='',
> ip='' WHERE
> member_id='{$_SESSION['uid']}'";
> mysql_query($query) or die("Could not select");
>
> $_SESSION['logged'] = false;
> //$_SESSION = array();
> //session_destroy();
> return true;
> }
>
> I commented out 2 lines that is supposed to keep the session array as
> it is after logout but the result is same as before. Is that what you
> are asking me to do? something like this, right?
>

OK, that should help. It means the session isn't being destroyed - but
it is being lost.

BTW - I just noticed - you should NEVER set $_SESSION to array() (or
anything else). Just set the items within the array. When you set
$_SESSION itself to something, it loses it's superglobal status.
Rather, you should unset() the elements you no longer need.

And you shouldn't destroy the session - it may very well have
information from other parts of your code. Maybe not now, but later.


>> Also, did you enable the E_NOTICE errors display?
>>
>
> when i add "error_reporting(E_ALL);" or "error_reporting(E_NOTICE);"
> in my code, I get the following error after I press the "login"
> button.. but normal browsing is ok..
>
> Error 405 Method Not Allowed
>
> The requested method POST is not allowed for URL
>

OK, that's a start. What page are you trying to post to?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: login problem

white lightning wrote:
> On Jan 31, 11:32 pm, Jerry Stuckle wrote:
>> Did you do as I said - put another value in the $_SESSION array duringloginwhich is NOT cleared when you log out?
>>
>
> well this is what i did in the logout() function in my User class..
> function _logout() {
> $query = "UPDATE member SET cookie='', session='',
> ip='' WHERE
> member_id='{$_SESSION['uid']}'";
> mysql_query($query) or die("Could not select");
>
> $_SESSION['logged'] = false;
> //$_SESSION = array();
> //session_destroy();
> return true;
> }
>
> I commented out 2 lines that is supposed to keep the session array as
> it is after logout but the result is same as before. Is that what you
> are asking me to do? something like this, right?
>

OK, that should help. It means the session isn't being destroyed - but
it is being lost.

BTW - I just noticed - you should NEVER set $_SESSION to array() (or
anything else). Just set the items within the array. When you set
$_SESSION itself to something, it loses it's superglobal status.
Rather, you should unset() the elements you no longer need.

And you shouldn't destroy the session - it may very well have
information from other parts of your code. Maybe not now, but later.


>> Also, did you enable the E_NOTICE errors display?
>>
>
> when i add "error_reporting(E_ALL);" or "error_reporting(E_NOTICE);"
> in my code, I get the following error after I press the "login"
> button.. but normal browsing is ok..
>
> Error 405 Method Not Allowed
>
> The requested method POST is not allowed for URL
>

OK, that's a start. What page are you trying to post to?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: login problem

On Feb 1, 12:46 pm, Jerry Stuckle wrote:

>
> OK, that should help. It means the session isn't being destroyed - but
> it is being lost.
>

how come it works on my localhost and not on the hosting server?
different php version issue (perhaps)?

> BTW - I just noticed - you should NEVER set $_SESSION to array() (or
> anything else). Just set the items within the array. When you set
> $_SESSION itself to something, it loses it's superglobal status.
> Rather, you should unset() the elements you no longer need.
>
> And you shouldn't destroy the session - it may very well have
> information from other parts of your code. Maybe not now, but later.
>

thanks for the tip.. yes i did realise that but i destroyed the
session as an easy solution.. anyway, advice taken..

> >> Also, did you enable the E_NOTICE errors display?
>
> > when i add "error_reporting(E_ALL);" or "error_reporting(E_NOTICE);"
> > in my code, I get the following error after I press the "login"
> > button.. but normal browsing is ok..
>
> > Error 405 Method Not Allowed
>
> > The requested method POST is not allowed for URL
>
> OK, that's a start. What page are you trying to post to?

This is how my "post" looks like:

Re: login problem

white lightning wrote:
> On Feb 1, 12:46 pm, Jerry Stuckle wrote:
>
>> OK, that should help. It means the session isn't being destroyed - but
>> it is being lost.
>>
>
> how come it works on my localhost and not on the hosting server?
> different php version issue (perhaps)?
>

Not necessarily. There are a lot of different options in PHP, and
several could cause problems. But I'm still trying to figure out if any
session values work.

>> BTW - I just noticed - you should NEVER set $_SESSION to array() (or
>> anything else). Just set the items within the array. When you set
>> $_SESSION itself to something, it loses it's superglobal status.
>> Rather, you should unset() the elements you no longer need.
>>
>> And you shouldn't destroy the session - it may very well have
>> information from other parts of your code. Maybe not now, but later.
>>
>
> thanks for the tip.. yes i did realise that but i destroyed the
> session as an easy solution.. anyway, advice taken..
>
>>>> Also, did you enable the E_NOTICE errors display?
>>> when i add "error_reporting(E_ALL);" or "error_reporting(E_NOTICE);"
>>> in my code, I get the following error after I press the "login"
>>> button.. but normal browsing is ok..
>>> Error 405 Method Not Allowed
>>> The requested method POST is not allowed for URL
>> OK, that's a start. What page are you trying to post to?
>
> This is how my "post" looks like:
> > enctype="multipart/form-data" name="login_form">
>

Re: login problem

white lightning wrote:
> On Feb 1, 12:46 pm, Jerry Stuckle wrote:
>
>> OK, that should help. It means the session isn't being destroyed - but
>> it is being lost.
>>
>
> how come it works on my localhost and not on the hosting server?
> different php version issue (perhaps)?
>

Not necessarily. There are a lot of different options in PHP, and
several could cause problems. But I'm still trying to figure out if any
session values work.

>> BTW - I just noticed - you should NEVER set $_SESSION to array() (or
>> anything else). Just set the items within the array. When you set
>> $_SESSION itself to something, it loses it's superglobal status.
>> Rather, you should unset() the elements you no longer need.
>>
>> And you shouldn't destroy the session - it may very well have
>> information from other parts of your code. Maybe not now, but later.
>>
>
> thanks for the tip.. yes i did realise that but i destroyed the
> session as an easy solution.. anyway, advice taken..
>
>>>> Also, did you enable the E_NOTICE errors display?
>>> when i add "error_reporting(E_ALL);" or "error_reporting(E_NOTICE);"
>>> in my code, I get the following error after I press the "login"
>>> button.. but normal browsing is ok..
>>> Error 405 Method Not Allowed
>>> The requested method POST is not allowed for URL
>> OK, that's a start. What page are you trying to post to?
>
> This is how my "post" looks like:
> > enctype="multipart/form-data" name="login_form">
>