Strange things with sessions

Hi,

I have problems with this following script that is called from page1.php
and then go back to the calling page. But it seems the SESSION values are
not saved properly, for in the calling page they are empty.
This is the script:

session_start();
error_reporting(E_ALL);
if (!defined("BASE_PATH")) define('BASE_PATH', isset($_SERVER
['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : substr($_SERVER
['PATH_TRANSLATED'],0, -1*strlen($_SERVER['SCRIPT_NAME'])));
$_SERVER['DOCUMENT_ROOT']=BASE_PATH;
include($_SERVER['DOCUMENT_ROOT']."/script/dbconnect.php");
if (!isset($_SESSION['Login'])) $_SESSION['Login']=false;
//echo "SESSION[Login]:".$_SESSION['Login'];
$IdUser=session_id();
$data=date('Y-m-d');
if (!isset($HTTP_COOKIE_VARS["TeachingOnLine"]))
setcookie("TeachingOnLine",$IdUser,time()+60*60*24*365);
else
$IdUser=$HTTP_COOKIE_VARS["TeachingOnLine"];
// Apertura tabelle dei dati
//mysql_select_db($dbname);
$username=$_POST["username"];
if (strlen($username)<=3)
{
session_write_close();
if (isset($_SERVER['HTTP_REFERER']))
$url=$_SERVER['HTTP_REFERER'];
else
$url='http://'.$SERVER['HTTP_HOST']."/index.php";
header("Location: $url");
}
$username=mysql_escape_string($username);
$password=$_POST["password"];
$password=mysql_escape_string($password);
$tabella="utenti";
// Ricerca nella tabella Utenti la coppia UserName e UserPassword
$query="Select IdUser, Username, UserPassword from $tabella where
('$password'=UserPassword) and ('$username'=Username)";
$result=mysql_query($query) or die(mysql_error());
// Legge IdUser
$record=mysql_fetch_array($result);
//$UserId=$record["IdUser"];
//$Username=$record["Username"];
//echo "UserId=".$UserId;
//echo " Username=".$Username;
// Se esiste l'utente con username e password allora consenti il login
if (mysql_affected_rows()==1)
{
$_SESSION['Login']=True;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login']=False;
////echo '";
$UserId=$record['IdUser'];
$Username=$record["Username"];
//echo "UserId=".$UserId;
$permessi="permessiutente";
$query_permessi="Select IdUtente, TipoPermesso from $permessi
where (IdUtente='$UserId')";
$risultato=mysql_query($query_permessi) or die (mysql_error());;
if (mysql_affected_rows()>0)
{
$record=mysql_fetch_array($risultato);
$permit=$record["TipoPermesso"];
//echo "Permesso ".$permit;
if (!isset($_SESSION["TipoPermesso"]))
$_SESSION["TipoPermesso"]=$permit;
////echo ' name="TipoPermesso" value='.$_SESSION['TipoPermesso'].">";
//echo "Tipo Permesso :". $_SESSION
['TipoPermesso'];
}
$url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/index.php";
//echo "Referer: ".$url;
//echo "Login:".$_SESSION['Login'];
session_write_close();
header("Location: $url");
}
else // Invia l'utente sulla pagina di registrazione
{
$_SESSION['Login']=False;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login']=False;
$url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/script/
RegistraUtente.php";
session_write_close();
header ("Location: $url");
}
?>

The strange thing is that the same script works properly for another
domain.


Francesco

--
http://www.itp-news.com

Re: Strange things with sessions

On Nov 9, 5:44 pm, Ezechiele wrote:
> Hi,
>
> I have problems with this following script that is called from page1.php
> and then go back to the calling page. But it seems the SESSION values are
> not saved properly, for in the calling page they are empty.
> This is the script:
>
> > session_start();
> error_reporting(E_ALL);
> if (!defined("BASE_PATH")) define('BASE_PATH', isset($_SERVER
> ['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : substr($_SERVER
> ['PATH_TRANSLATED'],0, -1*strlen($_SERVER['SCRIPT_NAME'])));
> $_SERVER['DOCUMENT_ROOT']=BASE_PATH;
> include($_SERVER['DOCUMENT_ROOT']."/script/dbconnect.php");
> if (!isset($_SESSION['Login'])) $_SESSION['Login']=false;
> //echo "SESSION[Login]:".$_SESSION['Login'];
> $IdUser=session_id();
> $data=date('Y-m-d');
> if (!isset($HTTP_COOKIE_VARS["TeachingOnLine"]))
> setcookie("TeachingOnLine",$IdUser,time()+60*60*24*365);
> ...

I wander where's Steve to kick your ass for such flagrant formatting.
I give up.

Re: Strange things with sessions

On 9 Nov, 18:37, Darko wrote:
> On Nov 9, 5:44 pm, Ezechiele wrote:
>
>
>
>
>
> > Hi,
>
> > I have problems with this following script that is called from page1.php
> > and then go back to the calling page. But it seems the SESSION values are
> > not saved properly, for in the calling page they are empty.
> > This is the script:
>
> > > > session_start();
> > error_reporting(E_ALL);
> > if (!defined("BASE_PATH")) define('BASE_PATH', isset($_SERVER
> > ['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : substr($_SERVER
> > ['PATH_TRANSLATED'],0, -1*strlen($_SERVER['SCRIPT_NAME'])));
> > $_SERVER['DOCUMENT_ROOT']=BASE_PATH;
> > include($_SERVER['DOCUMENT_ROOT']."/script/dbconnect.php");
> > if (!isset($_SESSION['Login'])) $_SESSION['Login']=false;
> > //echo "SESSION[Login]:".$_SESSION['Login'];
> > $IdUser=session_id();
> > $data=date('Y-m-d');
> > if (!isset($HTTP_COOKIE_VARS["TeachingOnLine"]))
> > setcookie("TeachingOnLine",$IdUser,time()+60*60*24*365);
> > ...
>
> I wander where's Steve to kick your ass for such flagrant formatting.
> I give up.- Hide quoted text -
>
> - Show quoted text -

He's busy over on comp.databases.mysql blaming usenet for his
inability to follow a conversation!

Re: Strange things with sessions

"Ezechiele" wrote in message
news:47348e78$0$16032$5fc30a8@news.tiscali.it...
> Hi,
>
> I have problems with this following script that is called from page1.php
> and then go back to the calling page. But it seems the SESSION values are
> not saved properly, for in the calling page they are empty.
> This is the script:
>

> $IdUser=$HTTP_COOKIE_VARS["TeachingOnLine"];

I ain't real good with this, but I think your problem has something to do
with that.
When using cookies, if I don't specify a domain, I often have migration
problems as well.


> $url='http://'.$SERVER['HTTP_HOST']."/index.php";
> header("Location: $url");

This too could be the problem.
When you set that location header, you redirected and I don't think the
session carried forward.
(Again - I aint' sure.)
That can be got around by redirecting through javascript, instead of through
HTTP, as you did.




>
> The strange thing is that the same script works properly for another
> domain.
>
>
> Francesco
>
> --
> http://www.itp-news.com

Re: Strange things with sessions

> I wander where's Steve to kick your ass for such flagrant formatting. I
> give up.

Sorry, I didn't realize how it was sent the message. I copied and past
the script here. Sorry again





--
http://www.itp-news.com

Re: Strange things with sessions

session_start();
error_reporting(E_ALL);
if (!defined("BASE_PATH")) define('BASE_PATH', isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : substr($_SERVER['PATH_TRANSLATED'],0, -1*strlen($_SERVER['SCRIPT_NAME'])));
$_SERVER['DOCUMENT_ROOT']=BASE_PATH;
include($_SERVER['DOCUMENT_ROOT']."/script/dbconnect.php");
if (!isset($_SESSION['Login'])) $_SESSION['Login']=false;
//echo "SESSION[Login]:".$_SESSION['Login'];
$IdUser=session_id();
$data=date('Y-m-d');
if (!isset($HTTP_COOKIE_VARS["TeachingOnLine"])) setcookie("TeachingOnLine",$IdUser,time()+60*60*24*365);
else
$IdUser=$HTTP_COOKIE_VARS["TeachingOnLine"];
// Apertura tabelle dei dati
//mysql_select_db($dbname);
$username=$_POST["username"];
if (strlen($username)<=3)
{
session_write_close();
if (isset($_SERVER['HTTP_REFERER']))
$url=$_SERVER['HTTP_REFERER'];
else
$url='http://'.$SERVER['HTTP_HOST']."/index.php";
header("Location: $url");
}
$username=mysql_escape_string($username);
$password=$_POST["password"];
$password=mysql_escape_string($password);
$tabella="utenti";
// Ricerca nella tabella Utenti la coppia UserName e UserPassword
$query="Select IdUser, Username, UserPassword from $tabella where ('$password'=UserPassword) and ('$username'=Username)";
$result=mysql_query($query) or die(mysql_error());
// Legge IdUser
$record=mysql_fetch_array($result);
//$UserId=$record["IdUser"];
//$Username=$record["Username"];
//echo "UserId=".$UserId;
//echo " Username=".$Username;
// Se esiste l'utente con username e password allora consenti il login if
(mysql_affected_rows()==1)
{
$_SESSION['Login']=True;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login']=False;
////echo '";
$UserId=$record['IdUser'];
$Username=$record["Username"];
//echo "UserId=".$UserId;
$permessi="permessiutente";
$query_permessi="Select IdUtente, TipoPermesso from $permessi where (IdUtente='$UserId')";
$risultato=mysql_query($query_permessi) or die (mysql_error());
if (mysql_affected_rows()>0)
{
$record=mysql_fetch_array($risultato);
$permit=$record["TipoPermesso"];
//echo "Permesso ".$permit;
if (!isset($_SESSION["TipoPermesso"]))
$_SESSION["TipoPermesso"]=$permit;
////echo '";
//echo "Tipo Permesso :". $_SESSION['TipoPermesso'];
}
$url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/index.php";
//echo "Referer: ".$url;
//echo "Login:".$_SESSION['Login'];
session_write_close();
header("Location: $url");
}
else // Invia l'utente sulla pagina di registrazione {
$_SESSION['Login']=False;
//echo "SESSION[Login]:".$_SESSION['Login']; $_POST['Login']=False;
$url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/script/Regis traUtente.php";
session_write_close();
header ("Location: $url");
}
?>

I hope now it is ok :-(




--
http://www.itp-news.com

Re: Strange things with sessions

> I wander where's Steve to kick your ass for such flagrant formatting. I
> give up.

session_start();
error_reporting(E_ALL);
if (!defined("BASE_PATH")) define('BASE_PATH', isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : substr($_SERVER['PATH_TRANSLATED'],0, -1*strlen($_SERVER['SCRIPT_NAME'])));
$_SERVER['DOCUMENT_ROOT']=BASE_PATH;
include($_SERVER['DOCUMENT_ROOT']."/script/dbconnect.php");
if (!isset($_SESSION['Login'])) $_SESSION['Login']=false;
//echo "SESSION[Login]:".$_SESSION['Login'];
$IdUser=session_id();
$data=date('Y-m-d');
if (!isset($HTTP_COOKIE_VARS["TeachingOnLine"])) setcookie("TeachingOnLine",$IdUser,time()+60*60*24*365);
else
$IdUser=$HTTP_COOKIE_VARS["TeachingOnLine"];
// Apertura tabelle dei dati
//mysql_select_db($dbname);
$username=$_POST["username"];
if (strlen($username)<=3)
{
session_write_close();
if (isset($_SERVER['HTTP_REFERER']))
$url=$_SERVER['HTTP_REFERER'];
else
$url='http://'.$SERVER['HTTP_HOST']."/index.php";
header("Location: $url");
}
$username=mysql_escape_string($username);
$password=$_POST["password"];
$password=mysql_escape_string($password);
$tabella="utenti";
// Ricerca nella tabella Utenti la coppia UserName e UserPassword
$query="Select IdUser, Username, UserPassword from $tabella where ('$password'=UserPassword) and ('$username'=Username)";
$result=mysql_query($query) or die(mysql_error());
// Legge IdUser
$record=mysql_fetch_array($result);
//$UserId=$record["IdUser"];
//$Username=$record["Username"];
//echo "UserId=".$UserId;
//echo " Username=".$Username;
// Se esiste l'utente con username e password allora consenti il login if
(mysql_affected_rows()==1)
{
$_SESSION['Login']=True;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login']=False;
////echo '";
$UserId=$record['IdUser'];
$Username=$record["Username"];
//echo "UserId=".$UserId;
$permessi="permessiutente";
$query_permessi="Select IdUtente, TipoPermesso from $permessi where (IdUtente='$UserId')";
$risultato=mysql_query($query_permessi) or die (mysql_error());
if (mysql_affected_rows()>0)
{
$record=mysql_fetch_array($risultato);
$permit=$record["TipoPermesso"];
//echo "Permesso ".$permit;
if (!isset($_SESSION["TipoPermesso"]))
$_SESSION["TipoPermesso"]=$permit;
////echo '";
//echo "Tipo Permesso :". $_SESSION['TipoPermesso'];
}
$url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/index.php";
//echo "Referer: ".$url;
//echo "Login:".$_SESSION['Login'];
session_write_close();
header("Location: $url");
}
else // Invia l'utente sulla pagina di registrazione {
$_SESSION['Login']=False;
//echo "SESSION[Login]:".$_SESSION['Login']; $_POST['Login']=False;
$url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/script/Regis traUtente.php";
session_write_close();
header ("Location: $url");
}
?>

I hope now it is ok :-(



--
http://www.itp-news.com

Re: Strange things with sessions

On Nov 9, 9:13 pm, Ezechiele wrote:
> > I wander where's Steve to kick your ass for such flagrant formatting. I
> > give up.
>
> > session_start();
> error_reporting(E_ALL);
> if (!defined("BASE_PATH")) define('BASE_PATH', isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : substr($_SERVER['PATH_TRANSLATED'],0, -1*strlen($_SERVER['SCRIPT_NAME'])));
> $_SERVER['DOCUMENT_ROOT']=BASE_PATH;
> include($_SERVER['DOCUMENT_ROOT']."/script/dbconnect.php");
> if (!isset($_SESSION['Login'])) $_SESSION['Login']=false;
> //echo "SESSION[Login]:".$_SESSION['Login'];
> $IdUser=session_id();
> $data=date('Y-m-d');
> if (!isset($HTTP_COOKIE_VARS["TeachingOnLine"])) setcookie("TeachingOnLine",$IdUser,time()+60*60*24*365);
> else
> $IdUser=$HTTP_COOKIE_VARS["TeachingOnLine"];
> // Apertura tabelle dei dati
> //mysql_select_db($dbname);
> $username=$_POST["username"];
> if (strlen($username)<=3)
> {
> session_write_close();
> if (isset($_SERVER['HTTP_REFERER']))
> $url=$_SERVER['HTTP_REFERER'];
> else
> $url='http://'.$SERVER['HTTP_HOST']."/index.php";
> header("Location: $url");}
>
> $username=mysql_escape_string($username);
> $password=$_POST["password"];
> $password=mysql_escape_string($password);
> $tabella="utenti";
> // Ricerca nella tabella Utenti la coppia UserName e UserPassword
> $query="Select IdUser, Username, UserPassword from $tabella where ('$password'=UserPassword) and ('$username'=Username)";
> $result=mysql_query($query) or die(mysql_error());
> // Legge IdUser
> $record=mysql_fetch_array($result);
> //$UserId=$record["IdUser"];
> //$Username=$record["Username"];
> //echo "UserId=".$UserId;
> //echo " Username=".$Username;
> // Se esiste l'utente con username e password allora consenti il login if
> (mysql_affected_rows()==1)
> {
> $_SESSION['Login']=True;
> //echo "SESSION[Login]:".$_SESSION['Login'];
> $_POST['Login']=False;
> ////echo '";
> $UserId=$record['IdUser'];
> $Username=$record["Username"];
> //echo "UserId=".$UserId;
> $permessi="permessiutente";
> $query_permessi="Select IdUtente, TipoPermesso from $permessi where (IdUtente='$UserId')";
> $risultato=mysql_query($query_permessi) or die (mysql_error());
> if (mysql_affected_rows()>0)
> {
> $record=mysql_fetch_array($risultato);
> $permit=$record["TipoPermesso"];
> //echo "Permesso ".$permit;
> if (!isset($_SESSION["TipoPermesso"]))
> $_SESSION["TipoPermesso"]=$permit;
> ////echo '";
> //echo "Tipo Permesso :". $_SESSION['TipoPermesso'];
> }
> $url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/index.php";
> //echo "Referer: ".$url;
> //echo "Login:".$_SESSION['Login'];
> session_write_close();
> header("Location: $url");}
>
> else // Invia l'utente sulla pagina di registrazione {
> $_SESSION['Login']=False;
> //echo "SESSION[Login]:".$_SESSION['Login']; $_POST['Login']=False;
> $url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/script/Regis traUtente.php";
> session_write_close();
> header ("Location: $url");}
>
> ?>
>
> I hope now it is ok :-(
>
> --http://www.itp-news.com

I'm not sure, but I also think redirection is the problem. When you
visit a page that sets session values,
the page automatically transmits the session id in cookies. However,
if you redirect the user in the header,
I don't think the browser will bother to read and place the cookies
locally, but will automatically cancel
everything and go to the given address. So, you should try sending
redirection directives instead of
this, or use Javascript, whatever.

As for the rest of code, consider the following advices:
* Use $_COOKIE and $_SERVER instead of $HTTP_COOKIE_VARS and
$HTTP_SERVER_VARS, respectively; $_COOKIE
and $_SERVER are superglobal, while using HTTP_COOKIE_VARS and
HTTP_SERVER_VARS requires calling
global() on them. Also, unless you're using PHP 4.1.0 or older,
$_COOKIE and $_SERVER are recommended
by the manual, for they are newer.
* While debugging, error_reporting( E_STRICT ) is recommended, since
E_ALL doesn't imply E_STRICT which might help
* Check mysql_query() for errors differently. Don't use die() since
the users will be left with a blank page.
* Use mysql_real_escape_string instead of mysql_escape_string. Look up
the manual for explanation and
confirmation that it's recommended.
* Don't just redirect the user to the previous page; it doesn't have
to mean they have bad intentions
if they don't fill the data right. If you just take them back to
previous page, they will be confused.
Use error reports instead.
* mysql_affected_rows doesn't count the number of SELECT-ed rows. It
serves the purpose of counting
how many rows were affected by last INSERT, UPDATE, REPLACE or
DELETE queries.
* Don't "calculate" base path, index page, etc. Use some form of
Config class or .ini files to define these values.

Regards,

Darko

Re: Strange things with sessions

"Darko" wrote in message
news:1194644890.091070.8510@v2g2000hsf.googlegroups.com...

> I'm not sure, but I also think redirection is the problem. When you
> visit a page that sets session values,
> the page automatically transmits the session id in cookies. However,
> if you redirect the user in the header,
> I don't think the browser will bother to read and place the cookies
> locally, but will automatically cancel
> everything and go to the given address. So, you should try sending
> redirection directives instead of
> this, or use Javascript, whatever.

I would expect that a META would have the same cookie effect as a header().
That's why it uses the attribute "http-equiv".
I'd be interested to hear if that's how it worked out.

Re: Strange things with sessions

On Nov 9, 11:10 pm, "Sanders Kaufman" wrote:
> "Darko" wrote in message
>
> news:1194644890.091070.8510@v2g2000hsf.googlegroups.com...
>
> > I'm not sure, but I also think redirection is the problem. When you
> > visit a page that sets session values,
> > the page automatically transmits the session id in cookies. However,
> > if you redirect the user in the header,
> > I don't think the browser will bother to read and place the cookies
> > locally, but will automatically cancel
> > everything and go to the given address. So, you should try sending
> > redirection directives instead of
> > this, or use Javascript, whatever.
>
> I would expect that a META would have the same cookie effect as a header().
> That's why it uses the attribute "http-equiv".
> I'd be interested to hear if that's how it worked out.

I'm not sure, really. I didn't use it for a long time; from the time I
hadn't used
sessions :)

Although, I know that the page in that case does get completely loaded
and even
shown in the browser, so I reckon maybe the cookies still -get- read,
but it
should be tested.

Until then, Ezechiele should try it with Javascript, just to make sure.

Re: Strange things with sessions

Greetings, Ezechiele.
In reply to Your message dated Friday, November 9, 2007, 19:44:40,

> Hi,

> I have problems with this following script that is called from page1.php
> and then go back to the calling page. But it seems the SESSION values are
> not saved properly, for in the calling page they are empty.
> This is the script:

The strange thing is that You using autoglobal arrays the same time as
deprecated long-name arrays.
Rewrite Your script using recommended autoglobal arrays $_SERVER, $_COOKIES
only and see if it work.
BTW, make sure You are NOT redirecting from http://www.host/ to http://host


> The strange thing is that the same script works properly for another
> domain.

If that domain on another hoster - probablethey both have different settings
for PHP.


--
Sincerely Yours, AnrDaemon

Re: Strange things with sessions

Greetings, Ezechiele.
In reply to Your message dated Friday, November 9, 2007, 19:44:40,

More light to issue.
Common:
Code structure is ambigous. You're continue to work on user input even if
there's nothing to do after first block.

Pack code into if's, draw logic on paper if that would help You better than
raw code.

And please do not use such lame formatting rules. It is hard to decide what
happened after many if's in this code.

Now read the rest: (or load into any environmet with Colorer support and call
errors list)


session_start();
error_reporting(E_ALL);

if (!defined("BASE_PATH"))
{
define('BASE_PATH', isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] :
// FIX Why not dirname($_SERVER['SCRIPT_NAME']) ??
substr($_SERVER['PATH_TRANSLATED'], 0, -1*strlen($_SERVER['SCRIPT_NAME'])));
}

$_SERVER['DOCUMENT_ROOT'] = BASE_PATH;

include($_SERVER['DOCUMENT_ROOT']."/script/dbconnect.php");
if (!isset($_SESSION['Login']))
{
$_SESSION['Login'] = false;
}

//echo "SESSION[Login]:".$_SESSION['Login'];

$IdUser = session_id();
$data = date('Y-m-d');

if (!isset($_COOKIE["TeachingOnLine"]))
{
// BUG $_COOKIE array does not filled when setcookie called
setcookie("TeachingOnLine", $IdUser, time()+60*60*24*365);
// FIX You should call it yourself if You want to use it's value in current script
// FIX $_COOKIE["TeachingOnLine"] = $IdUser;
}
else
{
$IdUser = $_COOKIE["TeachingOnLine"];
}
// Apertura tabelle dei dati
//mysql_select_db($dbname);
$username = $_POST["username"];
if (strlen($username) <= 3)
{
session_write_close();
// BUG CRITICAL: DO NOT TRUST USER INPUT! EVER!
if (isset($_SERVER['HTTP_REFERER']))
{
$url = $_SERVER['HTTP_REFERER'];
}
else
{
$url='http://'.$SERVER['HTTP_HOST']."/index.php";
}
header("Location: $url");
}
$username = mysql_escape_string($username);
$password = $_POST["password"];
$password = mysql_escape_string($password);
$tabella = "utenti";
// Ricerca nella tabella Utenti la coppia UserName e UserPassword
// BUG CRITICAL: DO NOT FETCH PASSWORDS FROM DATABASE! EVER!
$query = "SELECT IdUser, Username, UserPassword FROM $tabella WHERE ('$password' = UserPassword) and ('$username'=Username)";
$result = mysql_query($query) or die(mysql_error());
// Legge IdUser
$record = mysql_fetch_array($result);
//$UserId=$record["IdUser"];
//$Username=$record["Username"];
//echo "UserId=".$UserId;
//echo " Username=".$Username;
// Se esiste l'utente con username e password allora consenti il login
if (mysql_affected_rows() == 1)
{
$_SESSION['Login'] = true;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login'] = false;
////echo '";
$UserId = $record['IdUser'];
$Username = $record["Username"];
//echo "UserId=".$UserId;
$permessi = "permessiutente";
$query_permessi = "SELECT IdUtente, TipoPermesso FROM $permessi WHERE (IdUtente='$UserId')";
$risultato = mysql_query($query_permessi) or die (mysql_error());;
if (mysql_affected_rows()>0)
{
$record = mysql_fetch_array($risultato);
$permit = $record["TipoPermesso"];
//echo "Permesso ".$permit;
// BUG Why such lame? If You want to change user permissions, You can't before cookie expires.
if (!isset($_SESSION["TipoPermesso"]))
{
$_SESSION["TipoPermesso"] = $permit;
}
////echo '";
//echo "Tipo Permesso :". $_SESSION['TipoPermesso'];
}
$url = 'http://'.$_SERVER['HTTP_HOST']."/index.php";
//echo "Referer: ".$url;
//echo "Login:".$_SESSION['Login'];
session_write_close();
header("Location: $url");
}
else // Invia l'utente sulla pagina di registrazione
{
$_SESSION['Login'] = false;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login'] = false;
$url='http://'.$_SERVER['HTTP_HOST']."/script/RegistraUtente .php";
session_write_close();
header ("Location: $url");
}
?>

--
Sincerely Yours, AnrDaemon

Re: Strange things with sessions

> Until then, Ezechiele should try it with Javascript, just to make sure.

Hi, excuse me everybody that tried to help me if I didn't answer. I
refined my script, reading your posts, and it works better now. I removed
a lot of incongruences, but it still doesn't pass values to the calling
page.
I tried to avoid using javascript for it could be not activated.
It seems that a $_SESSION value couldn't be passed between pages if I use
an header() function, but it is really strange, for I have used the same,
identical script in another site I have written, and it works fine.


Francesco


--
http://www.itp-news.com