PHP Sessions Issue


TheSilentDrifter
Member
Registered: 29.12.11 18:02
Timezone: UTC -7
Posts: 19

I have session_start(); At the top of all of my pages, but after submitting information, validating it, and setting session variables, the session does not seem to record any values ( at least not on other pages ). Refreshing the page dumps the data as well. Does anyone have any ideas?

login.php

<html lang="en">
  8   <head>
  9     <meta charset="utf-8" />
 10     <link rel="stylesheet" href="../css/main.css" type="text/css" />
 11     <title>Login</title>
 12         <?php 
 13           if( isset( $_SESSION[ 'authorized' ] ) ) {
 14             echo "<style>main div#login_form form { display: none; }</style>";
 15           }
 16         ?>
 17   </head>
 18   <body>
 19     <nav>
 20       <?php include( "../navigation.html" ); ?>
 21     </nav>
 22     <main>
 23       <h2>Login Page</h2>
 24       <div id="login_form">
 25 
 26         <?php
 27           if ( isset( $_SESSION[ 'authorized' ] ) ) {
 28             echo "<p>You are already logged in " . $_SESSION[ 'username' ] . "!</p>";
 29             echo "<p><a href=\"./login.php\"><button onclick=\"" . session_destroy() . "\">Logout</button></a></>
 30             echo "<h6>Refresh the page after clicking the button</h6>";
 31           }
 32         ?>
 33         <form method="post" action="authenticate.php">
 34 
 35           <label for="username">Username:</label>
 36           <input type="text" id="username" name="username" placeholder="Enter Username" required />
 37           <br />
 38           <br />
 39           <label for="password">Password:</label>
 40           <input type="password" id="password" name="password" placeholder="Enter Password" required />
 41           <br />
 42           <br />
 43           <input type="submit" name="login" id="login" value="Login" />
 44         
 45         </form>
 46       </div>
 47     </main>
 48     <footer>
 49       <?php include( "../footer.html" ); ?>
 50     </footer>
 51   </body>
 52 </html>

authenticate.php

127   public function authenticateUser() {
128     $this->database->connect();
129     $tmpResults = $this->database->query( "SELECT `username`, `password`, `hash` FROM `users` WHERE username=\"$this->username\"" );
130     if ( $tmpResults->num_rows > 0 ) {
131       while ( $tmpRow = $tmpResults->fetch_assoc() ) {
132         $this->dbUsername[] = $tmpRow[ 'username' ];
133         $this->dbPassword[] = $tmpRow[ 'password' ];
134         $this->dbSalt[]     = $tmpRow[ 'hash' ];
135       }
136     } else {
137       return FALSE;
138     }
139 
140       $providedPass = crypt( $this->password, $this->dbSalt[0] );
141     if ( strcmp( $this->username, $this->dbUsername[0] ) == 0 &&
142          strcmp( $providedPass, $this->dbPassword[0] ) == 0 ) {
143       $this->isAuthorized = true;
144       $_SESSION[ 'username' ]   = $this->dbUsername[0];
145       $_SESSION[ 'authorized' ] = uniqid() . uniqid();
146       return $this->isAuthorized;
147     } else {
148       return FALSE;
149     }
150   }
151 }

i169.photobucket.com/albums/u209/eowdaemon/TheSilentDrifter-1.jpg


TheSilentDrifter
Member
Registered: 29.12.11 18:02
Timezone: UTC -7
Posts: 19

Evidently the issue is calling session_destroy() inside the same file. The solution I ended up coming to was to make a logout.php file that gets called on click, and then the logout.php file will call session_destroy() instead.

i169.photobucket.com/albums/u209/eowdaemon/TheSilentDrifter-1.jpg


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 152

It ought to work within the same file. Maybe there was a bug with the logic for checking if it should destroy or not.

By the way, you should really consider using prepared statements for your database queries.

i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg