|
|
Posted by Jerry Stuckle on 01/30/08 02:19
white lightning wrote:
> More codes:
>
> class User {
> function User(&$db) {
> $this->db = $db;
> }
>
> function session_defaults() {
> $_SESSION['logged'] = false;
> $_SESSION['uid'] = 0;
> $_SESSION['username'] = '';
> $_SESSION['cookie'] = 0;
> $_SESSION['remember'] = false;
> }
>
> function _checkLogin($username, $password, $remember = false)
> {
> $username = mysql_escape_string($username);
> $password = $password;
> $sql = "SELECT * FROM member WHERE username =
> '$username' AND
> password = '$password'";
> $result = mysql_query($sql) or die("Could not
> select");
> $return_result = mysql_fetch_assoc($result);
> if (mysql_num_rows($result)) {
> if ($this->_setSession($return_result,
> $remember)) {
> return
> $return_result['username'];
> }
> } else {
> $this->failed = true;
> $this->_logout();
> return false;
> }
> }
>
> function _setSession(&$values, $remember, $init = true) {
> $this->id = $values['member_id'];
> $_SESSION['uid'] = $this->id;
> $_SESSION['username'] =
> htmlspecialchars($values['username']);
> $_SESSION['cookie'] = $values['cookie'];
> $_SESSION['logged'] = true;
> echo "session_logged: ".$_SESSION['logged'];
> if ($remember) {
> $this->updateCookie($values['cookie'], true);
> }
> if ($init) {
> $session = session_id();
> $ip = $_SERVER['REMOTE_ADDR'];
>
> $sql = "UPDATE member SET session =
> '$session', ip = '$ip' WHERE
> member_id = '$this->id'";
> mysql_query($sql);
> return true;
> }
> }
>
> function _logout() {
> $query = "UPDATE member SET cookie='', session='',
> ip='' WHERE
> member_id='{$_SESSION['uid']}'";
> mysql_query($query) or die("Could not select");
>
> $_SESSION['logged'] = false;
> $_SESSION = array();
> session_destroy();
> return true;
> }
> }
>
>
> Here is the code that does the login.. This is what I have on every
> page:
> $_REQUEST['login'] and $_REQUEST['logout'] are sent from the form...
> Login and logout works perfect in localhost using xampp.. on my
> hosting sever, the login does not persist and $_SESSION['logged'] sets
> to "false" whenever I click on another page within the site.
>
> <?php
> $db = new db_connect();
> $db = $db->connectDB();
> $user = new User($db);
> if ($_SESSION['logged'] && isset($_REQUEST['logout'])) {
> $logout = $user->_logout();
> if ($_REQUEST['cid']) {
> header("Location:".$_SERVER['PHP_SELF']."?cid=".
> $_REQUEST['cid']);
> } else if ($_REQUEST['prod']) {
> header("Location:".$_SERVER['PHP_SELF']."?prod=".
> $_REQUEST['prod']);
> } else {
> header("Location:".$_SERVER['PHP_SELF']);
> }
> ?>
>
> <?php
> } else if (!$_SESSION['logged'] && isset($_REQUEST['login'])) {
> $username = $user->_checkLogin($_REQUEST['username'],
> $_REQUEST['password']);
> echo "<div class='gt'>Hello ".$_SESSION['username']."!</div>";
>
> // SHOW LOGOUT FORM
> ?>
>
> <?php
> } else if ($_SESSION['logged']) {
> echo "<div class='gt'>Hello ".$_SESSION['username']."!</div>";
>
> // SHOW MEMBER LINKS
> ?>
>
> <?php
> } else if (!$_SESSION['logged']) {
>
> // SHOW THE LOGIN BOX
>
> }
> ?>
>
>
OK, what do you have in $_SESSION when it fails?
echo "<pre>\n";
print_r($_SESSION);
echo "</pre>\n";
Do you have full error reporting and display_errors enabled on the
failing server?
What are the PHP versions on the two systems?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|