|
|
Posted by Ezechiele on 11/09/07 16:44
Hi,
I have problems with this following script that is called from page1.php
and then go back to the calling page. But it seems the SESSION values are
not saved properly, for in the calling page they are empty.
This is the script:
<?php
session_start();
error_reporting(E_ALL);
if (!defined("BASE_PATH")) define('BASE_PATH', isset($_SERVER
['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : substr($_SERVER
['PATH_TRANSLATED'],0, -1*strlen($_SERVER['SCRIPT_NAME'])));
$_SERVER['DOCUMENT_ROOT']=BASE_PATH;
include($_SERVER['DOCUMENT_ROOT']."/script/dbconnect.php");
if (!isset($_SESSION['Login'])) $_SESSION['Login']=false;
//echo "SESSION[Login]:".$_SESSION['Login'];
$IdUser=session_id();
$data=date('Y-m-d');
if (!isset($HTTP_COOKIE_VARS["TeachingOnLine"]))
setcookie("TeachingOnLine",$IdUser,time()+60*60*24*365);
else
$IdUser=$HTTP_COOKIE_VARS["TeachingOnLine"];
// Apertura tabelle dei dati
//mysql_select_db($dbname);
$username=$_POST["username"];
if (strlen($username)<=3)
{
session_write_close();
if (isset($_SERVER['HTTP_REFERER']))
$url=$_SERVER['HTTP_REFERER'];
else
$url='http://'.$SERVER['HTTP_HOST']."/index.php";
header("Location: $url");
}
$username=mysql_escape_string($username);
$password=$_POST["password"];
$password=mysql_escape_string($password);
$tabella="utenti";
// Ricerca nella tabella Utenti la coppia UserName e UserPassword
$query="Select IdUser, Username, UserPassword from $tabella where
('$password'=UserPassword) and ('$username'=Username)";
$result=mysql_query($query) or die(mysql_error());
// Legge IdUser
$record=mysql_fetch_array($result);
//$UserId=$record["IdUser"];
//$Username=$record["Username"];
//echo "UserId=".$UserId;
//echo " Username=".$Username;
// Se esiste l'utente con username e password allora consenti il login
if (mysql_affected_rows()==1)
{
$_SESSION['Login']=True;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login']=False;
////echo '<input type="hidden" name="Login" value='.$_SESSION
['Login'].">";
$UserId=$record['IdUser'];
$Username=$record["Username"];
//echo "UserId=".$UserId;
$permessi="permessiutente";
$query_permessi="Select IdUtente, TipoPermesso from $permessi
where (IdUtente='$UserId')";
$risultato=mysql_query($query_permessi) or die (mysql_error());;
if (mysql_affected_rows()>0)
{
$record=mysql_fetch_array($risultato);
$permit=$record["TipoPermesso"];
//echo "Permesso ".$permit;
if (!isset($_SESSION["TipoPermesso"]))
$_SESSION["TipoPermesso"]=$permit;
////echo '<input type="hidden"
name="TipoPermesso" value='.$_SESSION['TipoPermesso'].">";
//echo "Tipo Permesso :". $_SESSION
['TipoPermesso'];
}
$url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/index.php";
//echo "Referer: ".$url;
//echo "Login:".$_SESSION['Login'];
session_write_close();
header("Location: $url");
}
else // Invia l'utente sulla pagina di registrazione
{
$_SESSION['Login']=False;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login']=False;
$url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/script/
RegistraUtente.php";
session_write_close();
header ("Location: $url");
}
?>
The strange thing is that the same script works properly for another
domain.
Francesco
--
http://www.itp-news.com
[Back to original message]
|