I have a simple login process that someone wrote for me.
It uses two stored variables which it checks on each new page, if it can't get them it assumes you should login first and sends you to a login page.
Everything was okay.
I used the same script on a different server (with almost identical PHP setup) and now I'm getting randomly logged out. (it works fine locally and remotely on a different server)
Can some-one suggest some useful things I could check to try and track down the problem?
Many thanks
Tony
This is the check that gets called from each page:
<? session_start();
//check to see if the session is set. (the session is set when the user logs in)
//if the session is set, then it must have some data in it... in this case we have the user_ref and the group_ref, so that we can see who is logged in and what group they belong to.
//if the session isnt set, then we redirect the user to the login.php page so that they can log in or if they cant log in they get an error message.
if (isset($_SESSION[$xebitsession])) {
$user_ref=$_SESSION[$xebitsession]['user']["user_ref"];
$group_ref=$_SESSION[$xebitsession]['user']["group_ref"]; } else {
header("location:logged.php");
}
?>this is the login:
<?php
include("db.php");mysql_connect($db_Hostname, $db_UserName, $db_Password); mysql_select_db($db_Database);
session_start();
session_register("xebitsession");function displaylogin() {
include("includes/header.html");
// open content body table
include("includes/contentheader.html");
include("includes/title.html");
include("includes/contentheader2.html");
include("includes/contextheader.html");
include("includes/contentbody.html");?>
<h3>User Login</h3>
<table width="100%" cellpadding="5" cellspacing="2" border="0"> <tr> <td width="20%"></td> <td><img src="img/t.gif" width="410" height="1" border="0"></td> </tr>
<tr> <td class="menu">Login</td> <td class="content">Please enter your username and password below.</td> </tr>
<tr>
<td class="menu">Username:</td>
<td class="content">
<?php
echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">' . "\n";
echo '<input type="text" name="user" value="' . $_POST['user'] . '"></td>' . "\n";
?>
</tr>
<tr> <td class="menu">Password:</td> <td class="content"><input type="password" name="pass"></td> </tr>
<tr> <td class="menu"> </td> <td class="content"><? echo $state;?> </td> </tr>
<tr> <td class="button"> </td> <td class="button"><input type="submit" value="Login"> </form> </td> </tr> </table>
<?php
//close content table section
include("includes/contentfooter.html");
//close page section
include("includes/footer.html");} $username=$_POST[user]; $pass=$_POST[pass]; $username = addslashes($username);
if (!$username) {
displaylogin();
} else {$sql="SELECT * FROM duser WHERE upass='$pass' AND username='$username'"; $result = mysql_query($sql);
// Start the login session
if (! isset ($_SESSION[$xebitsession])) {
while ( $row = mysql_fetch_array($result) )
{
$_SESSION[$xebitsession]['user']["user_ref"] =$row['user_ref'];
$_SESSION[$xebitsession]['user']["group_ref"]=$row['group_ref'];
}
header("location:index.php");
}
else {
header("location:index.php");
}} ?>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
