Hi,
I am sure at least I was not a newbie in the topic I am talking about.
But this problem made crazy. I was hoping for a bit of help please.
The problem is: you have to make double correct logins to get into
the session protected area. Here is the situation:
1. server configuration:
PHP 4.1.2,
Rapidsite/Apa/1.3.26 (Unix),
FrontPage/5.0.2.2510,
mod_ssl/2.8.10,
OpenSSL/0.9.6e
2. the the login script:
<?
session_start ();
session_register ('_SS_AUTHEN');
if ($_SS_AUTHEN == 'passed') {
header ("Location: protected/index.php");
}
if ($trying = $HTTP_POST_VARS['trying']) {
// for the first time display the page don't check
$userID = $HTTP_POST_VARS['userID'];
$userPwd = $HTTP_POST_VARS['userPwd'];
if (check_user_ok($userID, $userPwd)) {
$_SS_AUTHEN = 'passed';
header ("Location: protected/index.php");
} else {
$error_msg = 'Error: username/password not matched!';
}
} else {
$error_msg = '';
// for first time display the page, no error_msg
}
// require login page
require 'templates/timereport_login.inc';
// in the login page, $error_msg will be displayed
?>
3. in the session protected area, each php file must be added with
following code at very begining:
<?
// check session
session_start ();
if ($_SS_AUTHEN != 'passed') {
$reDirect_to = '../login.php';
} else {
$ReDirect_to = 'thescript.php';
}
header ("Location: $ReDirect_to");
?>
Again, with the script above, the problem is: you have to make
double correct logins then you can get into the protected location.
The similar scripts have been used in many different projects but
only this one get so weird result. So I would prefer to say session
behaviour on this server is abnormal....However, I do hope I myself
made something wrong thus the bug is possible to be fixed...
Thanks for any help in advance!
Alex Shi
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
