[PHP] Using $_SESSION vs. session_register [Archive]

Click to See Complete Forum and Search --> : [PHP] Using $_SESSION vs. session_register

kid A

10-05-2004, 01:19 PM

I have a large-ish backend that I made with the (now deprecated) session_register, session_is_registered, session_unset, session_destroy functions.

Now I've made a frontend for that backend using the superglobal $_SESSION instead, setting session variables like so:

$_SESSION["UID"] = $row['userid'];
$_SESSION["LAST_TS"] = $row['last_login'];

after these are set, the login script redirects to the site frontpage (using the header function), where I check these variables to decide what parts to display. However I can't access them / they are empty! I know that they do get set though, because I can access the backend without logging in there as well (same credentials), and I can also logout successfully (using unset()). So I'm wondering why are they not available to me on the frontpage?

I did read in the PHP manual that you are not supposed to use the old session functions with the new $_SESSION superglobal, but I don't in the frontend scripts. I do in use these functions in the backend but they are not really connected.. they include the same headers.php file, and functions pages, but these don't use session variables, just session_start() and ob_start().

If I've made myself understood, are there any suggestions?

Grizzly

10-05-2004, 02:52 PM

Lol, I thought I was having deja vu! Remember August of 2003? http://sharkyforums.com/showthread.php?s=&threadid=201871

Are you sure that the recordset returned from the database actually has data in it this time? :)

Either way, I would start debugging it by placing calls die($_SESSION['UID']) in various places to see where it gets lost.

kid A

10-05-2004, 04:10 PM

Hehe. I can't remember what I was working on that time, but I do get the values from the db this time. Wierd thing is I usually find the error after posting here, but this time it has taken a long time..

<?php
// login.php file
// include headers:
require("admin/headers.php");

// login routine:
if (isset($_SESSION["UID"])) {
header("Location: /");
} else {
if (isset($_POST['username']) && isset($_POST['passwd'])) {
require($unixpath."wcms/inc/db.inc.php");
$query = "select * from wcms_user where username='$_POST[username]' and passwd=password('$_POST[passwd]') limit 1";
$result = mysql_query($query);
if (!$result) {
create_header($lang['Login']);
print $lang["NoResultReturned"];
$errorTxt = mysql_error();
errorlog($errorTxt, $PHP_SELF);
}
$num_results = mysql_num_rows($result);
if ($num_results != 1) {
create_header($lang['Login']);
echo "<h1>".$lang['Login']."</h1>";
print "<p>" . $lang['CouldNotLogin'] . "<br>";
print $lang["CheckPasswd"] . "</p>";
}
else {
$row = mysql_fetch_array($result);
$_SESSION["UID"] = $row['userid'];
$_SESSION["LAST_TS"] = $row['last_login'];
$new_ts = time();
$db_update = mysql_query("update wcms_user set last_login='$new_ts', total_logins=total_logins+1 where userid='".$_SESSION['UID']."'");
if (!$db_update) {
$errorTxt = mysql_error();
errorlog($errorTxt, $PHP_SELF);
}
// try including the mypage here instead of redirecting:
// header("Location: /");
create_header($lang['Login']);
include ("mypage.php");
}
} else {
// missing pw or username, do something:
echo "Missing username/passwd";
}
create_footer();
}
?>