Good day to all! Once again I need the help of forum participants! The problem is this:
there are two scripts auth.php and cabinet.php, the essence of the work is extremely simple auth.php, with successful authorization, throws us into cabinet.php, but for some reason it does not work (Namely: I’ve been authorizing successfully, but I get back to the authorization page, there is a suspicion that the $ login and $ pass variables are not passed to the cabinet.php script, but why?


UPDATE:
Server on debian
On the server with FreeBSD, the same scripts work, maybe something is wrong with the php configuration?

UPDATE # 2:

Here is what he writes in the log:
[error] [client ip_adress] PHP Notice: Undefined variable: _SESSION in /var/www/cabinet.php on line 11, referer: http: //trali-val.ru/auth.php
[error] [client ip_adress] PHP Notice: Undefined variable: _SESSION in /var/www/cabinet.php on line 11, referer: http: //trali-val.ru/auth.php
[client ip_adress] PHP Notice: Undefined variable: _SESSION in /var/www/cabinet.php on line 11, referer: http: //trali-vali.ru /auth.php
[client ip_adress] PHP Notice: Undefined index: sbm_auth in /var/www/auth.php on line 11, referer: http: //trali-vali.ru/auth.php

Below is the code from both scripts.

auth.php:

\\auth.php $host='localhost'; $database='family'; $user='root'; $pswd='пароль к базе'; $dbh=mysql_connect($host,$user,$pswd) or die ("I can not be connected to MYSQL."); mysql_select_db($database) or die ("I can not be connected to base."); if($_POST['sbm_auth']) { $login=($_POST['login']); $pass=($_POST['pass']); $check_q=mysql_query("SELECT id FROM users WHERE login='". $login."' AND pass='".$pass."'"); if(mysql_num_rows($check_q) === 1) { session_start(); $_SESSION['login'] = $login; $_SESSION['pass'] = $pass; $_SESSION['usr_id'] = md5(crypt($login,$pass)); header("Location: cabinet.php"); } else { echo "incorrect login or password"; } } print("<CENTER>"); echo '<form action="" method="POST"> <table> <tr><td>LOGIN</td> <td><input type="text" name="login"></td></tr> <tr><td>PASSWORD</td> <td><input type="password" name="pass"></td></tr> <tr><td colspan=2 align=center><input type="submit" name="sbm_auth" value="ENTER"></td></tr> </table> </form>'; print("</CENTER>");


cabinet.php:

 \\cabinet.php if(isset($_REQUEST[session_name()])) { session_start(); } else { header("Location: auth.php"); } if($_SESSION['usr_id'] == md5(crypt($_SESSION['login'],$_SESSION['pass']))) { echo "HELLO"; } else { header("Location: auth.php"); }
  • But read this thing ? - Dex
  • Thank you, read. Only the trouble is that the final answer was not received there, and the proposed possible solution did not help me ... - mixerden
  • And which solution did you use? - Dex
  • In the sense that this is what echo ini_get("session.use_cookies") . " and " . ini_get("session.use_trans_sid") . "<br><br>"; gives echo ini_get("session.use_cookies") . " and " . ini_get("session.use_trans_sid") . "<br><br>"; echo ini_get("session.use_cookies") . " and " . ini_get("session.use_trans_sid") . "<br><br>"; - Dex
  • 0 and 1 <br> And what's the use of this 0))) - mixerden

8 answers 8

In cabinet.php, type $a=session_name();print($a);print($_REQUEST[$a]);die() . What is the output?

  • Displays PHPSESSID - mixerden
  • Campaign, you do not pass the test $ _REQUEST [session_name ()]. What is it for? - ling
  • It is to check that the norms pass here, and here <br> if ($ _ SESSION ['usr_id'] == md5 (crypt ($ _ SESSION ['login'], $ _ SESSION ['pass']))) <br > check fails. - mixerden
  • one
    Print intermediate values ​​- this is always useful: echo $ _SESSION ['usr_id'], '<br>', md5 (crypt ($ _ SESSION ['login'], $ _ SESSION ['pass'])); - ling
  • As I wrote in the question, neither the values ​​of $ _SESSION ['login'], nor $ _SESSION ['pass'], nor $ _SESSION ['usr_id'] are transmitted. - mixerden

another group of tractor :)

after header ("Location: cabinet.php"); set exit; and you will be happy

  • 2
    Happiness did not work ((( - mixerden
  • one
    +1 to the tractor drivers)) - pelmeshka80

If a

 header("Location: cabinet.php"); exit;

It works, taking into account the fact that it comes to here in general, the problem is either that there are no rights to write in the directory with sessions, which is unlikely, but possible, or the problem is already in the office itself, and there are 2 places:

if the condition does not work

 if(isset($_REQUEST[session_name()]))

and here it is not at all clear what (bracket):

 else } header("Location: auth.php"); }

after else looking in the wrong direction

  • I looked in the code - the bracket is correct, I fixed it here ... Now I’ll check permissions - mixerden

The whole problem is

  session_start();

Always indicate

  session_name("MyProject"); session_start();

With this syntax will bind login and password

  • to register a variable in a session it would be better to use session_register ("User_name_id"); But I never use it because sometimes mistakes ... I guess I just don’t know how to use ... - pelmeshka80
  • indicated did not help ... - mixerden
  • indicated on both pages and with the same name? do you set variables via session_register ()? - pelmeshka80
  • on both, with the same, now try session_register () - mixerden
  • None of the above helped ... - mixerden

wait ... Why is there no script in the registration form?

 <form action="" method="POST"> <table> <tr><td>LOGIN</td> <td><input type="text" name="login"></td></tr> <tr><td>PASSWORD</td> <td><input type="password" name="pass"></td></tr> <tr><td colspan=2 align=center><input type="submit" name="sbm_auth" value="ENTER"></td></tr> </table> </form>

you must have forgotten:

 <form action="auth.php" method="POST">
  • Did not help - mixerden

Try specifying session_start () at the very beginning of each file.

  • No result, but what was the hidden meaning in it? I just didn't catch up with something) - mixerden

Made the following changes in the code and it all worked:
$ s = session_id ();
header ("Location: cabinet.php? PHPSESSID = $ s");

     if($_POST['sbm_auth']) { $login=($_POST['login']); $pass=($_POST['pass']);

    Maybe you should check them for emptiness?