PHP session page refresh not working
Question
I have a php page set up so that the user can click on a link to sign in and a pop up window (signin.php) pops up with sign in credentials. When they fill in the information and click the button to sign in the information is validated in signinfinal.php. When they sign in correctly I am trying to create a session. So when they sign in or close the popup window I want the main page they were on (index.php) to refresh and I want the 'Sign In | Register' links to change to 'Hi, (username)!' I set all of this as aa php variable named '$var' with some javascript in the variable.
The weird thing is I am able to register and login on my computer on multiple browsers and the page refreshes and has my session stored correctly, but other users have reported that the session isn't working even after they refresh the page. This is a tricky problem and if someone can help me fix it I would appreciate it.
Here is the code at the top of index.php...
<?php
// this starts the session
session_start();
$var = "";
$varcontact = "<a href='JavaScript:newPopup(\"http://www.yourfantasyfootballrealit.com/contact.php\");' class='three'>Contact</a>";
// echo variable from the session, we set this on our other page
if ($_SESSION['userid'] == "") {
$var = "<a href='JavaScript:newPopup(\"http://www.yourfantasyfootballrealit.com/register.html\");' class='two'>Register</a> | <a href='JavaScript:newPopup(\"http://www.yourfantasyfootballrealit.com/signin.php\");' class='two'>Sign In</a>";
} else {
$var = "Hello, ".$_SESSION['userid'] ."! | " . "<a href=\"http://www.yourfantasyfootballreality.com/logout.php\" class='two'>Log Out</a>";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="jquery-1.8.1.js"></script>
<script src="jquery.easing-1.3.pack.js"></script>
<script src="jquery-easing-compatibility.1.2.pack.js"></script>
<script src="coda-slider.1.1.1.pack.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="icon" href="http://www.indiana.edu/favicon.ico" />
<title>YourFantasyFootballReality</title>
<link rel="stylesheet" type="text/css" href="mystyle.css" />
<script type="text/javascript">
// Popup window code
function newPopup(url) {
popupWindow = window.open(url,'popUpWindow','height=450,width=600,left=10,top=10,resizable=no,scrollbars=yes,toolbar=yes,menubar=no,location=no,directories=no,status=yes')
}
function closeWin() {
document.write("<p>This is 'myWindow'</p>");
}
</script>
</head>
<body>
<!--Login and Register links-->
<div class="enter">
<?=$var?>
</div>
Here is all of the code for signin.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>Sign In</title></head>
<body onunload="window.opener.location.reload();">
<h1>Sign In</h1>
<form action="signinfinal.php" method="POST">
<table cellpadding="2" cellspacing="0" border="0">
<tr>
<td width="130"> User ID: </td>
<td width="140"> <input name="UserID" type="text"> </td>
<td width="300" rowspan="7" valign="top"> </td>
</tr>
<tr><td> Password: </td>
<td><input name="Password" type="password" size="15"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Sign In" name="action">
</td>
</tr>
</table>
</form>
</body>
</html>
And here is all of the code for signinfinal.php...
<?php
session_start();
//$id = $_SESSION['userid'];
//$pw = $_SESSION['password'];
//this connects to the database
$con = mysql_connect("localhost","yourfan_jeengle","armyjoe");
mysql_select_db("yourfan3_demo", $con);
//this is the info the user entered stored as variables
$UserID = $_POST["UserID"];
$Password = $_POST["Password"];
$Action = $_POST["action"];
//this filters throught the variables to check against mysql injections
$UserID = (filter_var($UserID, FILTER_SANITIZE_STRING));
$UserID = (filter_var($UserID, FILTER_SANITIZE_URL));
$Password = (filter_var($Password, FILTER_SANITIZE_STRING));
$Password = (filter_var($Password, FILTER_SANITIZE_URL));
//this is the variables that displays errors and correct instructions
$errors = "";
//this gets the password from the userid entered by user
$result = mysql_query("SELECT Password FROM Users WHERE User_ID = '$UserID'");
$row = mysql_fetch_array($result);
$newresult = $row['Password'];
if (strcmp($Action, "Sign In") == 0) {
//this what happens when the user enters data for the first time and the info is wrong
if (($newresult == $Password) && (($UserID) && ($Password))) {
$greeting = "Welcome, " . $UserID;
$_SESSION['userid'] = $UserID;
$what="Log Out";
} else {
$errors .= "<li> Incorrect Credentials!";
$what="Sign In";
}
if ($errors) { $color = "#ffcccc"; $fontColor = "brown"; }
} else {
header("Location: http://www.yourfantasyfootballrealit.com/logout.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>Sign In</title></head>
<body onunload="window.opener.location.reload();">
<h1>Sign In</h1>
<?=$greeting?>
<form action="signinfinal.php" method="POST">
<table cellpadding="2" cellspacing="0" border="0">
<tr>
<td width="130"> User ID: </td>
<td width="140"> <input name="UserID" type="text" value="<?=$UserID?>"></td>
<td bgcolor="<?=$color?>" width="300" rowspan="7" valign="top"><font color=<?=$fontColor?>><ul> <?=$errors?></font> </ul> </td>
</tr>
<tr> <td> Password: </td><td><input name="Password" type="password" size="15" value="<?=$Password?>"></td></tr>
<tr><td colspan="2"><input type="submit" value="<?=$what?>" name="action">
</tr>
</table>
</form>
</body>
</html>
Here is what is in logout.php if necessary...
<?php
session_start();
session_destroy();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Log Out</title>
<script language="JavaScript">
var time = null
function move() {
window.location = 'http://www.yourfantasyfootballreality.com'
}
</script>
<!--<meta http-equiv="REFRESH" content="1;url=http://www.yourfantasyfootballreality.com/"></HEAD>-->
<BODY>
<body onload="timer=setTimeout('move()',000)">
<script language="javascript">
<!--
setTimeout("self.close();",0000)
//-->
</script>
</BODY>
</HTML>
4 answers
solution1
0 2012-09-05 16:40:04
i think condition in signinfinal.php should be , you are sending user after successfull login to logout.php. so change condition.
if (!$errors) { $color = "#ffcccc"; $fontColor = "brown"; }
} else {
header("Location: http://www.yourfantasyfootballrealit.com/logout.php");
}
solution2
0 2012-09-05 16:41:26
On your pages, session_start(); needs to be the VERY first thing after your <?php tag. NOTHING else can come before it - not a space, not a comment, nothing.
So instead of this:
<?php
// this starts the session
session_start();
You need this:
<?php
session_start();
Note:
To use cookie-based sessions, session_start() must be called before outputing anything to the browser. (source)
Also, you're not starting a session on the signin.php page, which technically may not matter, but I would add the above code to that page as well.
Also, your IF statement is incorrect.
Should be:
if (strcmp($Action, "Sign In") == 0) {
//this what happens when the user enters data for the first time and the info is wrong
if (($newresult == $Password) && (($UserID) && ($Password))) {
$greeting = "Welcome, " . $UserID;
$_SESSION['userid'] = $UserID;
$what="Log Out";
} else {
$errors .= "<li> Incorrect Credentials!";
$what="Sign In";
}
if ($errors) { $color = "#ffcccc"; $fontColor = "brown"; {
// Do something... you have nothing here
} else {
header("Location: http://www.yourfantasyfootballrealit.com/logout.php");
}
}
solution3
0 2012-09-05 16:53:45
**index.php file**
if (!isset($_SESSION['userid'])) {
$var = "<a href='JavaScript:newPopup(\"http://www.yourfantasyfootballrealit.com/register.html\");' class='two'>Register</a> | <a href='JavaScript:newPopup(\"http://www.yourfantasyfootballrealit.com/signin.php\");' class='two'>Sign In</a>";
} else {
$var = "Hello, ".$_SESSION['userid'] ."! | " . "<a href=\"http://www.yourfantasyfootballreality.com/logout.php\" class='two'>Log Out</a>";
}
?>
**signupfinal.php file**
<?php
@session_start();
//$id = $_SESSION['userid'];
//$pw = $_SESSION['password'];
//this connects to the database
$con = mysql_connect("localhost","yourfan_jeengle","armyjoe");
mysql_select_db("yourfan3_demo", $con);
//this is the info the user entered stored as variables
$UserID = $_POST["UserID"];
$Password = $_POST["Password"];
$Action = $_POST["action"];
//this filters throught the variables to check against mysql injections
$UserID = (filter_var($UserID, FILTER_SANITIZE_STRING));
$UserID = (filter_var($UserID, FILTER_SANITIZE_URL));
$Password = (filter_var($Password, FILTER_SANITIZE_STRING));
$Password = (filter_var($Password, FILTER_SANITIZE_URL));
//this is the variables that displays errors and correct instructions
$errors = "";
//this gets the password from the userid entered by user
$result = mysql_query("SELECT * FROM Users WHERE User_ID = '$UserID' and password='$Password'");
$row = mysql_fetch_array($result);
if(mysql_num_rows($result) >0 ){
$_SESSION['userid']=$UserID;
header("location:index.php");
}
else{
echo 'failes to login';
}
?>
solution4
0 2012-10-06 16:05:58
set error reporting to 0 and this will stop all kinds of output to the screen and the session will work. This explains why it works on one server configuration over another. Make sure to output errors to file instead.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.