I come to you absolutely frustrated. I spent days looking through my code and the entire StackOverflow questions looking for the following issue:
The function of my project is to log in using three pages.
The first page 1.php has the input fields to be filled up:
<?php
session_start();
session_destroy();
require_once "init.php";
require "header.php";
?>
<form method="POST" action="2.php" enctype="multipart/form-data">
<table>
<tr><td>Username</td></tr>
<tr><td><input type="text" id="user" name="user" value=""/></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" id="pass" name="pass" value=""/></td></tr>
<tr><td><input type="submit" value="Get in"/></td></tr>
</table>
</form>
The second page 2.php processes the info, checks if the user and password are correct, and initializes $_SESSION['user'];
<?php
session_start();
session_save_path('/server/path/system/sphp');
//had to change dir due to server restrictions
$username= $_POST['user'];
$user= "cpe12";
$userpass= $_POST['pass'];
$pass= "p2010";
if($username==$user&&$userpass==$pass){
$_SESSION['user']= $username;
echo "<head><meta http-equiv='refresh' content='2; url=3.php'>Loging </head>";
echo $_SESSION['user'];
exit();
}
elseif ($username!=$user||$userpass!=$pass){
session_destroy();
echo "<head><meta http-equiv='refresh' content='2; url=1.php'>Wrong log in</head>";
exit();
}
?>
And I protect the third page 3.php content using an isset function.
<?php
session_start();
session_save_path('/server/path/system/sphp');
//I know I could use an include_once instead of these two lines, right?
error_reporting(E_ALL);
ini_set('display_errors', 1);
if (isset($_SESSION['user'])){
$title= "Copies";
require "header.php";
require "content.php";
}
else{
session_destroy();
echo "<head><meta http-equiv='refresh' content='4; url=index.php'>Blocked content.</head>";
die();
}
?>
Whenever I try to log in it validates ok in 2.php but when it gets to 3.php it fails to login. All pages have session_start and session.save_path written as the first two lines with no blank spaces.
I have changed the default folder /tmp for session.save_path to server/path because /tmp had no writing permissions.
I could retrieve some info from 2.php and appears that $_SESSION['user'] comes out OK from it, but 3.php never reads it. The thing is that I have another 6 pages in common to access under this session, so I need a global solution.
Oh, and this is confusing: I also created a file in order to check session information (just for information) named check.php with the following code :
<?php
session_start();
session_save_path('/server/path/system/sphp');
echo session_save_path().'<br/>';
echo $_SESSION['user'].'<br/>';
echo session_name();
if (!is_writable(session_save_path())) {
echo 'Session path "'.session_save_path().'" is not writable for PHP!';
}
?>
Now, if I first clear browser history and data and then type www.myweb.com/check.php into the URL I see missing info, since $_SESSION['user'], etc. haven't been created yet. If afterwards I try to log in, amazingly starts to sign in like a charm, no matter what. SO first I have to access check.php on my browser to be able to log in. But if I clear browser history and data again, it doesn't let me log in anymore.
error_reporting on 3.php states:
Notice: Undefined index: user in "/server/path/system/3.php in line 34
Might this be something about my server? Something about save_handlers?
This is my first log in, and I went through hell. I think is going to be a long way.
I've no more options or knowledge to apply. You are my last resort.
Thanks guys!
