session variables not preserved when navigating thru links

prabhatsoni · 06-05-2005, 01:52 AM

Hello everybody,
I have a collection of php scripts wherein I am preserving the user name and password (collected in the first script) as $_session['user_name'] etc session variables. In the subsequent scripts where I collect other inputs from the users through HTML-Forms, I am using the username and password preserved as above mentioned session variables to connect to a mysql database. As long as I use html forms and method="post" to navigate between different screen, I find I am able to preserve the session variables.
In one of the scripts I want the user to go back to the previous form, if the user has not filled up all the required form fields. For this purpose I created a link which links to the previous script (containing the form). But now I find that the session vaiables vanished. Why should it be ? I am of the opinion that the session vaiables are preserved even when navigating through hyper links. The scripts are:

The form (uer_auth.php)

Code:

.
	.
	.
   $_SESSION['user']=$_POST['user_name'];
     $_SESSION['passwd']=$_POST['password'];
     $link=mysql_connect("localhost",$_SESSION['user'],$_SESSION['passwd'])
         or die("Can not connect. Check user name and password.");
     mysql_select_db("pali") or die("Cannot open database");
     echo "<p align=\"center\"><font size=\"7\">Menu for administrator</font></p><br /><br />";
     echo "<form method=\"post\" action=\"action.php\">";
     echo "Add complaint:<input type=\"radio\" name=\"choice\" value=\"1\"><br /><br />";
     echo "Close the complaint:<input type=\"radio\" name=\"choice\" value=\"2\">";
     echo "---->SDCA in which to close:";
     sdca_sel("sdca");
     echo "<input type=\"submit\" name=\"submit\" value=\"submit\">";
     echo "</form>";
	.	
	.
	.

action.php

Code:

.	
	.
   <?php
 switch($_POST['choice'])
   {
     case "1":
        add_case();
	break;
     case"2":
        close_case($_POST['sdca']);
	break;
     default:
	echo "No option !!";
   }
 ?>

The close_case() function

Code:

function close_case($arg)
  { if($arg=="Select SDCA")
      { echo "<p align=\"center\"><font size=\"6\">SDCA name not selected</font></p><br /><br />";
        echo "<a href=\"user_auth.php\">Go back to select SDCA</a>";
      }
  }

In the function close_case() I have provided the hyper link which calls back the first script. But there the user name etc not available. Can anybody help me in solving this simple riddle to me ?

Thanks in advance.

Prabhat Soni

huibert.alblas · 06-05-2005, 08:51 AM

It only looks like this, but PHP behaves exactly like you tell it too :-)

in "user_auth.php"
in the first 3 lines you explity set the user name and password from post_vars.

If the link is followed later the post_vars are empty, you overwrite _SESSION['user'] with an empty string.

You should implement some beter session handling:

in user_auth.php (this is pseudo code and will likely not work exactly in this this way) :

Code:

if ($_SESSION['activated'] == false) {
  $_SESSION['user']=$_POST['user_name'];
  $_SESSION['passwd']=$_POST['password'];
$link=mysql_connect("localhost",$_SESSION['user'],$_SESSION['passwd'])
         or die("Can not connect. Check user name and password.");
  $_SESSION['activated']=true;
}

Here the session user will be set once if succselful.
Once it has been set, it cannot be unset.

So you will need something like "logout.php"

Code:

$_SESSION['activated'] = false;
echo "Logout, sucsefull, to use mysql, please login again";

Happy hacking.

prabhatsoni · 06-13-2005, 01:15 AM

Thanks a lot Huibert,

You are right. I corrected it and now it is working. I should accept it was a very silly mistake.

Thanks again.

Prabhat Soni