Speaking of your problem, you're using the header() function to exit the
webpage to the login page. So, it all come down to the either one of these
two or both of these two....
if(!isset($uname)) {
if (mysql_num_rows($result) == 0) {
Upon closer inspection on the script, it look like either the $_POST['***']
wasn't returning data or the $_SESSION['***'] doesn't have data in it that
tripped the header() function. So, I'll take the assumption that the
$_POST['***'] does work as it alway does. So, it narrow down to
$_SESSION['***'].
Since you mentioned that you use it on both Unix and Windows. So, most
likely it all narrow down to php.ini. Can you check to verify that the
filepath is correct for Windows and that there is no issue with file
permission. Here's what I have that work for me on Windows 2000.
--clip--
[Session]
; Handler used to store/retrieve data.
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_path = c:\tmp
; Whether to use cookies.
session.use_cookies = 1
; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID
; Initialize session on request startup.
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0
; The path for which the cookie is valid.
session.cookie_path = c:\tmp
; The domain for which the cookie is valid.
session.cookie_domain =
; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php
; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.
session.gc_probability = 1
session.gc_divisor = 1000
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit
register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning seperately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.
session.bug_compat_42 = 0
session.bug_compat_warn = 1
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =
; How many bytes to read from the file.
session.entropy_length = 0
; Specified here to create the session id.
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public,} to determine HTTP caching aspects.
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache
; Document expires after n minutes.
session.cache_expire = 180
; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0
; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.tags =
"a=href,area=href,frame=src,input=src,form=fakeentry"--clip--
One thing I noticed is that I had to create a folder called 'tmp' for it to
work.
Hope that help..
Scott F.
"Jami" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Knew I forgot to mention something. No, register_globals are off. Using
> $_SESSION[] variables. I am logging in first. I log in fine, its when I
> try to go to another page via a link on the entry page that I get booted
> back to the login page. My scripts work fine on a Unix server, which is
> what I reluctantly had to go back to using as this projects deadline is
> too close not to do so. Its just on my computer locally that this does
> not work. Code is below, it is fairly long.
>
> Example Code:
>
> //validation.php
> include_once 'db.php';
> include_once 'common.php'
>
> session_start();
>
> $uname = isset($_POST['username']) ? $_POST['username'] :
> $_SESSION['username'];
> $pwd = isset($_POST['password']) ? $_POST['password'] :
> $_SESSION['password'];
>
> if(!isset($uname))
> {
> header("Location: login.php");
> exit;
> }
>
> $_SESSION['username'] = $uname;
> $_SESSION['password'] = $pwd;
>
> dbConnect("db");
> $sql = "SELECT * FROM admin WHERE
> admin_uname = '$uname' AND admin_pword = PASSWORD('$pwd')";
> $result = mysql_query($sql);
>
> if (!$result) {
> error('A database error occurred while checking your login
> details.\\nIf this error persists, please contact
> [EMAIL PROTECTED]');
> }
>
> while($row = mysql_fetch_array($result))
> {
> $admin_id = $row['admin_id'];
> }
>
> $_SESSION['aid'] = $admin_id;
>
> if (mysql_num_rows($result) == 0) {
> unset($_SESSION['username']);
> unset($_SESSION['password']);
>
> header("Location:login.php?item=badlogin");
> exit;
> }
>
> _______________________________________________________
> //login.php
> ... this is an html page with the login form. When submitted it goes to
> index.php.
>
> _______________________________________________________
> //index.php
> include('validation.php');
>
> if(!$_SESSION['aid'])
> {
> header("Location:login.php");
> exit;
> }
> .... rest of page is HTML with a php include for the navigation....
> _______________________________________________________
> //nav.php
> <.a href="admin_signup.php">Add Admin</a>
>
> _______________________________________________________
> //admin_signup.php
> include('validation.php');
>
> if(!$_SESSION['aid'])
> {
> header("Location:admin_login.php");
> exit;
> }
> .... rest of page is HTML with a form that goes to add_admin.php for
> validation and submission to the database. Its when I try to go to this
> page via the link that I get sent back to the login page.
>
>
> Jami Moore
> LightSpark Digital Designs
> <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
> <http://www.lightsparkdigital.com/> http://www.lightsparkdigital.com/
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>
> Sent: Wednesday, September 17, 2003 3:08 AM
>
>
> Did you open register_globals = On in php.ini?
>
>
> -----Original Message-----
> Larry Li/CNTR/APPLIED [EMAIL PROTECTED]
> 09/17/2003 04:04 PM
>
> I believe all pages in your site are protected by session variables. Try
>
> to login first, then go where you want to go. Or try to remark codes
> which
> check your login status.
>
>
> -----Original Message-----
> "Jami" <[EMAIL PROTECTED]>
> 09/17/2003 03:52 PM
>
> I'm working on a project, and up until recently was using my hosting
> account to do projects, but decided to update PHP on my comp to be able
> to work on projects locally. I'm running WindowsXP, PHP 4.3.2, Apache
> 1.3, and MySQL 3.23.53. The validation page is called on each page, but
> if I go to a page other than the entry page (which the validation page
> takes you to when you first log in), it throws me back to the login
> page. Has anyone run into this and have you solved it? Anyone have a
> suggestion? Code is rather lengthy, if you want it I can send it off
> list.
>
> Jami Moore
> LightSpark Digital Designs
> <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
> <http://www.lightsparkdigital.com/> http://www.lightsparkdigital.com/
>
>
>
>
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
