session confusion

[Trancemission]

I am creating a login/authentication set of scripts. I am getting stuck with using sessions. In the past I have had no problems. The only difference is now I am calling fucntions and setting sessions within these. Would this cause a problem? My other thought is a problem with the $PHPSESSID variable [more on that..]

I have my functions in script functions.php:

function login_user($username, $password){

#Some DB stuff goes here to check
#get $dbresult (number of results

if ($dbresult != 1){
#redirect to nouser.php
session_destroy();
return 0;
} else {
#We have a user, update DB
return;
}

}

function check_user(){
if (!isset($authuser)){
#Error no authuser found, redirect
return;
exit;
} else {
#We have a user, check agaist database etc..
return;
}



I then have 2 scripts. One logs a user in, the other I am using to test.

Here is the login script [login.php]:

<?
session_start();
session_register(&quot;authuser&quot;
$authuser = $username;

if ($username = &quot;&quot; OR $password = &quot;&quot{
#redirect, we have no data
return 0;
exit;
}else{

#We have the data, log em in
login_user($username, $password);
#only come here if quthenticated
}

-----------------------
Here is my test page [search.php]:

<?
session_start();
include(&quot;functions.php&quot;
check_user();

?>
#blah blah blah, rest of page


I can login fine no problem. But after I have logged in, if I try and access the search.php I get redirected by the check_user() function. If I remove the check and:

echo $authuser

I have no user set However I am sure my session has started because $PHPSESSID has been amended to the query string.

I am not sure where my problem lies. Looking at historic code I have used I am doing nothing different with my sessions.

Any help would be great as this is a bit of a sticking point for me at the minute ;-)


Cheers Trancemission
=============
If it's logical, it'll work!

 

[sleipnir214]

You're running afoul of variable scoping.

If you have register_globals set to &quot;on&quot;, then your session variables will be instantiated as $variablename in the main scope.

Inside a function, the global $variablename will not be available unless you issue &quot;global $variablename;&quot; in your function.

If you are using PHP version >= 4.1.0, you have available a superglobal array $_SESSION, which will contain as its elements all your session variables. You can reference $_SESSION and its elements directly. If you do so, you do not use session_register(), session_is_registered(), or session_unregister(). You simply operate on $_SESSION as if it were any other array. Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!

 

[Trancemission]

Many thanks,

This is the 2nd time in the past week I have sumccombed to this. I will now thorughly go and rtfl on sessions.

Cheers Trancemission
=============
If it's logical, it'll work!

 

[sleipnir214]

Again, it's not sessions. It's variable scoping. Take a look here:

http://www.php.net/manual/en/language.variables.scope.php

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!