1

I have using session variable for log in form validation. When the user gives correct name and password then the session variable will set and the page will redirect. The page checks the session variable and load related contents.
My code works fine in local server, but in online server, the session variable was not set.

admin.php

<?php
    session_start();
    $admin = 0;
    if(isset($_SESSION['admin'])){
          $admin = $_SESSION['admin'];
    }
    if($admin == 0){
?>
 <form action="" class="login">
      <label>User Name :</label>
      <input type="text" class="uname"/>
      <label>Password :</label>
      <input type="password" class="pwd"/>
      <input type="submit" class="lSubmit" value="SUBMIT"/>
      <p class="alert lAlert">test alert</p>
 </form>
<?php }elseif($admin == 1){ ?>
      <h1>Welcome Site Admin..!!</h1>
<?php } ?>

jQuery

$('.lSubmit').click(function(){
var name = $('.uname').val();
var pwd = $('.pwd').val();
    $.post("validation/login.php",{name:name,pwd:pwd}).success(function(data){
       var obj = jQuery.parseJSON(data);
       if(obj.success == 1){
           $('.alert').css('color','#067800');
           window.location = "/admin.php";
       }else{
           $('.alert').css('color','#CC0000');
       }
       $('.lAlert').text(obj.msg);
       $('.lAlert').fadeIn('slow');
    });
    return false;
});

validation/login.php

<?php
     session_start();
     $name = $_POST['name'];
     $pwd = $_POST['pwd'];
     $err['success'] = 0;
     $err['msg'] = '';
     if($name == ''){
         $err['msg'] = 'Name required';
     }else if($pwd == ''){
         $err['msg'] = 'Password required';
     }else if($name != 'admin'){
         $err['msg'] = 'Wrong username';
     }else if($pwd != 'admin'){
         $err['msg'] = 'Wrong password';
     }else{
         $err['msg'] = 'Success';
         $err['success'] = 1;
         $_SESSION['admin'] = 1;
     }
     echo json_encode($err);
 ?>

When user gives name and password as admin, it was successfully loaded the welcome text in local server. But in online server the form only loaded again. The $_SESSION['admin'] was not set in online server. Can anybody help me?

Vinu
  • 167
  • 4
  • 14
  • possible duplicate http://stackoverflow.com/questions/11698861/session-validation-issue-in-php-online-server – Gntem Jul 28 '12 at 11:43
  • Why did you [repost this question](http://stackoverflow.com/questions/11698861/session-validation-issue-in-php-online-server)? There are already answers to your previous one. If you have more information to provide, edit your other copy of this question. – Bojangles Jul 28 '12 at 11:46

2 Answers2

4

Looks like your online server does not provide enough permissions for web-server user to store sessions in /var/lib/php5.

You should ask your host to check it. The easiest way to check if it is sessions problem is to write simple script:

if (empty($_SESSION['some_counter'])) {
    $_SESSION['some_counter'] = 0;
}

echo $_SESSION['some_counter']++;

Then just refresh a page few times. If variable is not changed - then you can be sure that it is session management problem, that should be solved by your hosting provider.

In case if they don't want to help you - you can change the sessions folder to another directory and see what happens.

EDIT:

You can try to change storage folder to /tmp for example, just to check - normally, it is public folder for all users on server. But it is bad practice to have sessions stored in public places...

session_save_path('/tmp');

If it didn't help - try to use ini_set()

ini_set('session.save_path', '/tmp');

You should call one of these functions before session starts.

Should help ;)

benomatis
  • 5,536
  • 7
  • 36
  • 59
Vitalii Zurian
  • 17,858
  • 4
  • 64
  • 81
  • Thanks for your valuable script. I tried this and the variable is not change after refresh in online server.. But in local it was changed... So what can i do more? – Vinu Jul 28 '12 at 12:05
  • I posted a link to PHP documentation. It explains there how to change sessions storage folder. – Vitalii Zurian Jul 28 '12 at 12:06
  • I have created one tmp folder and tried session_save_path('/tmp') after session_start(). But no changes. Again same problem occurs. – Vinu Jul 28 '12 at 12:22
  • Updated my answer. Try to use ini_set() and call it before session_start() – Vitalii Zurian Jul 28 '12 at 12:25
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/14565/discussion-between-vinu-and-thecatontheflat) – Vinu Jul 28 '12 at 12:38
0

Try this:

<?php
session_start() ;
$err = array() ;

if ((empty($_POST["name"])) or ($_POST["name"] != "admin")) {
  $err[] = "Wrong username" ;
}

if ((empty($_POST["pwd"])) or ($_POST["pwd"] != "admin")) {
  $err[] = "Wrong password" ;
}

if (count($err) == 0){
  $message = "Success" ;
   $_SESSION['admin'] = true;  
}
?>

NOTE: You must use session_start() before outputting anything to your webpage. No echoes, no symbols, no html before starting this function. Place it on the top of your webpage. Also, if you have it on the top, but still cannot start the session, the encoding may be the problem, because an empty string is considered to be a symbol as well. Encode you file in UTF-8 without BOM

Use notepad++

Hope this helps :)

sybear
  • 7,837
  • 1
  • 22
  • 38
  • Can you explain more about 'UTF-8 without BOM'...? – Vinu Jul 28 '12 at 12:01
  • Imagine: you have 2 files: **config.php** and **session.php**. You include them in your webpage on the top, before tag **DOCTYPE** and ****. If the file config.php is included first and encoded as usual **UTF-8** it will have an empty string in the end of file. This empty string will be displayed in webpage, and the headers will be set already. And you start your session in file **session.php**, but headers are already sent and you cant start session anymore. Thats why you must use UTF-8 wihtout BOM. ("wihtout this empty string in the end of file") – sybear Jul 28 '12 at 12:09