Skip to main content
T
toad78
Known Participant
July 30, 2010
Question

Session is Lost Several Times

  • July 30, 2010
  • 1 reply
  • 492 views

A few months ago I uploaded a site and it contains a login to a CMS. Everything had been working fine up to two weeks ago. None of the files have ever been modified since their first upload, and the CMS has been (and still is) used on a regular basis.

What happens is, after they log in, their automatically forwarded to a menu (there's many items on this menu). When the user clicks on one of the items, for some reason, it goes to the login screen again, which it shouldn't--obviously it's suppose to go the linked page. Once the user logs in, then their directed to the linked page they originally clicked on. Unfortunately, this does not happen all the time. The same user could log in on a different browser and not experience that issue with the same link, but they would experience it with a different link, again not all the time.

This is very queer because this just recently started happening. I have DW CS4 and would greatly appreciate any help. Just for a sample, I've posted the code for both the login and one of the pages we're experiencing a problem:

<connection intentionally left blank>
<?php
if (isset($_POST['pwd'])) { $_POST['pwd'] = sha1($_POST['pwd']); }
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['pwd'];
  $MM_fldUserAuthorization = "admin_priv";
  $MM_redirectLoginSuccess = "menu.php";
  $MM_redirectLoginFailed = "loginfail.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_radmin, $radmin);
       
  $LoginRS__query=sprintf("SELECT username, pwd, admin_priv FROM users WHERE username=%s AND pwd=%s",
  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $radmin) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'admin_priv');
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;           

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];     
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="style/admin.css" rel="stylesheet" type="text/css" media="screen" />
<link href="style/form.css" rel="stylesheet" type="text/css" media="screen" />
</head>

<body>
<div id="onstage">
<div style="background: #FFF; color: #000; font-weight: bold; padding: 10px; width: 400px; position: relative; margin: 0px auto;">
<img src="images/bkgrd/logo.gif" alt="" width="100" height="114" style="float: left; display: inline; margin: 0px;" />
<form id="login" name="login" method="POST" action="<?php echo $loginFormAction; ?>" style="position: relative; float: left; display: inline; margin: 0px; width: 225px;">
<p>
<label for="username">Username:</label>
<br />
<input name="username" type="text" id="username" size="30" maxlength="15" tabindex="1"/>
</p>
<p>
<label for="pwd">Password:</label>
<br />
<input name="pwd" type="password" id="pwd" size="30" maxlength="15" /><br />
<input name="dologin" type="submit" id="dologin" value="Log In" />
</p>
</form>
<div style="clear: both;"></div>
<p style="font-weight: normal; font-size: 10px; text-align: center; color: #999;">(please use Internet Explorer 6+ for all administration changes)</p>
</div>
</div>
</body>
</html>

Sample page:

<intentionally left blank>
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
     
  $logoutGoTo = "../../index.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "y";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "../index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO external_link (name, link) VALUES (%s, %s)",
                       GetSQLValueString($_POST['name'], "text"),
                       GetSQLValueString($_POST['link'], "text"));

  mysql_select_db($database_radmin, $radmin);
  $Result1 = mysql_query($insertSQL, $radmin) or die(mysql_error());

  $insertGoTo = "list.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="../style/admin.css" rel="stylesheet" type="text/css" media="screen" />
<link href="../style/form.css" rel="stylesheet" type="text/css" media="screen" />
</head>

<body>
<div id="block">
<h1>Insert Links </h1>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<table align="center">
<tr valign="baseline">
<td nowrap align="right"><strong>Organization/Company Name:</strong></td>
<td><input name="name" type="text" value="" size="50" maxlength="100"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right"><strong>Web Address Link:<br />
</strong><em>(do NOT include 'http://') </em></td>
<td><input name="link" type="text" value="" size="50" maxlength="150"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right"> </td>
<td><input type="submit" value="Insert record"></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1">
</form>
<p class="menu"><a href="../menu.php">Admin Menu</a><a href="list.php">Link List</a><a href="<?php echo $logoutAction ?>">Log Out</a> </p>
</div>
</body>
</html>

I do hope someone out there has an answer for this odd issue. I've created many CMS' using these same codes and none of them have these issues except this one.

Thank you for your time!

This topic has been closed for replies.

1 reply

Lawrence_Cramer
Lawrence_Cramer
Inspiring
August 3, 2010

Two things to consider... If it was working, and now it's not, what changed?  And, does it work locally?

If it works locally in your local development/test environment ( you do test locally don't you? ) then it's a server issue.

If it was working, and now it's not, and you have not modified the site, then again, it's a server issue.

Test locally to be sure you can say with confidence "It's not my code, it works fine when I test locally"  then contact your host to see if the server is having problems. Which is highly likely if you have done the above checks.

--   
Lawrence   *Adobe Community Professional*
www.Cartweaver.com
Complete Shopping   Cart Application for
Dreamweaver, available in PHP and CF

Stay updated - http://blog.cartweaver.com

T
toad78Author
Known Participant
October 11, 2010

Thank you! I made another contact with someone else at the hosting service and they actually did find a resolution to the problem and things seem to be working!

Thank you again!

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices