losing session variable after Form submit

Report · Mar 30, 2012

My website's login and data retrieval features were working fine until I added a Form. Upon submit, it calls a php to send the form contents to me in an email (code I copied-pasted from HELP somewhere). After that, the website thinks the user isn't logged in anymore. I'm using the session variable MM_Username for login validation, so it must be getting lost in the Submit process. How do I keep hold of MM_Username?

I appreciate any help you can offer

Report · Mar 30, 2012

We would obviously need to see the code to troubleshoot. Are you sure the script is not calling session_destroy()?

Report · Mar 30, 2012

Dear bregent, thank you for taking the time to help. The entire code from the php that is called upon submission of my form is below. I believe that MM_Username is intact upon entry to this code (I did an echo the best I know how, and the user's email (what I'm using as the username) displayed quickly). But, upon calling discangl_classlist_confirm.php, the user name is no longer showing-up (and it did on the previous page, so I know that echo coding is correct). I took-out the behavior to validate the user, so after I/we figure-out the MM_Username thing, I will put that back in.

<?php require_once('Connections/dastudents.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
}
?>

<?php

//--------------------------Set these paramaters--------------------------

// Subject of email sent to you.
$subject = 'Class Completion Information';

// Your email address. This is where the form information will be sent.
$emailadd = 'instructor@centerATLAS.org';

// Where to redirect after form is processed.
$url = 'http://www.centerATLAS.org/discangl_classlist_confirm.php';

// Makes all fields required. If set to '1' no field can be empty. If set to '0' any or all fields can be empty.
$req = '0';

// --------------------------Do not edit below this line--------------------------
$text = "Results from form:\n\n";
$space = ' ';
$line = '
';
foreach ($_POST as $key => $value)
{
if ($req == '1')
{
if ($value == '')
{echo "$key is empty. Please hit browser BACK button and complete the form.";die;}
}
$j = strlen($key);
if ($j >= 30)
{echo "Name of form element $key cannot be longer than 30 characters";die;}
$j = 30 - $j;
for ($i = 1; $i <= $j; $i++)
{$space .= ' ';}
$value = str_replace('\n', "$line", $value);
$conc = "{$key}:$space{$value}$line";
$text .= $conc;
$space = ' ';
}
mail($emailadd, $subject, $text, 'From: '.$emailadd.'');
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>send class completion information in an email</title>
</head>

Report · Mar 30, 2012

And, in case there's something that works only under certain conditions in the next file, here's the php at the top of discangl_classlist_confirm.php

<?php require_once('Connections/dastudents.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
unset($_SESSION['PrevUrl']);

$logoutGoTo = "catechism.html";
if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
}
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
}
return $theValue;
}
}

$colname_studentclassdata = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_studentclassdata = $_SESSION['MM_Username'];
}
mysql_select_db($database_dastudents, $dastudents);
$query_studentclassdata = sprintf("SELECT firstname, lastname, emailaddress, dateregistered, class1date, class2date, class3date, class4date, class5date, class6date, class7date, class8date, class9date, class10date, class11date, class12date, class13date, class14date, class15date FROM dastudents WHERE emailaddress = %s", GetSQLValueString($colname_studentclassdata, "text"));
$studentclassdata = mysql_query($query_studentclassdata, $dastudents) or die(mysql_error());
$row_studentclassdata = mysql_fetch_assoc($studentclassdata);
$totalRows_studentclassdata = mysql_num_rows($studentclassdata);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

Report · Mar 30, 2012

The code in discangl_classlist_confirm works correctly the first time through, letting-in a logged-in user, and displaying their name. However, after a form is filled-out and the sendclasscomplete.php is called upon Submit, the second time through it doesn't work correctly.

Report · Mar 30, 2012

ok, in the midst of all of that code, I have a specific question. This is a line of code at the end of the php called by the Submit

echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';

Is there a way to make sure the URL maintains the MM_Username variable?

Report · Apr 02, 2012

If you search the web for 'php session variables lost after redirect' you'll see lots of other folks with similar problems. The problem appears to be that the sessions are not lost, but rather that a new session is created for the page that is redirected to (discangl_classlist_confirm.php).

The first question to ask, what is the complete url of the user login page? Next, I would try switching this:

echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';

to

header("Location: $url");

Report · Apr 02, 2012

Thank you. Yes, I searched around and found some info about "refresh" and I think it's working now. I will also print out your suggestion and keep it handy in case it starts acting-up again. I appreciate your time