I found the source of the problem #2. It is the use of session_register(foo).
I put the following to my handle_registration.php.
session_register("foo");
session_register("foo2");
$foo2 = $_POST['email'];
$foo['email'] = $_POST['email']
The problem still persists, since no variables are stored to my session cookie.
This is the logic of my login script.
- Solved by Pascal Martin and The Disintegrator: Which is the right place to put the function
session_write_closein generating sessions for login? - How can you get a permanent session for user “session” such that a new session is not started each time index.php is loaded?
I have the session_start() at the beginning of my index.php.
The very Beginning of my index.php
session_start();
if($_SESSION['logged_in'] == false) {
$random_number = rand(1,100000);
session_id($random_number);
session_id['email'] = '';
}
while the very end of my index.php
<?php
session_write_close(); // Session code ends here!
?>
I have right after the very beginning of the session code the validation process of user’s password by
$dbconn = pg_connect("host=localhost port=5432 dbname=masi user=masi password=123");
$result = pg_prepare($dbconn, "query22", "SELECT passhash_md5 FROM users
WHERE email=$1;");
$passhash_md5 = pg_execute($dbconn, "query22", array($_REQUEST['email']));
// users from registration/login form
if ($passhash_md5 == md5($_REQUEST['password'])) {
$_SESSION['logged_in'] = true;
$_SESSION['email'] = $_REQUEST['email'];
$_SESSION['passhash_md5'] = md5($_REQUEST['password']);
}
// this may be unnecessary if the passhash_md5 cannot be changed by the user
$passhash_md5_2 = pg_execute($dbconn, "query22", array($_SESSION['email']));
// users staying in the site
if ($passhash_md5_2 == $_SESSION['passhash_md5'])) {
$_SESSION['logged_in'] = true;
}
The code generates me continuously random sessions such that no user’s data is being saved for the user.
I replaced each $_REQUEST after the login/registration handlers by $_SESSION in my code, since $_REQUEST does not include $_SESSION – still the same problem and I cannot see the username in the homepage after registration/login.
Your code looks like this :
You definitly have some output (the whole content of your page, actually) before
session_regenerate_idis called ; hence the error.The problem is not with “empty lines” or spaces : it is with output ; and HTML is output 😉
Like the call to
session_start, the call tosession_regenerate_idshould be done at the beginning of the script, before anything is sent to the browser.So, here, in the block at the “top” of your
index.php.EDIT : more thoughts.
BTW? I’m not sure you actually need to call
session_write_close; I’ve probably never used that function, I believe… And, quoting the doc :The only case you might need to call this function yourself is if you are doing long calculations :
But this doesn’t seem to be your case, as you are calling this at the end of your script.
So, you could try removing the (useless ?) call to that function…
And, about
session_regenerate_id: do you really need to call this function on each page ?I suppose never calling it would be enough for your site to work… Even if you might want to call it when the user logs in, for security precautions (If I remember correctly, it’s nice to call this function whenever the privileges level of a user changes)
Same about session_id, btw : do you really need to call this function on each page ?