When I use PHP header redirection, all session variables are lost… Some people say that adding exit(); just after the header(""); will solve the problem, but it doesn’t seem to be the solution…
Is there a solution?
Here is how I store variable into the session:
include 'dbc.php';
$err = array();
foreach($_GET as $key => $value) {
$get[$key] = filter($value); // GET variables are filtered.
}
if ($_POST['doLogin'] == 'Login')
{
foreach($_POST as $key => $value) {
$data[$key] = filter($value); // POST variables are filtered
}
$user_email = $data['usr_email'];
$pass = $data['pwd'];
if (strpos($user_email,'@') === false) {
$user_cond = "user_name='$user_email'";
}
else {
$user_cond = "user_email='$user_email'";
}
$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE
$user_cond
AND `banned` = '0'
") or die (mysql_error());
$num = mysql_num_rows($result);
// Match row found with more than 1 results - the user is authenticated.
if ($num > 0) {
list($id, $pwd, $full_name, $approved, $user_level) = mysql_fetch_row($result);
if(!$approved) {
//$msg = urlencode("Account not activated. Please check your email for activation code");
$err[] = "Account not activated. Please check your email for activation code";
//header("Location: login.php?msg=$msg");
//exit();
}
// Check against salt
if ($pwd === PwdHash($pass, substr($pwd, 0, 9))) {
// This sets session and logs user in
session_start();
session_regenerate_id (true); // Prevent against session fixation attacks.
// This sets variables in the session
$_SESSION['user_id'] = $id;
$_SESSION['user_name'] = $full_name;
$_SESSION['user_level'] = $user_level;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
// Update the timestamp and key for cookie
$stamp = time();
$ckey = GenKey();
mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
// Set a cookie
if(isset($_POST['remember'])) {
setcookie("user_id", $_SESSION['user_id'], time() + 60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", sha1($ckey), time() + 60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_name", $_SESSION['user_name'], time() + 60*60*24*COOKIE_TIME_OUT, "/");
}
if(empty($err)) {
header("Location: myaccount.php");
}
}
else
{
//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
$err[] = "Invalid Login. Please try again with correct user email and password.";
//header("Location: login.php?msg=$msg");
}
}
else {
$err[] = "Error - Invalid login. No such user exists";
}
}
Redirection code:
// Connect database
require_once 'dbc.php';
page_protect();
$authorID = $_SESSION['user_id'];
if (!empty($_POST["answ_content"]) && $authorID != 0) {
// Vaqciot html chveulebriv texad
$content = htmlentities($_POST["answ_content"], ENT_COMPAT, 'UTF-8');
$dro = date('Y-m-d H:i:s');
$qID = $_POST["question_ID"];
$author = $_SESSION["user_name"];
$sql = "INSERT INTO wp_comments (comment_ID, comment_post_ID, comment_author, comment_author_IP, comment_date, comment_content, user_id)
VALUES
(NULL, '$qID', '$author', '123.123.123.123', '$dro', '$content', '$authorID')";
$result = mysql_query($sql);
// Pasuxebis raodenobis ertit gazrda
$increase = "UPDATE wp_posts SET comment_count = comment_count+1 WHERE ID = $qID";
mysql_query($increase);
// Gadamisamarteba shekitxvis gverdze
$url = 'Location:http://example.com/site/answ/question.php?ID=' . $qID;
header($url);
} else {
echo 'error';
}
You need to put
exit();after your header redirection, otherwise you have just loaded two pages of content into 1 page.Also make sure you have
session_start();at the top of all your scripts.