9 Replies Latest reply on Feb 21, 2009 7:34 AM by Günter Schenk

    Need Help With Redirect That Uses Session Variable

      I am new to dynamic sites, php, and developer toolbox, but I have been able to create a login site using the different form wizards fairly easily (in CS3 with Developers toolbox). <br /> <br />I am trying to set a server behavior on a page that redirects the user to a new page if a session variable matches a recordset. <br /> <br />I was using an extension (PHP Sessions - http://www.adobe.com/cfusion/exchange/index.cfm?event=extensionDetail&amp;extid=681308 ) that worked great, but when I installed developers toolbox, it stopped working (get error message about runtime/MX environment). <br /> <br />Ive been struggling for days and this is what Ive come up with so far: <br />------------------------------------ <br />session_start(); <br />if (!isset($HTTP_SESSION_VARS[$_SESSION['kt_firstname']]) || $HTTP_SESSION_VARS[$_SESSION['kt_firstname']] = $row_Recordsetfname['firstname']) { <br /> header ("Location: ../firstname/firstname1.php"); <br />} <br />------------------------------------ <br /> <br />It redirects regardless of the match. Any ideas on what I can do to get this working? Here is all of the code (with block from above inserted) up until the doc type: <br />------------------------------------ <br /><?php require_once('../Connections/project1.php'); ?> <br /><?php<br />// Load the tNG classes<br />require_once('../includes/tng/tNG.inc.php');<br /><br />// Make unified connection variable<br />$conn_project1 = new KT_connection($project1, $database_project1);<br /><br />//Start Restrict Access To Page<br />$restrict = new tNG_RestrictAccess($conn_project1, "../");<br />//Grand Levels: Any<br />$restrict->Execute();<br />//End Restrict Access To Page<br /><br />if (!function_exists("GetSQLValueString")) {<br />function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") <br />{<br />  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;<br /><br />  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);<br /><br />  switch ($theType) {<br />    case "text":<br />      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";<br />      break;    <br />    case "long":<br />    case "int":<br />      $theValue = ($theValue != "") ? intval($theValue) : "NULL";<br />      break;<br />    case "double":<br />      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";<br />      break;<br />    case "date":<br />      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";<br />      break;<br />    case "defined":<br />      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;<br />      break;<br />  }<br />  return $theValue;<br />}<br />}<br /><br />// FELIXONE - 2002   SB by Felice Di Stefano - www.felixone.it<br />session_start();<br />if (!isset($HTTP_SESSION_VARS[$_SESSION['kt_firstname']]) || $HTTP_SESSION_VARS[$_SESSION['kt_firstname']] = $row_Recordsetfname['firstname']) {<br />  header ("Location: ../firstname/firstname1.php");<br />}<br /><br />$colname_Recordsetfname = "-1";<br />if (isset($_SESSION['kt_user_name'])) {<br />  $colname_Recordsetfname = $_SESSION['kt_user_name'];<br />}<br />mysql_select_db($database_project1, $project1);<br />$query_Recordsetfname = sprintf("SELECT firstname FROM registration WHERE user_name = %s", GetSQLValueString($colname_Recordsetfname, "text"));<br />$Recordsetfname = mysql_query($query_Recordsetfname, $project1) or die(mysql_error());<br />$row_Recordsetfname = mysql_fetch_assoc($Recordsetfname);<br />$totalRows_Recordsetfname = mysql_num_rows($Recordsetfname);<br /><br />$colname_Recordset1 = "-1";<br />if (isset($_SESSION['kt_user_name'])) {<br />  $colname_Recordset1 = $_SESSION['kt_user_name'];<br />}<br />mysql_select_db($database_project1, $project1);<br />$query_Recordset1 = sprintf("SELECT `Date` FROM registration WHERE user_name = %s", GetSQLValueString($colname_Recordset1, "text"));<br />$Recordset1 = mysql_query($query_Recordset1, $project1) or die(mysql_error());<br />$row_Recordset1 = mysql_fetch_assoc($Recordset1);<br />$totalRows_Recordset1 = mysql_num_rows($Recordset1);<br />?> <br /> <br />------------------------------
        • 1. Re: Need Help With Redirect That Uses Session Variable
          Günter Schenk Level 4
          Hi Dale,

          on top of my head, shouldn´t the condition rather be like this:

          if (!isset($_SESSION['kt_firstname']) || $_SESSION['kt_firstname'] != $row_Recordsetfname['firstname']) {
          header ("Location: ../firstname/firstname1.php");
          }

          The main problem I see with your approach is :: you´re trying to access a recordset value ($row_Recordsetfname['firstname']) which, at this point, hasn´t been initialized yet.

          -------
          I was using an extension ... that worked great, but when I installed developers toolbox, it stopped working (get error message about runtime/MX environment)
          -------

          As you´re new to ADDT, you´ll find that there´s no guarantee that other extensions can be integrated into the ADDT workflow at all -- this is a risky approach, and I´d suggest to avoid that if possible

          Cheers,
          Günter Schenk
          Adobe Community Expert, Dreamweaver
          • 2. Re: Need Help With Redirect That Uses Session Variable
            Level 1
            Günter, <br /> <br />Thanks for the quick reply. I changed the code but I still can't seem to get the page to redirect. I checked to see if all of the session variables are active on the page by dragging the variables into the text of the page, and they are active. Any ideas on what the heck is going on? I put the code of the page (up to the doc type) below. The redirect behaviour is near the end of the code. I appreciate any insights. <br /> <br /><?php require_once('../Connections/project1.php'); ?> <br /><?php<br />// Load the tNG classes<br />require_once('../includes/tng/tNG.inc.php');<br /><br />// Make unified connection variable<br />$conn_project1 = new KT_connection($project1, $database_project1);<br /><br />//Start Restrict Access To Page<br />$restrict = new tNG_RestrictAccess($conn_project1, "../");<br />//Grand Levels: Any<br />$restrict->Execute();<br />//End Restrict Access To Page<br /><br />if (!function_exists("GetSQLValueString")) {<br />function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") <br />{<br />  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;<br /><br />  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);<br /><br />  switch ($theType) {<br />    case "text":<br />      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";<br />      break;    <br />    case "long":<br />    case "int":<br />      $theValue = ($theValue != "") ? intval($theValue) : "NULL";<br />      break;<br />    case "double":<br />      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";<br />      break;<br />    case "date":<br />      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";<br />      break;<br />    case "defined":<br />      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;<br />      break;<br />  }<br />  return $theValue;<br />}<br />}<br /><br />$colname_Recordsetfname = "-1";<br />if (isset($_SESSION['kt_login_user'])) {<br />  $colname_Recordsetfname = $_SESSION['kt_login_user'];<br />}<br />mysql_select_db($database_project1, $project1);<br />$query_Recordsetfname = sprintf("SELECT firstname FROM registration WHERE e_mail = %s", GetSQLValueString($colname_Recordsetfname, "text"));<br />$Recordsetfname = mysql_query($query_Recordsetfname, $project1) or die(mysql_error());<br />$row_Recordsetfname = mysql_fetch_assoc($Recordsetfname);<br />$totalRows_Recordsetfname = mysql_num_rows($Recordsetfname);<br /><br />$colname_Recordsetdate = "-1";<br />if (isset($_SESSION['kt_login_user'])) {<br />  $colname_Recordsetdate = $_SESSION['kt_login_user'];<br />}<br />mysql_select_db($database_project1, $project1);<br />$query_Recordsetdate = sprintf("SELECT `Date` FROM registration WHERE e_mail = %s", GetSQLValueString($colname_Recordsetdate, "text"));<br />$Recordsetdate = mysql_query($query_Recordsetdate, $project1) or die(mysql_error());<br />$row_Recordsetdate = mysql_fetch_assoc($Recordsetdate);<br />$totalRows_Recordsetdate = mysql_num_rows($Recordsetdate);<br />session_start();<br /><br />if (!isset($_SESSION['kt_firstname']) || $_SESSION['kt_firstname'] != $row_Recordsetfname['firstname']) { <br />  header ("Location: ../firstname/firstname1.php"); <br />} <br />?>
            • 3. Re: Need Help With Redirect That Uses Session Variable
              Level 1
              Günter,

              it works great - i just needed to change != to =

              this gave me the redirect I was looking for

              thank you very very very much

              Dale
              • 4. Re: Need Help With Redirect That Uses Session Variable
                Günter Schenk Level 4
                Hi Dale,

                ----
                it works great - i just needed to change != to =
                ----

                ...and this worries me pretty much, because "=" is no valid comparison operator at all -- "=" just assigns some value to the variable that´s declared on the left side of this operator, and this doesn´t make any sense in this context.

                Some examples for valid comparison operators :: "==" stands for "is equal to", or "!=" stands for "is not equal to".

                However, if it works, it works, but I don´t understand why it works :-)

                Cheers,
                Günter Schenk
                Adobe Community Expert, Dreamweaver
                • 5. Re: Need Help With Redirect That Uses Session Variable
                  I am new to adobe toolbox... I ve created a ligin page but not sure how to pass the session variable. I am trying to direct successful login to a page like... index.php?id=filter <br /> <br />been struggling all day with this. Please help!!! <br /> <br /><?php require_once('Connections/comm.php'); ?> <br /><?php<br />// Load the common classes<br />require_once('includes/common/KT_common.php');<br /><br />// Load the tNG classes<br />require_once('includes/tng/tNG.inc.php');<br /><br />// Make a transaction dispatcher instance<br />$tNGs = new tNG_dispatcher("");<br /><br />// Make unified connection variable<br />$conn_comm = new KT_connection($comm, $database_comm);<br /><br />// Start trigger<br />$formValidation = new tNG_FormValidation();<br />$formValidation->addField("kt_login_user", true, "text", "", "", "", "");<br />$formValidation->addField("kt_login_password", true, "text", "", "", "", "");<br />$tNGs->prepareValidation($formValidation);<br />// End trigger<br /><br />// Make a login transaction instance<br />$loginTransaction = new tNG_login($conn_comm);<br />$tNGs->addTransaction($loginTransaction);<br />// Register triggers<br />$loginTransaction->registerTrigger("STARTER", "Trigger_Default_Starter", 1, "POST", "kt_login1");<br />$loginTransaction->registerTrigger("BEFORE", "Trigger_Default_FormValidation", 10, $formValidation);<br />$loginTransaction->registerTrigger("END", "Trigger_Default_Redirect", 99, "{kt_login_redirect}");<br />// Add columns<br />$loginTransaction->addColumn("kt_login_user", "STRING_TYPE", "POST", "kt_login_user");<br />$loginTransaction->addColumn("kt_login_password", "STRING_TYPE", "POST", "kt_login_password");<br />$loginTransaction->addColumn("kt_login_rememberme", "CHECKBOX_1_0_TYPE", "POST", "kt_login_rememberme", "0");<br />// End of login transaction instance<br /><br />// Execute all the registered transactions<br />$tNGs->executeTransactions();<br /><br />// Get the transaction recordset<br />$rscustom = $tNGs->getRecordset("custom");<br />$row_rscustom = mysql_fetch_assoc($rscustom);<br />$totalRows_rscustom = mysql_num_rows($rscustom);<br /><br />?> <br /> <br /> <br /> <br /> <br /> <br /> <script src="includes/common/js/base.js" type="text/javascript"></script> <br /> <script src="includes/common/js/utility.js" type="text/javascript"></script> <br /> <script src="includes/skins/style.js" type="text/javascript"></script> <br /><?php echo $tNGs->displayValidationRules();?> <br /> <br /> <br /> <br /><?php<br /> echo $tNGs->getLoginMsg();<br />?> <br /><?php<br /> echo $tNGs->getErrorMsg();<br />?> <br /> <form method="post" id="form1" class="KT_tngformerror" action="%3C?php%20echo%20KT_escapeAttribute(KT_getFullUri());%20?%3E"> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <table cellpadding="2" cellspacing="0" class="KT_tngtable"> <tr> <td class="KT_th"> <label for="kt_login_user">Username:</label> </td> <td> <input type="text" name="kt_login_user" id="kt_login_user" value="<?php echo KT_escapeAttribute($row_rscustom['kt_login_user']); ?>" size="32" /> <br /> <?php echo $tNGs->displayFieldHint("kt_login_user");?> <?php echo $tNGs->displayFieldError("custom", "kt_login_user"); ?></td> </tr> <tr> <td class="KT_th"> <label for="kt_login_password">Password:</label> </td> <td> <input type="password" name="kt_login_password" id="kt_login_password" value="" size="32" /> <br /> <?php echo $tNGs->displayFieldHint("kt_login_password");?> <?php echo $tNGs->displayFieldError("custom", "kt_login_password"); ?></td> </tr> <tr> <td class="KT_th"> <label for="kt_login_rememberme">Remember me:</label> </td> <td> <input <?php if (!(strcmp(KT_escapeAttribute($row_rscustom['kt_login_rememberme']),"1"))) {echo "checked";} ?> type="checkbox" name="kt_login_rememberme" id="kt_login_rememberme" value="1" /> <br /> <?php echo $tNGs->displayFieldError("custom", "kt_login_rememberme"); ?></td> </tr> <tr class="KT_buttons"> <td colspan="2"> <input type="submit" name="kt_login1" id="kt_login1" value="Login" /> <br /></td> </tr> </table> <br /> <a href="forgot_password.php">Forgot your password?</a> <br /></form> <br /> <p>&#160;</p> <br /> <br />
                  • 6. Re: Need Help With Redirect That Uses Session Variable
                    Günter Schenk Level 4
                    Hi vonnero,

                    passing Session Variables via URL parameters is - honestly said - very bad practice and should be avoided at any cost.

                    Please read my tutorial "Protecting your application: Update my Account" which demonstrates the reasons for avoiding this insecure method and shows you how to do it the right way: http://www.guenter-schenk.com/tutorials/tutorial.php?id=8

                    Cheers,
                    Günter Schenk
                    Adobe Community Expert, Dreamweaver
                    • 7. Re: Need Help With Redirect That Uses Session Variable
                      Level 1
                      that was great... i have always thot of that security side. Thanks alot.

                      now how do i then identify users in a community website? Please advice... thanks again.
                      • 8. Re: Need Help With Redirect That Uses Session Variable
                        Level 1
                        most importantly, how do i authenticate users and assign them top their unique profile page using adobe toolbox? thats any tutorials or advice will be highly appreciated...
                        • 9. Re: Need Help With Redirect That Uses Session Variable
                          Günter Schenk Level 4
                          Hi vonnero,

                          ------
                          now how do i then identify users in a community website?
                          ------

                          as I assume you´d be building this community network website with ADDT as well, the only advice I can give is to use ADDT´s session variable "kt_login_id" in your query, example:

                          "SELECT username FROM login WHERE id" equals the Session Variable kt_login_id

                          ------
                          most importantly, how do i authenticate users and assign them top their unique profile page using adobe toolbox?
                          ------

                          I fear I don´t fully understand what you want -- can you elaborate on this ?

                          Cheers,
                          Günter Schenk
                          Adobe Community Expert, Dreamweaver