Simple PHP Login script - AOL Sucking... Help!


#1

Hi everyone!

I’m new to this forum & in need of a bit of help…

I’m currently developing a site in PHP (www.elitedjs.co.uk) for a friend of mine. As I’m trying to make the site content as dynamic as possible so I don’t have to keep updating it myself, I’ve developed a nice little admin area for my friend to use.

Obviously, it requires authentication to stop just anyone messing with the data, however I’m having issues with the user authentication after the login stage…

From what I can gather the problem is AOL. I’ve never liked AOL, but it’s what my friend who will be doing the admin is using, so I’ve got to work with it :evil: ):

<?
session_start();

$user = trim($_POST["username"]);
$pass = trim($_POST["password"]);

If ($user=="xxxxx") {

If ($pass=="yyyy") {

 $_SESSION["user"]="zzzzzz";

 header("Location: http://www.elitedjs.co.uk/valid"); 


} else {

 header("Location: http://www.elitedjs.co.uk/invalid");

}

} else {

header("Location: http://www.elitedjs.co.uk/invalid");

}
?>

And here’s the authentication code at the top of each of the admin pages:


session_start();

If($_SESSION["user"]!=="zzzzzz") {

header("Location: http://www.elitedjs.co.uk/nosession");

}
 

As I said, this works fine for me & I’m not on AOL… The error he is getting is from the authentication code on the admin pages which re-directs to the ‘nosession’ page if the user is not logged in and trying to access the page.

So, any ideas??

Oh, I’ve also tried using cookes instead (which I know you shouldn’t do for authentication, but thought I’d give it a shot) and that also failed to work over AOL…


#2

Are you talking about the AOL browser? What exactly does the error message say?


#3

He has been using the AOL browser - I also got him to try it with IE, which produced the same result…

The error is that the session is dropped (or simply not sent to the server) by his PC.

I found a test script on another server which he tested and it worked, so I’ve uploaded exactly the same script to his server to see if it works on there… It’ll be weird if it does, as it’s pretty damned similar to mine!

I tried it and it works fine for me… again.


#4

make sure there is absolutely no white space before the start of the session. Open php, next line start_session. No blank line/space before or between.


#5

The code already is like that… The thing is, it works fine from both my work and home PC’s, thus suggesting that it’s not a server issue, but something to do with his browser client simply not sending the session id with the http request like it should. Security settings?