Page 1 of 1

[RESOLVED] Session not changing username

Posted: Wed Jul 22, 2009 2:04 pm
by islan
I'm having a problem where I login to my page with a user, then logout, and when I login with a different user, it still logs me in as the first one.

Here is what my code looks like:

Code: Select all

//start session
session_start();
 
// Clean session register
unset($_SESSION['username'], $_SESSION['password']);
 
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
 
header("location:login_success.php");
And login_success.php looks like this:

Code: Select all

<?
session_start();
if(!isset($_SESSION['username'])){
header([Relocation]);
}
?>
I also have a logout script that looks like this:

Code: Select all

<?
session_start();
session_destroy();
?>

Re: [Help] Session not changing username

Posted: Wed Jul 22, 2009 2:10 pm
by spider.nick
islan wrote:I'm having a problem where I login to my page with a user, then logout, and when I login with a different user, it still logs me in as the first one.

Here is what my code looks like:

Code: Select all

//start session
session_start();
 
// Clean session register
unset($_SESSION['username'], $_SESSION['password']);
 
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
 
header("location:login_success.php");
And login_success.php looks like this:

Code: Select all

<?
session_start();
if(!isset($_SESSION['username'])){
header([Relocation]);
}
?>
I also have a logout script that looks like this:

Code: Select all

<?
session_start();
session_destroy();
?>
OK, first things first. You do not need session_start() when you are going to use session_destroy() right after it. Only use session_start() if you plan to use $_SESSION.

Secondly, you do not need to use unset() if you are going to using session_destory().

Lastly, make sure you are actually visiting the pages in the following order:
  • HTML: login page
  • PHP: process login page
  • PHP: successful login page
  • PHP: logout page
  • Repeat 1 - 4
Nick

Re: [Help] Session not changing username

Posted: Wed Jul 22, 2009 2:25 pm
by islan
spider.nick wrote:OK, first things first. You do not need session_start() when you are going to use session_destroy() right after it. Only use session_start() if you plan to use $_SESSION.

Secondly, you do not need to use unset() if you are going to using session_destory().

Lastly, make sure you are actually visiting the pages in the following order:
  • HTML: login page
  • PHP: process login page
  • PHP: successful login page
  • PHP: logout page
  • Repeat 1 - 4
Nick
Okay, I commented out session_start() in logout.php, and unset in checklogin.php (the first one). It doesn't seem to have changed another, as the first user's name is popping up. I suppose it might be important for me to show the code that returns the name as well:

Code: Select all

<?php
        session_start();
        // Connect to server and select databse.
        $con = mysql_connect([MySQL Connection]);
        mysql_select_db("[Database]")or die("cannot select DB");
 
        // Get client's first and last names.
        $sql="SELECT firstname, lastname FROM ClientInfo WHERE" . $_SESSION['username'];
        $result=mysql_query($sql);
        $row=mysql_fetch_array($result, MYSQL_NUM);
        echo $row[0] . ' ' . $row[1] . "\n";
    ?>
This is further down in login_success.php, after a bunch of HTML code that displays the webpage.

PS: AGH! I left out the clientInfo= at the end of the $sql statement! Changed this, and it works! Why didn't it give me an error for improper syntax?

Re: [Help] Session not changing username

Posted: Wed Jul 22, 2009 2:28 pm
by spider.nick
islan wrote:Okay, I commented out session_start() in logout.php, and unset in checklogin.php (the first one). It doesn't seem to have changed another, as the first user's name is popping up. I suppose it might be important for me to show the code that returns the name as well:

Code: Select all

<?php
        session_start();
        // Connect to server and select databse.
        $con = mysql_connect([MySQL Connection]);
        mysql_select_db("[Database]")or die("cannot select DB");
 
        // Get client's first and last names.
        $sql="SELECT firstname, lastname FROM ClientInfo WHERE" . $_SESSION['username'];
        $result=mysql_query($sql);
        $row=mysql_fetch_array($result, MYSQL_NUM);
        echo $row[0] . ' ' . $row[1] . "\n";
    ?>
This is further down in login_success.php, after a bunch of HTML code that displays the webpage.

Code: Select all

 
$sql="SELECT firstname, lastname FROM ClientInfo WHERE" . $_SESSION['username'];
 
That line, when parsed by the PHP compiler, looks like this:

Code: Select all

 
SELECT firstname, lastname FROM ClientInfo WHERE<username_of_logged_in>
 
Where <username_of_logged_in> is the value of $_SESSION['username']. The above query, will always return true, and will always pull the first record from the table.

Instead, your query should look like:

Code: Select all

 
$sql="SELECT firstname, lastname FROM ClientInfo WHERE username = '" . $_SESSION['username'] . "'";
 
Nick

Re: [Help] Session not changing username

Posted: Wed Jul 22, 2009 2:31 pm
by islan
Yeah, I caught it right after I posted my last message. Real silly, but there ya go. Thanks for your help.

Re: [Help] Session not changing username

Posted: Wed Jul 22, 2009 2:36 pm
by spider.nick
islan wrote:Yeah, I caught it right after I posted my last message. Real silly, but there ya go. Thanks for your help.
No problem. And thanks for changing the title.

Nick