Page 1 of 1
[RESOLVED] Session not changing username
Posted: Wed Jul 22, 2009 2:04 pm
by islan
I'm having a problem where I login to my page with a user, then logout, and when I login with a different user, it still logs me in as the first one.
Here is what my code looks like:
Code: Select all
//start session
session_start();
// Clean session register
unset($_SESSION['username'], $_SESSION['password']);
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("location:login_success.php");
And login_success.php looks like this:
Code: Select all
<?
session_start();
if(!isset($_SESSION['username'])){
header([Relocation]);
}
?>
I also have a logout script that looks like this:
Code: Select all
<?
session_start();
session_destroy();
?>
Re: [Help] Session not changing username
Posted: Wed Jul 22, 2009 2:10 pm
by spider.nick
islan wrote:I'm having a problem where I login to my page with a user, then logout, and when I login with a different user, it still logs me in as the first one.
Here is what my code looks like:
Code: Select all
//start session
session_start();
// Clean session register
unset($_SESSION['username'], $_SESSION['password']);
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("location:login_success.php");
And login_success.php looks like this:
Code: Select all
<?
session_start();
if(!isset($_SESSION['username'])){
header([Relocation]);
}
?>
I also have a logout script that looks like this:
Code: Select all
<?
session_start();
session_destroy();
?>
OK, first things first. You do not need
session_start() when you are going to use
session_destroy() right after it. Only use
session_start() if you plan to use
$_SESSION.
Secondly, you do not need to use
unset() if you are going to using
session_destory().
Lastly, make sure you are actually visiting the pages in the following order:
- HTML: login page
- PHP: process login page
- PHP: successful login page
- PHP: logout page
- Repeat 1 - 4
Nick
Re: [Help] Session not changing username
Posted: Wed Jul 22, 2009 2:25 pm
by islan
spider.nick wrote:OK, first things first. You do not need
session_start() when you are going to use
session_destroy() right after it. Only use
session_start() if you plan to use
$_SESSION.
Secondly, you do not need to use
unset() if you are going to using
session_destory().
Lastly, make sure you are actually visiting the pages in the following order:
- HTML: login page
- PHP: process login page
- PHP: successful login page
- PHP: logout page
- Repeat 1 - 4
Nick
Okay, I commented out session_start() in logout.php, and unset in checklogin.php (the first one). It doesn't seem to have changed another, as the first user's name is popping up. I suppose it might be important for me to show the code that returns the name as well:
Code: Select all
<?php
session_start();
// Connect to server and select databse.
$con = mysql_connect([MySQL Connection]);
mysql_select_db("[Database]")or die("cannot select DB");
// Get client's first and last names.
$sql="SELECT firstname, lastname FROM ClientInfo WHERE" . $_SESSION['username'];
$result=mysql_query($sql);
$row=mysql_fetch_array($result, MYSQL_NUM);
echo $row[0] . ' ' . $row[1] . "\n";
?>
This is further down in login_success.php, after a bunch of HTML code that displays the webpage.
PS: AGH! I left out the clientInfo= at the end of the $sql statement! Changed this, and it works! Why didn't it give me an error for improper syntax?
Re: [Help] Session not changing username
Posted: Wed Jul 22, 2009 2:28 pm
by spider.nick
islan wrote:Okay, I commented out session_start() in logout.php, and unset in checklogin.php (the first one). It doesn't seem to have changed another, as the first user's name is popping up. I suppose it might be important for me to show the code that returns the name as well:
Code: Select all
<?php
session_start();
// Connect to server and select databse.
$con = mysql_connect([MySQL Connection]);
mysql_select_db("[Database]")or die("cannot select DB");
// Get client's first and last names.
$sql="SELECT firstname, lastname FROM ClientInfo WHERE" . $_SESSION['username'];
$result=mysql_query($sql);
$row=mysql_fetch_array($result, MYSQL_NUM);
echo $row[0] . ' ' . $row[1] . "\n";
?>
This is further down in login_success.php, after a bunch of HTML code that displays the webpage.
Code: Select all
$sql="SELECT firstname, lastname FROM ClientInfo WHERE" . $_SESSION['username'];
That line, when parsed by the PHP compiler, looks like this:
Code: Select all
SELECT firstname, lastname FROM ClientInfo WHERE<username_of_logged_in>
Where
<username_of_logged_in> is the value of
$_SESSION['username']. The above query, will always return true, and will always pull the first record from the table.
Instead, your query should look like:
Code: Select all
$sql="SELECT firstname, lastname FROM ClientInfo WHERE username = '" . $_SESSION['username'] . "'";
Nick
Re: [Help] Session not changing username
Posted: Wed Jul 22, 2009 2:31 pm
by islan
Yeah, I caught it right after I posted my last message. Real silly, but there ya go. Thanks for your help.
Re: [Help] Session not changing username
Posted: Wed Jul 22, 2009 2:36 pm
by spider.nick
islan wrote:Yeah, I caught it right after I posted my last message. Real silly, but there ya go. Thanks for your help.
No problem. And thanks for changing the title.
Nick