Page 1 of 1

why isnt my session data defining id?

Posted: Wed Dec 02, 2009 1:15 pm
by chris_s_22
This is my login function

Code: Select all

function user_login($username, $password)
{
    $thequery = ("SELECT registered FROM members WHERE username = '". $username ."' ");
    $query = mysql_query($thequery) or die ('session data dont match.');
    $row = mysql_fetch_array($query); 
    $result = $row['registered'];  
    if($result == 0)
    {
    // Reshow the form with an error
    $notregistered_error = 'username not registered';
    include 'index.php';
    exit;
    }
    
     // Try and get the salt from the database using the username
     $query = ("select salt from members where username='$username' limit 1");
     $result = mysql_query($query);
     $user = mysql_fetch_array($result);
 
     // Using the salt, encrypt the given password to see if it 
     // matches the one in the database
     $encrypted_pass = md5(md5($password).$user['salt']);
     
     // Try and get the user using the username & encrypted pass
     $query = "SELECT id, username FROM members WHERE username='$username' and password='$encrypted_pass'";
     $result = mysql_query($query);
     $user = mysql_fetch_array($result);
     $numrows = mysql_num_rows($result);
 
     // Now encrypt the data to be stored in the session
     $encrypted_id = md5($user['id']);
     $encrypted_name = md5($user['username']);
     
     // Store the data in the session  
     $_SESSION['id'] = $id;
     $_SESSION['username'] = $username;
     $_SESSION['encrypted_id'] = $encrypted_id;
     $_SESSION['encrypted_name'] = $encrypted_name;
 
    if ($numrows == 1)
    {
        return 'Correct';
    }
    else
    {
        return false;
    }
}
if i try echo out session data it leaves the $id blank

Code: Select all

<?php
if (!isset($_SESSION)) {
session_start();
}
echo '<pre>';
print_r( $_SESSION );
echo '</pre>';
?>

Re: why isnt my session data defining id?

Posted: Thu Dec 03, 2009 11:49 am
by chris_s_22
solved

Re: why isnt my session data defining id?

Posted: Thu Dec 03, 2009 3:30 pm
by darkresident
Hi Can you please help me out...you seem to have understood this. I am building an ajax application and i do most of the form validation using xhr object. I am having problems implementing the session handling. My code for the validation of the login info looks like this

<?php
include_once "../database/dbconnect.php";

session_start();

$username = isset($_POST["userNameLogin"]) ? $_POST["userNameLogin"] : $_SESSION["userNameLogin"];
$pwd = isset($_POST["passwordLogin"]) ? $_POST["passwordLogin"] : $_SESSION["passwordLogin"];

// Sending these messages to my client side validation code.
if(!isset($username)){
echo("{message : 'NoName'}");
}elseif(!isset($pwd)){
echo("{message : 'NoPW'}");
}

$_SESSION['userNameLogin'] = $username;
$_SESSION['passwordLogin'] = $pwd;

dbConnection();

$sQuery = "SELECT * FROM users WHERE
username = '$username' AND password = '$pwd'";

$result = mysql_query($sQuery) or die(mysql_error());
$intFound = mysql_num_rows($result);

if ($intFound == 0) {
unset($_SESSION['userNameLogin']);
unset($_SESSION['passwordLogin']);

// AD - Access Denied
echo("{message : 'AD'}");
}else{
//a flag to set in the database who is currently online
mysql_query("UPDATE users SET online = '1' WHERE username = '$username'") or die(mysql_error);

}


As you can see, i new to this stuff i having my share of problems. What can i do to make sure that sessions are set and unset properly i.e when user logs out.
secondly how can i monitor who is online and who is not using sessions. This is how i am trying to check who is currently online and then building a json file with the user names and sending it to the client. Easy to parse.

<?php
// this script determines which sessions are currently active by
// 1.) checking to see which online fields in the users table are set to 1
// 2.) by determining if a session variable has been set for these users.
// If it is not set, it means user is no longer active and script sets its online field in the users table to zero.
// After doing this, the script, then queries the users table for online fields with values one, writes them to an
// array and passes them to the client.

include_once "../database/dbconnect.php";
//include "../validation/accessControl.php";

$tempActiveUsers = array();
$activeUsers = array();
$nonActiveUsers = array();

dbConnection();

$sql = "SELECT username from users WHERE online = '1' ";

$active_result = mysql_query($sql) or die(mysql_error);

if($active_result){
while($aValues = mysql_fetch_array($active_result)){
array_push($tempActiveUsers, $aValues['username']);
}
}

forEach($tempActiveUsers as $value){
/*if($_SESSION['$value'] == $value){
$activeUsers += $value;
} */
if(isset($_SESSION['userNameLogin']) == $value){
array_push($activeUsers, $value);
}else{
array_push($nonActiveUsers, $value);
}
}

forEach($nonActiveUsers as $value1){
$sql1 = "UPDATE users SET online='0' WHERE username = '$value1'";

$set_result = mysql_query($sql1) or die(mysql_error);
}

$length = sizeof($activeUsers);
$len = 1;
$json ='{"users" : {';
$json .= '"user":[';
forEach($activeUsers as $value2){
$json .= '{';
$json .= '"username" : "' .$value2.'" }';
if($len != $length){
$json .= ',';
}
$len++;
}
$json .= ']';
$json .= '}}';
echo $json;

If you need more background info let me know. Thanks in advance