Session variables not storing on first attempt

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jimmyjambo
Forum Newbie
Posts: 7
Joined: Thu Oct 29, 2009 5:51 pm

Session variables not storing on first attempt

Post by jimmyjambo »

I am having problems with my login script. The first time i try and log in the session variable is not getting stored. When i try a second time it works without a problem. Please help its driving me mad! :)

Check Login Page

Code: Select all

<?php
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("");
mysql_select_db("$db_name")or die("");

// username and password sent from form
$_POST['mypassword']=md5($_POST['mypassword']);
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)

$myusername=stripslashes($myusername);
$mypassword=stripslashes($mypassword);
$myusername=mysql_real_escape_string($myusername);
$myusername=strtolower($myusername);
$mypassword=mysql_real_escape_string($mypassword);

$sql=mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1' LIMIT 0,1")or die();
while($ids = mysql_fetch_array( $sql )){
$id=$ids['id'];
$familyid=$ids['family_id'];
$login1=$ids['login'];
}

$login=$login1 +1;
$logindate=date('d/m/Y');

$count=mysql_num_rows($sql);

if($count==1){
$sql2 = "UPDATE family_users SET login='$login', login_date='$logindate' WHERE id='$id'";
if (@mysql_query($sql2)){
} else {
exit();
}

session_start();
$_SESSION['valid_user'] = $id;
echo "<html><head><title>Login</title><meta http-equiv='REFRESH' content='0;url=main.php?id=$id&familyid=$familyid'></HEAD><BODY></BODY></HTML>";

}
else {
$link = "login.php";
$error = "Wrong Username or Password, Please try again";
require('../error.php');
}
ob_flush();
?>[/php]

[b]Main Page, after login[/b]

[php]<?php 
session_start();
$sesid=$_SESSION['valid_user'];

// Connects to your Database 
mysql_connect("db104.oneandone.co.uk", "dbo197162027", "woodlands") or die(mysql_error()); 
mysql_select_db("db197162027") or die(mysql_error()); 


if (isset($_SESSION['valid_user']))
{
$check = mysql_query("SELECT * FROM family_users WHERE id = '$sesid' LIMIT 0,1")or die(mysql_error());  
while($info = mysql_fetch_array( $check )) {

$family=($info['family_id']);
}
if ($sesid == $id & $family == $familyid) {
?>

<?php
$check = mysql_query("SELECT * FROM family_users WHERE id = '$id'")or die(mysql_error()); 
while($info = mysql_fetch_array( $check )) {

$fname=($info['fname']); 
$lname=($info['lname']);
$aid=($info['id']);
$sex=($info['sex']);

}
?>

[b]Extra Code[/b]

<?php								
				

}
else { 

$link = "logout.php";
$error = "<font size='2' face='Arial'><b>You can't view this page</b><br>Please make sure you are logged in!</font>";
require('../error.php');
 
} 
}
else
{

require('../failed.php');

}

?>
Crisy
Forum Newbie
Posts: 1
Joined: Thu Feb 24, 2011 11:00 am

Re: Session variables not storing on first attempt

Post by Crisy »

Move session_start();

to the top of the page, that should always be on the first line of every page you use it on
jimmyjambo
Forum Newbie
Posts: 7
Joined: Thu Oct 29, 2009 5:51 pm

Re: Session variables not storing on first attempt

Post by jimmyjambo »

Tried that, it didnt work.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Session variables not storing on first attempt

Post by social_experiment »

Is all this code on 1 page?

Code: Select all

$sql=mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1' LIMIT 0,1")or die();
By limiting the amount of rows return to 1 you could lock out another user (and thus give 'accidental' access to another) with similar login details which shouldn't happen if your registration process is set up correctly. You should change your die() statements to something like this

Code: Select all

<?php
 or die(mysql_error());
?>
In this way you know where (and what type) errors occur. If you were to develop and error somewhere you'd be looking for hours trying to pin it down.

Code: Select all

 ($sesid == $id & $family == $familyid)
This needs another ampersand (AND = &&)
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
jimmyjambo
Forum Newbie
Posts: 7
Joined: Thu Oct 29, 2009 5:51 pm

Re: Session variables not storing on first attempt

Post by jimmyjambo »

thank you for your help. The code is on two seperate pages. Login Page -> check login page -> main page. I have only included the checklogin page and main page above.
I think i may have found my problem, but maybe you could help.
I use a meta refresh to redirect from the check login page to the main page, does meta refresh destroy sessions?
I cant get the PHP Location header to work. I think my hosting provider doesnt allow output buffers. So meta refresh is my only option.
Thanks
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Session variables not storing on first attempt

Post by social_experiment »

jimmyjambo wrote:I use a meta refresh to redirect from the check login page to the main page, does meta refresh destroy sessions?
I don't think so (not 100% certain) .
jimmyjambo wrote:I cant get the PHP Location header to work. I think my hosting provider doesnt allow output buffers. So meta refresh is my only option.
You just need to create slightly better code then you can get it working without output buffering :)
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
jimmyjambo
Forum Newbie
Posts: 7
Joined: Thu Oct 29, 2009 5:51 pm

Re: Session variables not storing on first attempt

Post by jimmyjambo »

Could you help me make this code better, so that i can use location rather than meta refresh.
Thanks

Code: Select all

<?php

session_start();

// DATABASE CONNECT REMOVED


// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$_POST['mypassword'] = md5($_POST['mypassword']);
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$myusername = strtolower($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql = mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1'")or die(mysql_error()); 
while($ids = mysql_fetch_array( $sql )) {
$id=$ids['id'];
$familyid=$ids['family_id'];
$login1=$ids['login'];
}

$login=$login1 +1;
$logindate=date('d/m/Y');


// Mysql_num_row is counting table row
$count=mysql_num_rows($sql);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "members.php"

$sql2 = "UPDATE family_users SET login='$login', login_date='$logindate' WHERE id='$id'";
if (@mysql_query($sql2)) {
}  else {
exit('<p>Error: ' . mysql_error() . '</p>');
}

$_SESSION['valid_user'] = $id;

// PROBLEM WITH META REFRESH
echo "<html><head><title>Login</title><meta http-equiv='REFRESH' content='0;url=main.php?id=$id&familyid=$familyid'></HEAD><BODY></BODY></HTML>";
}
else {
$link = "login.php";
$error = "Wrong Username or Password, Please try again";
require('error.php');
}

?>
Post Reply