Page 1 of 1

Session variables not storing on first attempt

Posted: Wed Feb 23, 2011 4:45 pm
by jimmyjambo
I am having problems with my login script. The first time i try and log in the session variable is not getting stored. When i try a second time it works without a problem. Please help its driving me mad! :)

Check Login Page

Code: Select all

<?php
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("");
mysql_select_db("$db_name")or die("");

// username and password sent from form
$_POST['mypassword']=md5($_POST['mypassword']);
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)

$myusername=stripslashes($myusername);
$mypassword=stripslashes($mypassword);
$myusername=mysql_real_escape_string($myusername);
$myusername=strtolower($myusername);
$mypassword=mysql_real_escape_string($mypassword);

$sql=mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1' LIMIT 0,1")or die();
while($ids = mysql_fetch_array( $sql )){
$id=$ids['id'];
$familyid=$ids['family_id'];
$login1=$ids['login'];
}

$login=$login1 +1;
$logindate=date('d/m/Y');

$count=mysql_num_rows($sql);

if($count==1){
$sql2 = "UPDATE family_users SET login='$login', login_date='$logindate' WHERE id='$id'";
if (@mysql_query($sql2)){
} else {
exit();
}

session_start();
$_SESSION['valid_user'] = $id;
echo "<html><head><title>Login</title><meta http-equiv='REFRESH' content='0;url=main.php?id=$id&familyid=$familyid'></HEAD><BODY></BODY></HTML>";

}
else {
$link = "login.php";
$error = "Wrong Username or Password, Please try again";
require('../error.php');
}
ob_flush();
?>[/php]

[b]Main Page, after login[/b]

[php]<?php 
session_start();
$sesid=$_SESSION['valid_user'];

// Connects to your Database 
mysql_connect("db104.oneandone.co.uk", "dbo197162027", "woodlands") or die(mysql_error()); 
mysql_select_db("db197162027") or die(mysql_error()); 


if (isset($_SESSION['valid_user']))
{
$check = mysql_query("SELECT * FROM family_users WHERE id = '$sesid' LIMIT 0,1")or die(mysql_error());  
while($info = mysql_fetch_array( $check )) {

$family=($info['family_id']);
}
if ($sesid == $id & $family == $familyid) {
?>

<?php
$check = mysql_query("SELECT * FROM family_users WHERE id = '$id'")or die(mysql_error()); 
while($info = mysql_fetch_array( $check )) {

$fname=($info['fname']); 
$lname=($info['lname']);
$aid=($info['id']);
$sex=($info['sex']);

}
?>

[b]Extra Code[/b]

<?php								
				

}
else { 

$link = "logout.php";
$error = "<font size='2' face='Arial'><b>You can't view this page</b><br>Please make sure you are logged in!</font>";
require('../error.php');
 
} 
}
else
{

require('../failed.php');

}

?>

Re: Session variables not storing on first attempt

Posted: Thu Feb 24, 2011 11:07 am
by Crisy
Move session_start();

to the top of the page, that should always be on the first line of every page you use it on

Re: Session variables not storing on first attempt

Posted: Thu Feb 24, 2011 12:53 pm
by jimmyjambo
Tried that, it didnt work.

Re: Session variables not storing on first attempt

Posted: Tue Mar 01, 2011 10:57 am
by social_experiment
Is all this code on 1 page?

Code: Select all

$sql=mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1' LIMIT 0,1")or die();
By limiting the amount of rows return to 1 you could lock out another user (and thus give 'accidental' access to another) with similar login details which shouldn't happen if your registration process is set up correctly. You should change your die() statements to something like this

Code: Select all

<?php
 or die(mysql_error());
?>
In this way you know where (and what type) errors occur. If you were to develop and error somewhere you'd be looking for hours trying to pin it down.

Code: Select all

 ($sesid == $id & $family == $familyid)
This needs another ampersand (AND = &&)

Re: Session variables not storing on first attempt

Posted: Tue Mar 01, 2011 3:30 pm
by jimmyjambo
thank you for your help. The code is on two seperate pages. Login Page -> check login page -> main page. I have only included the checklogin page and main page above.
I think i may have found my problem, but maybe you could help.
I use a meta refresh to redirect from the check login page to the main page, does meta refresh destroy sessions?
I cant get the PHP Location header to work. I think my hosting provider doesnt allow output buffers. So meta refresh is my only option.
Thanks

Re: Session variables not storing on first attempt

Posted: Tue Mar 01, 2011 4:31 pm
by social_experiment
jimmyjambo wrote:I use a meta refresh to redirect from the check login page to the main page, does meta refresh destroy sessions?
I don't think so (not 100% certain) .
jimmyjambo wrote:I cant get the PHP Location header to work. I think my hosting provider doesnt allow output buffers. So meta refresh is my only option.
You just need to create slightly better code then you can get it working without output buffering :)

Re: Session variables not storing on first attempt

Posted: Thu Mar 03, 2011 1:20 pm
by jimmyjambo
Could you help me make this code better, so that i can use location rather than meta refresh.
Thanks

Code: Select all

<?php

session_start();

// DATABASE CONNECT REMOVED


// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$_POST['mypassword'] = md5($_POST['mypassword']);
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$myusername = strtolower($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql = mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1'")or die(mysql_error()); 
while($ids = mysql_fetch_array( $sql )) {
$id=$ids['id'];
$familyid=$ids['family_id'];
$login1=$ids['login'];
}

$login=$login1 +1;
$logindate=date('d/m/Y');


// Mysql_num_row is counting table row
$count=mysql_num_rows($sql);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "members.php"

$sql2 = "UPDATE family_users SET login='$login', login_date='$logindate' WHERE id='$id'";
if (@mysql_query($sql2)) {
}  else {
exit('<p>Error: ' . mysql_error() . '</p>');
}

$_SESSION['valid_user'] = $id;

// PROBLEM WITH META REFRESH
echo "<html><head><title>Login</title><meta http-equiv='REFRESH' content='0;url=main.php?id=$id&familyid=$familyid'></HEAD><BODY></BODY></HTML>";
}
else {
$link = "login.php";
$error = "Wrong Username or Password, Please try again";
require('error.php');
}

?>