here is my phpinfo page, can anyone see the problem?
i dont have access to the phpini file
can u check my cookie settings and tell me if i can use those instead?
http://cksgrill.net/phpinfo.php
Moderator: General Moderators
Code: Select all
<!DOCTYPE html>
<script src="/javascript/header.js"></script>
<?
session_set_cookie_params(3000);
session_start();
ob_start();
ini_set('session.gc_maxlifetime', 6 * 60 * 60);
$session_expiration = time() + 3600 * 24 * 2;
if((($_POST['name'])and($_POST['password']))or(($_POST['name']!="")and($_POST['password']!="")))
{
$_SESSION['name']=$_POST['name'];
$_SESSION['password']=$_POST['password'];
echo $_SESSION['name'];
echo $_POST['name'];
echo $_SESSION['password'];
echo $_POST['password'];
}
// redifine variables for different server
require_once "mysqlconfig.php";
require_once "textprep.php";
// connect to database
global $connection;
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection)
{
die("Database connection failed: " . mysql_error());
}
// select database
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select)
{
die("Database selection failed: " . mysql_error());
}
//check if logged in
$result = mysql_query("SELECT * FROM admin");
if (!$result)
{
die("Database query failed: " . mysql_error());
}
// get table names as mysql feedback
$i=0;
while ($row = mysql_fetch_array($result))
{
$name[$i]=$row['name'];
$password[$i]=$row['password'];
$rank[$i]=$row['rank'];
//echo "\$name[$i]=".$row['name'];
//echo "\$password[$i]=".$row['password'];
//echo "\$rank[$i]=".$row['rank'];
$i++;
}
//check if logged in
$log=false;
for($j=0;$j<$i;$j++)
{
//echo "<p>(".$name[$j]."==".$_SESSION['name'].")and(".$password[$j]."==".$_SESSION['password'].")</p>";
if(($name[$j]==$_SESSION['name'])and($password[$j]==$_SESSION['password']))
{
$log=true;
echo logged." ".$log;
}
}
if($log==true)
{
Classic.chopficaro wrote:thats not true
nevermind ill ask somewhere else
Code: Select all
<?
session_start();
ob_start();
//session_set_cookie_params(3000);
ini_set('session.gc_maxlifetime', 6 * 60 * 60);
echo "<!DOCTYPE html>";
echo "<script src=\"/javascript/header.js\"></script>";
$session_expiration = time() + 3600 * 24 * 2;
Oh snap! Could it be your code has more than one problem? Thanks for humoring us again.chopficaro wrote:it makes no difference if there is code above session start as long as it does not involve session variables
i tried it ur way to humor u
Code: Select all
<?php
session_start();
session_set_cookie_params( 3000 );
//ob_start();
ini_set( 'session.gc_maxlifetime' , 6 * 60 * 60 );
$session_expiration = time() + 3600 * 24 * 2;
if ( !empty( $_POST['name'] ) && !empty( $_POST['password'] ) ) {
$_SESSION['name'] = $_POST['name'];
$_SESSION['password'] = $_POST['password'];
}
?>
<!DOCTYPE html>
<script src="/javascript/header.js"></script>
<body>
<form method="post" action="phpsession.php">
<label>Username</label>
<input type="text" name="name" size="20" value=""/>
<label>Password</label>
<input type="text" name="password" size="20" value=""/>
<p>
<input name="submit" type="submit" value="Submit"/>
</p>
</form>
<?php
print "POST:";
print "<pre>";print_r( $_POST );print "</pre>";
print "SESSION:";
print "<pre>";print_r( $_SESSION );print "</pre>";
?>
</body>Can i also make a quick suggestion to reduce the amount of code requiredNote:
To use cookie-based sessions, session_start() must be called before outputing anything to the browser.
Code: Select all
<?php
// We can check the username and password safely directly from mysql as long as the input is sanitised.
$query = sprintf(
"SELECT * FROM `admin` where `name` = '%s' and `password` = '%s'",
mysql_real_escape_string($_POST['name']),
mysql_real_escape_string($_POST['password'])
);
$result = mysql_query( $query ) or die( "Database query failed: " . mysql_error() );
// We dont have to loop if here if we expect a single row, but we can.
$userdata = array();
while( $row = mysql_fetch_assoc($result) ){
// Assign user data to an available array
$userdata[] = $row;
}