sessions across pages

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

sessions across pages

Post by C_Calav »

i have a login page and i can login and set a session but can anyone help me with using that session across certain pages eg, admin pages?

can anyone point me to some useful tutorial pages or some help?

im stuck with how sessions work across pages!


login.php -->

Code: Select all

<?php

session_start(); 

$username = $_POST['username']; 

// Register session key with the value 
$_SESSION['name'] = $username; 

if(!empty($_POST['submit'])) 
{ 
     $db = mysql_pconnect('***') or die ("Could not connect to database"); 
     mysql_select_db('models') or die ("Could not select database!"); 
     $sql = "select * from usser where name = '$username'"; 
     $result = mysql_query($sql, $db) or die ("Execution failed."); 

     while ($row=mysql_fetch_array($result)) 
     { 
        if ($row["password"]==$password) 
        { 
        echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') "; 
        } 
      else 
      { 
      echo "wrong password"; 
      } 
  
     } 
} 

?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

if you have session_start() on each page, and the session cookie is set up right, they should be available through $_SESSION..
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

you had quite a few errors in your code

login.php

Code: Select all

<?php
session_start(); 

$username = $_POST["username"]; 
$password = $_POST["password"];

if(!empty($_POST['submit'])) 
{ 
     $db = mysql_pconnect('***') or die ("Could not connect to database"); 
     mysql_select_db('models') or die ("Could not select database!"); 
     $sql = "select * from user where name = '$username'"; 
     $result = mysql_query($sql, $db) or die ("Execution failed."); 

     while ($row=mysql_fetch_array($result)) 
     { 
        if ($row["password"]== $_POST["password"]) 
        { 
        echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') "; 
        $_SESSION["name"] = $username; 
        $_SESSION["loggedin"] = "set";

        } 
      else 
      { 
      echo "wrong password"; 
      } 
  
     } 
} 
?>
admin.php

Code: Select all

if (!isset($_SESSION["loggedin"]))
{
exit("Hacking Attempt!");
}

echo "Welcome to the Admin Section, ".$_SESSION["username"];
Last edited by John Cartwright on Mon Jul 19, 2004 10:45 pm, edited 2 times in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

missing a ] in there.. (just after the while loop start) :)
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

feyd wrote:missing a ] in there.. (just after the while loop start) :)
SHHHHHH!!!!!!!!!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

psst, still not right ;)
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »


SHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHhhh
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

hi thanx Phenom and Feyd for your help.

Phenom i tried the script u fixed up and all it says is "execution failed" it wont do anything else. ?

i went back to my old script and it worked. whats going on here?

and this code:

Code: Select all

<?php
if (!isset($_SESSION["loggedin"])) 
{ 
exit("Hacking Attempt!"); 
} 

echo "Welcome to the Admin Section, ".$_SESSION["username"]; 
?>
is this all i need at the top of each page in my admin? this says "if no session dont let them in" is that correct?

thanx heaps.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

that code will only check whether they are marked as logged in..
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

do you know why the login.php that Phenom posted only says Execution Faild?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

likely, there's an error in the query or connection, selection... add mysql_error() to the string sent to die()
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

done that and got this error..

Warning: Wrong parameter count for mysql_query() in /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php on line 19
Execution failed.

on this line:

Code: Select all

<?php
$result = mysql_query($sql, $db, mysql_error()) or die ("Execution failed."); 
?>
what does this mean?

thanx feyd :!:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

uh..

Code: Select all

$result = mysql_query($sql,$db) or die("Execution failed: ".mysql_error());
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

thanx :oops: learning here :wink:
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

awsome feyd i think im there!

echo "Welcome to the Admin Section,---> ".$_SESSION["username"]; <---

so all my pages i wont secure i go:

Code: Select all

<?php
session_start(); 

if (!isset($_SESSION["loggedin"])) 
{ 
exit("Hacking Attempt!"); 
} 

echo "Welcome to the Admin Section, ".$_SESSION["username"]; 
?>

<html>
</head>

<body>

Hello there! ur at the admin page!

</body>
</html>
Post Reply