Page 1 of 2
sessions across pages
Posted: Mon Jul 19, 2004 10:10 pm
by C_Calav
i have a login page and i can login and set a session but can anyone help me with using that session across certain pages eg, admin pages?
can anyone point me to some useful tutorial pages or some help?
im stuck with how sessions work across pages!
login.php -->
Code: Select all
<?php
session_start();
$username = $_POST['username'];
// Register session key with the value
$_SESSION['name'] = $username;
if(!empty($_POST['submit']))
{
$db = mysql_pconnect('***') or die ("Could not connect to database");
mysql_select_db('models') or die ("Could not select database!");
$sql = "select * from usser where name = '$username'";
$result = mysql_query($sql, $db) or die ("Execution failed.");
while ($row=mysql_fetch_array($result))
{
if ($row["password"]==$password)
{
echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
}
else
{
echo "wrong password";
}
}
}
?>
Posted: Mon Jul 19, 2004 10:16 pm
by feyd
if you have session_start() on each page, and the session cookie is set up right, they should be available through $_SESSION..
Posted: Mon Jul 19, 2004 10:24 pm
by John Cartwright
you had quite a few errors in your code
login.php
Code: Select all
<?php
session_start();
$username = $_POST["username"];
$password = $_POST["password"];
if(!empty($_POST['submit']))
{
$db = mysql_pconnect('***') or die ("Could not connect to database");
mysql_select_db('models') or die ("Could not select database!");
$sql = "select * from user where name = '$username'";
$result = mysql_query($sql, $db) or die ("Execution failed.");
while ($row=mysql_fetch_array($result))
{
if ($row["password"]== $_POST["password"])
{
echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
$_SESSION["name"] = $username;
$_SESSION["loggedin"] = "set";
}
else
{
echo "wrong password";
}
}
}
?>
admin.php
Code: Select all
if (!isset($_SESSION["loggedin"]))
{
exit("Hacking Attempt!");
}
echo "Welcome to the Admin Section, ".$_SESSION["username"];
Posted: Mon Jul 19, 2004 10:29 pm
by feyd
missing a ] in there.. (just after the while loop start) 
Posted: Mon Jul 19, 2004 10:39 pm
by John Cartwright
feyd wrote:missing a ] in there.. (just after the while loop start) 
SHHHHHH!!!!!!!!!
Posted: Mon Jul 19, 2004 10:42 pm
by feyd
psst, still not right 
Posted: Mon Jul 19, 2004 10:46 pm
by John Cartwright
SHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHhhh
Posted: Mon Jul 19, 2004 11:33 pm
by C_Calav
hi thanx Phenom and Feyd for your help.
Phenom i tried the script u fixed up and all it says is "execution failed" it wont do anything else. ?
i went back to my old script and it worked. whats going on here?
and this code:
Code: Select all
<?php
if (!isset($_SESSION["loggedin"]))
{
exit("Hacking Attempt!");
}
echo "Welcome to the Admin Section, ".$_SESSION["username"];
?>
is this all i need at the top of each page in my admin? this says "if no session dont let them in" is that correct?
thanx heaps.
Posted: Mon Jul 19, 2004 11:48 pm
by feyd
that code will only check whether they are marked as logged in..
Posted: Mon Jul 19, 2004 11:50 pm
by C_Calav
do you know why the login.php that Phenom posted only says Execution Faild?
Posted: Mon Jul 19, 2004 11:56 pm
by feyd
likely, there's an error in the query or connection, selection... add mysql_error() to the string sent to die()
Posted: Tue Jul 20, 2004 12:01 am
by C_Calav
done that and got this error..
Warning: Wrong parameter count for mysql_query() in /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php on line 19
Execution failed.
on this line:
Code: Select all
<?php
$result = mysql_query($sql, $db, mysql_error()) or die ("Execution failed.");
?>
what does this mean?
thanx feyd

Posted: Tue Jul 20, 2004 12:15 am
by feyd
uh..
Code: Select all
$result = mysql_query($sql,$db) or die("Execution failed: ".mysql_error());
Posted: Tue Jul 20, 2004 12:18 am
by C_Calav
thanx

learning here

Posted: Tue Jul 20, 2004 12:34 am
by C_Calav
awsome feyd i think im there!
echo "Welcome to the Admin Section,---> ".$_SESSION["username"]; <---
so all my pages i wont secure i go:
Code: Select all
<?php
session_start();
if (!isset($_SESSION["loggedin"]))
{
exit("Hacking Attempt!");
}
echo "Welcome to the Admin Section, ".$_SESSION["username"];
?>
<html>
</head>
<body>
Hello there! ur at the admin page!
</body>
</html>