session handling code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

because you didn't make hte changes i told you...unless your database is called localhost (Which i highly doubt) you aer calling the wrong database.

edit: indent your code also. i.e.this is good..

Code: Select all

<?php
if
{
    something
   
     if
    {
         lets indent deeper
    }
    
    this code obviously belongs to the first if
}
?>

Code: Select all

<?php
if{this is bad } else { andmay not even compile } help me!
?>
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

Code: Select all

if (! isset($_SESSION['name'])) { 
  if (isset ($_POST['username'])) { 
    if (mysql_num_rows($result) == 1) { 
    } 
  } else { 
  echo ("Sorry but you are not authorize to view this page."); 
  } 
}
looking at that itll show you which if goes with what. the only way for Sorry but you are not authorize to view this page. to appear is if $_POST['username'] is not set...

make sure on the page with the actual form you spelt all the names right.

also

in the query

Code: Select all

$query = "SELECT name FROM user_handle.user WHERE username='$person' AND password='$pwd'";
are you sure you want user_handle.user? normally i only see people use field.table when they have 2 or more tables in 1 query

normal format:

Code: Select all

$query = "SELECT fields FROM table WHERE username='$person' AND password='$pwd'";
camhabib
Forum Commoner
Posts: 37
Joined: Tue Aug 16, 2005 8:36 pm
Location: Boston, MA

Post by camhabib »

It is a localhost database, I have another app using a database on the same computer which calls to "mysql" and it works perfectly. I did the indenting so it looks somewhat more organized, however I'm still getting that error.
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

bah.. database= name of database. in mysql connect you probably need to put localhost in the first field, not that crap you put.
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

im going to rewrite this

Code: Select all

<?php 

session_start(); 

if (!isset($_SESSION['name'])) { 
  if (isset ($_POST['username'])) { // check if you spelt username right in the form

  $person = $_POST['username']; 
  $pwd = $_POST['password']; 

  $username="abc"; 
  $password="abc"; 
  $host="localhost"; // in most cases its localhost
  $database="database"; // add name of database here
  mysql_connect($host, $username, $password); 
  mysql_select_db($database) or die("Unable to connect to database. Please contact the webmaster for further assistance."); //you spelt $database wrong before

  $query = "SELECT name FROM user_handle.user WHERE username='$person' AND password='$pwd'"; // make sure its supposed to be user_handle.user
  $result = mysql_query($query); 

    if (mysql_num_rows($result) == 1) { 
    include ("admin.html"); 
    } 
  } else  { 
  echo ("Sorry but you are not authorize to view this page."); 
  } 
} 

?>
camhabib
Forum Commoner
Posts: 37
Joined: Tue Aug 16, 2005 8:36 pm
Location: Boston, MA

Post by camhabib »

Charles, like I said before, I have a form and a counter both using mysql databases that are linked in that manor to their tables and word correctly. I also feel safer using a very specific target table just incase I ever decide to expand the site and add extra tables.
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

move

Code: Select all

else  {
  echo ("Sorry but you are not authorize to view this page."); 
}
before the } in front of the else.
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

i think at the bottom you want it like this

Code: Select all

if (mysql_num_rows($result) == 1) { 
    include ("admin.html"); 
    } else  { 
    echo ("Sorry but you are not authorize to view this page."); 
    }
  } 
}
that way itll show Sorry but you are not authorize to view this page. only if mysql_num_rows didnt find 1 match.

if after you change that and it doesnt show the login at all itll be because S_SESSION['name'] is set or what i think itll be $_POST['username'] isnt set because you misspelt name="username" in the form where it has <input type="text" name="username" />
camhabib
Forum Commoner
Posts: 37
Joined: Tue Aug 16, 2005 8:36 pm
Location: Boston, MA

Post by camhabib »

Mickd, thanks for rewriting it and catching that error. I did check on those things, username is spelt correctly in the form and the correct table is targeted. I still however get that same message. Is there another part to this whole thing that I am missing?
mickd wrote:im going to rewrite this

Code: Select all

<?php 

session_start(); 

if (!isset($_SESSION['name'])) { 
  if (isset ($_POST['username'])) { // check if you spelt username right in the form

  $person = $_POST['username']; 
  $pwd = $_POST['password']; 

  $username="abc"; 
  $password="abc"; 
  $host="localhost"; // in most cases its localhost
  $database="database"; // add name of database here
  mysql_connect($host, $username, $password); 
  mysql_select_db($database) or die("Unable to connect to database. Please contact the webmaster for further assistance."); //you spelt $database wrong before

  $query = "SELECT name FROM user_handle.user WHERE username='$person' AND password='$pwd'"; // make sure its supposed to be user_handle.user
  $result = mysql_query($query); 

    if (mysql_num_rows($result) == 1) { 
    include ("admin.html"); 
    } 
  } else  { 
  echo ("Sorry but you are not authorize to view this page."); 
  } 
} 

?>
camhabib
Forum Commoner
Posts: 37
Joined: Tue Aug 16, 2005 8:36 pm
Location: Boston, MA

Post by camhabib »

Can someone show me how the database is supposed to be set up here? I have one that’s set up with a primary auto increment, name, username, and password. There is one entry, primary of 1, name of test, username of test, and password of test. Should that be different?
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

Code: Select all

SELECT name FROM user_handle.user WHERE username='$person' AND password='$pwd'
try changing the query to

Code: Select all

SELECT username, password FROM user_handle.user WHERE username='$person' AND password='$pwd'
that FROM user_handle.user i still think should just be user, dont know where you got the user_handle from :?
camhabib
Forum Commoner
Posts: 37
Joined: Tue Aug 16, 2005 8:36 pm
Location: Boston, MA

Post by camhabib »

I have a mysql installment on a localhost that is refrensed to by "mysql". I then have a database called "user_handle" and a table within it called "user". I was tought to use the database.table format from someplace. I just checked it in one of my books and they use it too (Begining PHP5 and MySQL bu Apress). Still no luck with that change in code. I think it has something to do with starting a new session. I don't see anything in the app to name a new session if one isn't already started.
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

oh now i see, according to what you say it should be like this

Code: Select all

$query = "SELECT username, password FROM user WHERE username='$person' AND password='$pwd'";
and this should be

Code: Select all

$database = "user_handle";
when you use the mysql_select_db you insert the name of the database, when you use the query the FROM clause asks for the table name.

EDIT: can you post an update on your code?
camhabib
Forum Commoner
Posts: 37
Joined: Tue Aug 16, 2005 8:36 pm
Location: Boston, MA

Post by camhabib »

Updated code is as follows:

Code: Select all

<?php 

session_start(); 

if (!isset($_SESSION['name'])) { 
  if (isset ($_POST['username'])) {

  $person = $_POST['username']; 
  $pwd = $_POST['password']; 

  $dbusername="abc"; 
  $dbpassword="abc";
  $database="mysql"; 
  mysql_connect($database, $dbusername, $dbpassword); 
  mysql_select_db($database) or die("Unable to connect to database. Please contact the webmaster for further assistance."); 
  
  $query = "SELECT name FROM user_handle.user WHERE username='$person' AND password='$pwd'";
  $result = mysql_query($query); 

   if (mysql_num_rows($result) != 1) { 
   echo ("Sorry but you are not authorize to view this page."); 
    } else  { 
    
    } 
  }
  }
?>
What I did is I took that entire part about connection and querying the server and database and put it on its own page to set if it would return the correct data, and it works. I got it to echo the information successfully. So the database connection is out of the picture, now its just focusing on the session itself.
Last edited by camhabib on Sat Oct 08, 2005 9:20 pm, edited 2 times in total.
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

you might want to change the $username and $password fields

in your mysql_connect you have $host there but didnt define the $host variable, im surprised it works

the query you should have SELECT username, password instead of name, need to have the username, password selected to check it right? :wink:

also right now its set to if the result of mysql_num_rows is not equal to 1 itll do nothing. if you want to set the name session, just gotta do

Code: Select all

$_SESSION['name'] = 'value';
make sure session_start() is called, which is it.
Post Reply