session trouble

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rubberjohn
Forum Contributor
Posts: 193
Joined: Fri Feb 25, 2005 4:03 am

session trouble

Post by rubberjohn »

can anyone tell me why my session variables are not being passed from this login page:

Code: Select all

<?

require_once('../../conn.php'); 

if(isset($_SESSION['username']) && isset($_SESSION['password'])) {
     
	   header("Location: http://www.mysite.com/xindex.php");
} //end if logged in

//IF SUBMIT BUTTON PRESSED
if(isset($_POST['submit'])) {

   if(!$_POST['username']) die("Error: You must enter your username before logging in.");
   if(!$_POST['password']) die("Error: You must enter your password before logging in.");
   
//verify user...
$get_user = mysql_query("SELECT * FROM `users` WHERE username = '".$_POST['username']."' AND 

user_password = '".md5($_POST['password'])."'");
$q = mysql_fetch_object($get_user);
    if(!$q) die("Login Failure: An error occured, please verify your username and password are correct.");

//set session variables 
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $_POST['username']; 
$_SESSION['password'] = $_POST['password']; 
session_write_close();

header("Location: http://www.mysite.com/xindex.php");

} else {
//show login form
?>
<form name="login" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
<table>
<tr>
  <td>Username:<input type="text" id="username" name="username"></td>
</tr>
<tr>
  <td>Password:<input type="password" id="password" name="password"></td>
</tr>
<tr>
  <td>Submit: <input type="submit" value="Submit" name="submit" id="submit"></td>
</tr>

</table>
</form>
<?
}//end else
?>
to this page (sindex.php):

Code: Select all

<?

session_start( );
require_once('../../conn.php');

echo $_SESSION['username'];


if(!isset($_SESSION['username']) && !isset($_SESSION['password'])) {
   $_SESSION['logged_in'] = 0;
   $user = "Guest"; 
 echo "you are not logged in" . $user;
 }else{
 
 
 echo "hello user "  . $_SESSION['username'] ;
 
 }
?>



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
</body>
</html>
i realise the code isnt as complete as it could be, im just trying to get my head around sessions.

Thanks for your help

rj
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

  1. looking for the existance of the submit button can bite you in the butt, because some browsers may not send that field during a submission, especially if it is not clicked.
  2. Your first script does not call session_start().
  3. Your browser may not recognize the session being started due to your redirection at the same time as creating the session. If you create the session during the initial page (the login form) your data may stick, provided the person doesn't have cookies disabled and your configuration allows for passing of the session id via forms..
duk
Forum Contributor
Posts: 199
Joined: Wed May 19, 2004 8:45 am
Location: London

Post by duk »

try to add session_start() to the first page.. should be fine... :wink:
Post Reply