Page 1 of 1

session trouble

Posted: Wed Feb 01, 2006 4:00 pm
by rubberjohn
can anyone tell me why my session variables are not being passed from this login page:

Code: Select all

<?

require_once('../../conn.php'); 

if(isset($_SESSION['username']) && isset($_SESSION['password'])) {
     
	   header("Location: http://www.mysite.com/xindex.php");
} //end if logged in

//IF SUBMIT BUTTON PRESSED
if(isset($_POST['submit'])) {

   if(!$_POST['username']) die("Error: You must enter your username before logging in.");
   if(!$_POST['password']) die("Error: You must enter your password before logging in.");
   
//verify user...
$get_user = mysql_query("SELECT * FROM `users` WHERE username = '".$_POST['username']."' AND 

user_password = '".md5($_POST['password'])."'");
$q = mysql_fetch_object($get_user);
    if(!$q) die("Login Failure: An error occured, please verify your username and password are correct.");

//set session variables 
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $_POST['username']; 
$_SESSION['password'] = $_POST['password']; 
session_write_close();

header("Location: http://www.mysite.com/xindex.php");

} else {
//show login form
?>
<form name="login" method="post" action="<? $_SERVER['PHP_SELF']; ?>">
<table>
<tr>
  <td>Username:<input type="text" id="username" name="username"></td>
</tr>
<tr>
  <td>Password:<input type="password" id="password" name="password"></td>
</tr>
<tr>
  <td>Submit: <input type="submit" value="Submit" name="submit" id="submit"></td>
</tr>

</table>
</form>
<?
}//end else
?>
to this page (sindex.php):

Code: Select all

<?

session_start( );
require_once('../../conn.php');

echo $_SESSION['username'];


if(!isset($_SESSION['username']) && !isset($_SESSION['password'])) {
   $_SESSION['logged_in'] = 0;
   $user = "Guest"; 
 echo "you are not logged in" . $user;
 }else{
 
 
 echo "hello user "  . $_SESSION['username'] ;
 
 }
?>



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
</body>
</html>
i realise the code isnt as complete as it could be, im just trying to get my head around sessions.

Thanks for your help

rj

Posted: Wed Feb 01, 2006 4:34 pm
by feyd
  1. looking for the existance of the submit button can bite you in the butt, because some browsers may not send that field during a submission, especially if it is not clicked.
  2. Your first script does not call session_start().
  3. Your browser may not recognize the session being started due to your redirection at the same time as creating the session. If you create the session during the initial page (the login form) your data may stick, provided the person doesn't have cookies disabled and your configuration allows for passing of the session id via forms..

Posted: Thu Feb 02, 2006 9:59 am
by duk
try to add session_start() to the first page.. should be fine... :wink: