Passing session var's
Moderator: General Moderators
Passing session var's
I have been trying tinkering now for over a week, so out of desperation i am posting it here too, the guys over at php Freaks have had a look for me a mentiond trying session arrarys, as they might be the answer but thought mabye some one here could spot the error in my code, thanks in addvance.
http://www.phpfreaks.com/forums/index.p ... #msg426467
http://www.phpfreaks.com/forums/index.p ... #msg426467
feyd | Please use
login_success.php
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Well i posted the link so that ideas that where already disucs where not discused again, but hay one huge post of code comeing up.
Bascially i have it so that it should be passing "username" accorsse but for some reaosn the user name never makes it, but if i swap user name with first_name it will pass that no problem.
test user
user: test
pass: c9rtn77r
Login.phpCode: Select all
<?
/* Check User Script */
session_start(); // Start Session
include 'db.php';
// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];
if((!$username) || (!$password)){
include 'login_form.html';
exit();
}
// Convert password to md5 hash
$password = md5($password);
// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('username');
$_SESSION['username'] = $username;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('special_user');
$_SESSION['user_level'] = $user_level;
mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
header("Location: login_success.php");
}
} else {
echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
Please try again!<br />";
include 'login_form.html';
}
?>login_success.php
Code: Select all
<?
session_start();
echo "Welcome ". $_SESSION['username']." You have made it to the members area!<br /><br />";
echo "Your user level is ". $_SESSION['user_level']." which enables you access to the following areas: <br />";
if($_SESSION['user_level'] == 0){
echo "- Forums<br />- Chat Room<br />";
}
if($_SESSION['user_level'] == 1){
echo "- Forums<br />- Chat Room<br />- Moderator Area<br />";
}
echo "<br /><a href=add.php>add</a>";
echo "<br /><a href=logout.php>Logout</a>";
?>feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]Firstly, when using the header() function an absolute uri is advisable and i would also lose the calls to session_register().
The rest of your code, in theory, should work. But i would probably try a couple of things to trace the route of the issue.
Somewhere along the line the $username variable is being overwritten.try rewriting this section
like this
If you are still having issues then, for peace of mind, you can try testing the contents of the session var by doing the following;
Code: Select all
header("Location: http://www.example.com/yourpage.php");Somewhere along the line the $username variable is being overwritten.try rewriting this section
Code: Select all
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('username');
$_SESSION['username'] = $username;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('special_user');
$_SESSION['user_level'] = $user_level;
mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
header("Location: login_success.php");
}Code: Select all
while($row = mysql_fetch_array($sql)){
// Register some session variables!
// removed calls to session_register
$_SESSION['username'] = $username; // use the entered username, we know its fine as it checked out with mysql
$_SESSION['email_address'] = $row['email_address'];
$_SESSION['user_level'] = $row['user_level'];
mysql_query("UPDATE users SET last_login=now() WHERE userid='".$row['userid']."'");
header("Location: login_success.php"); // edit this to have an absolute uri
}Code: Select all
// header("Location: login_success.php");
print_r($_SESSION);Never mix _SESSION and session_register.
With register_globals on, using $_SESSION['username'] and $username can cause unwanted effects.
The script is vunerable to sql injections, http://en.wikipedia.org/wiki/SQL_Injection
I suppose username is unique in your table `users`. There's no need for a while-loop if you want to pull 0 or 1 record.
Why do you extract all those variables to the global variable scope?
untested:
With register_globals on, using $_SESSION['username'] and $username can cause unwanted effects.
The script is vunerable to sql injections, http://en.wikipedia.org/wiki/SQL_Injection
I suppose username is unique in your table `users`. There's no need for a while-loop if you want to pull 0 or 1 record.
Why do you extract all those variables to the global variable scope?
untested:
Code: Select all
<?php
require 'db.php';
session_start();
if( !isset($_POST['username'], $_POST['password']) ) {
require 'login_form.html';
exit();
}
$query = "SELECT
userid, username, email_address, user_level
FROM
users
WHERE
username='" . mysql_real_escape_string($_POST['username']) . "'
AND password='" . md5($_POST['password']) . "'
AND activated=1";
$sql = mysql_query($query); // for debuging purposes: $sql=mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($sql, MYSQL_ASSOC);
if ( $row ) {
foreach( array('userid', 'username', 'email_address', 'user_level') as $idx) {
$_SESSION[$idx] = $row[$idx];
}
$query = 'UPDATE
users
SET
last_login=now()
WHERE
userid=' . $row['userid']; // user is numeric?
mysql_query($query);
header('Location: login_success.php');
}
else {
echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
Please try again!<br />";
include 'login_form.html';
}
?>Guys i can not thank you enuth for takign the time to have a look at this for me.
Saddly nether cod snipit worked. I tried adding in print_r($_SESSION); to both bits of code, and for some reson the username is still beeing lost.
Welcome You have made it to the members area!
Saddly nether cod snipit worked. I tried adding in print_r($_SESSION); to both bits of code, and for some reson the username is still beeing lost.
Welcome You have made it to the members area!
Code: Select all
Your user level is 0 which enables you access to the following areas:
- Forums
- Chat Room
Array ( [first_name] => wesley [last_name] => jones [email_address] => *snip* [special_user] => [user_level] => 0 )
add
LogoutThat's probably from login_success.php. Can you show us the code of that script?abhorsen wrote:Welcome You have made it to the members area!
Code: Select all
Your user level is 0 which enables you access to the following areas: - Forums - Chat Room Array ( [first_name] => wesley [last_name] => jones [email_address] => *snip* [special_user] => [user_level] => 0 ) add Logout
feyd | Please use
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
yep that is the login sucsses, is there some where on longin.php you want me to paste that print code?Code: Select all
<?
session_start();
echo "Welcome ". $_SESSION['username']." You have made it to the members area!<br /><br />";
echo "Your user level is ". $_SESSION['user_level']." which enables you access to the following areas: <br />";
if($_SESSION['user_level'] == 0){
echo "- Forums<br />- Chat Room<br />";
}
if($_SESSION['user_level'] == 1){
echo "- Forums<br />- Chat Room<br />- Moderator Area<br />";
}
// header("Location: login_success.php");
print_r($_SESSION);
echo "<br /><a href=add.php>add</a>";
echo "<br /><a href=logout.php>Logout</a>";
?>feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]One thing i have just thought of is that on the loginsuccses.php when printing out he session the following are displayed.
out put to screen
Array ( [first_name] => wesley [last_name] => jones [email_address] => *snip* [special_user] => [user_level] => 0 )
the vars put into the array, 'userid', 'username', 'email_address', 'user_level'
Even thou the code does not put the outputted var's into the seession, so is there something else that it could be, but i do not see how seeing as the session is only created in one place.
out put to screen
Array ( [first_name] => wesley [last_name] => jones [email_address] => *snip* [special_user] => [user_level] => 0 )
the vars put into the array, 'userid', 'username', 'email_address', 'user_level'
Even thou the code does not put the outputted var's into the seession, so is there something else that it could be, but i do not see how seeing as the session is only created in one place.