Passing session var's

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
abhorsen
Forum Newbie
Posts: 8
Joined: Tue Aug 22, 2006 8:35 am

Passing session var's

Post by abhorsen »

I have been trying tinkering now for over a week, so out of desperation i am posting it here too, the guys over at php Freaks have had a look for me a mentiond trying session arrarys, as they might be the answer but thought mabye some one here could spot the error in my code, thanks in addvance.

http://www.phpfreaks.com/forums/index.p ... #msg426467
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

We generally prefer that people post their actual problems and not links to other sites where we'd have to go and read up on your problem. Maybe you think that's a bit lazy, but you're coming to us for help.
abhorsen
Forum Newbie
Posts: 8
Joined: Tue Aug 22, 2006 8:35 am

Post by abhorsen »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Well i posted the link so that ideas that where already disucs where not discused again, but hay one huge post of code comeing up.

Bascially i have it so that it should be passing  "username" accorsse but for some reaosn the user name never makes it, but if i swap  user name with first_name it will pass that no problem.

test user 

user: test
pass: c9rtn77r

Login.php

Code: Select all

<?
/* Check User Script */
session_start();  // Start Session

include 'db.php';
// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];

if((!$username) || (!$password)){
	include 'login_form.html';
	exit();
}

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
	while($row = mysql_fetch_array($sql)){
	foreach( $row AS $key => $val ){
		$$key = stripslashes( $val );
	}
		// Register some session variables!
		session_register('username');
		$_SESSION['username'] = $username;
		session_register('email_address');
		$_SESSION['email_address'] = $email_address;
		session_register('special_user');
		$_SESSION['user_level'] = $user_level;
		
		mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
		
		header("Location: login_success.php");
	}
} else {
	echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
	Please try again!<br />";
	include 'login_form.html';
}
?>

login_success.php

Code: Select all

<?
session_start();

echo "Welcome ". $_SESSION['username']." You have made it to the members area!<br /><br />";

echo "Your user level is ". $_SESSION['user_level']." which enables you access to the following areas: <br />";

if($_SESSION['user_level'] == 0){
	echo "- Forums<br />- Chat Room<br />";
}
if($_SESSION['user_level'] == 1){
	echo "- Forums<br />- Chat Room<br />- Moderator Area<br />";
}

echo "<br /><a href=add.php>add</a>";
echo "<br /><a href=logout.php>Logout</a>";

?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
bmcewan
Forum Commoner
Posts: 55
Joined: Wed Jun 02, 2004 7:19 am
Location: West Yorkshire, UK.

Post by bmcewan »

Firstly, when using the header() function an absolute uri is advisable and i would also lose the calls to session_register().

Code: Select all

header("Location: http://www.example.com/yourpage.php");
The rest of your code, in theory, should work. But i would probably try a couple of things to trace the route of the issue.

Somewhere along the line the $username variable is being overwritten.try rewriting this section

Code: Select all

while($row = mysql_fetch_array($sql)){ 
        foreach( $row AS $key => $val ){
                $$key = stripslashes( $val );
        }
                // Register some session variables!
                session_register('username');
                $_SESSION['username'] = $username;
                session_register('email_address');
                $_SESSION['email_address'] = $email_address;
                session_register('special_user');
                $_SESSION['user_level'] = $user_level;
               
                mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
               
                header("Location: login_success.php");
        }
like this

Code: Select all

while($row = mysql_fetch_array($sql)){ 
                // Register some session variables!
                // removed calls to session_register
                $_SESSION['username'] = $username; // use the entered username, we know its fine as it checked out with mysql
                $_SESSION['email_address'] = $row['email_address']; 
                $_SESSION['user_level'] = $row['user_level']; 
               
                mysql_query("UPDATE users SET last_login=now() WHERE userid='".$row['userid']."'");
               
                header("Location: login_success.php"); //  edit this to have an absolute uri
        }
If you are still having issues then, for peace of mind, you can try testing the contents of the session var by doing the following;

Code: Select all

//              header("Location: login_success.php");
                print_r($_SESSION);
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Never mix _SESSION and session_register.
With register_globals on, using $_SESSION['username'] and $username can cause unwanted effects.
The script is vunerable to sql injections, http://en.wikipedia.org/wiki/SQL_Injection
I suppose username is unique in your table `users`. There's no need for a while-loop if you want to pull 0 or 1 record.
Why do you extract all those variables to the global variable scope?

untested:

Code: Select all

<?php
require 'db.php';
session_start();

if( !isset($_POST['username'], $_POST['password']) ) {
	require 'login_form.html';
	exit();
}

$query = "SELECT
		userid, username, email_address, user_level
	FROM
		users
	WHERE
		username='" . mysql_real_escape_string($_POST['username']) . "'
		AND password='" . md5($_POST['password']) . "'
		AND activated=1";

$sql = mysql_query($query); // for debuging purposes:  $sql=mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($sql, MYSQL_ASSOC);
if ( $row ) {
	foreach( array('userid', 'username', 'email_address', 'user_level') as $idx) {
		$_SESSION[$idx] = $row[$idx];
	}
	$query = 'UPDATE
			users
		SET
			last_login=now()
		WHERE
			userid=' . $row['userid']; // user is numeric?
	mysql_query($query);
	header('Location: login_success.php');
}
else {
	echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
		Please try again!<br />";
	include 'login_form.html';
}
?>
abhorsen
Forum Newbie
Posts: 8
Joined: Tue Aug 22, 2006 8:35 am

Post by abhorsen »

Guys i can not thank you enuth for takign the time to have a look at this for me.

Saddly nether cod snipit worked. I tried adding in print_r($_SESSION); to both bits of code, and for some reson the username is still beeing lost.

Welcome You have made it to the members area!

Code: Select all

Your user level is 0 which enables you access to the following areas:
- Forums
- Chat Room
Array ( [first_name] => wesley [last_name] => jones [email_address] => *snip*  [special_user] => [user_level] => 0 )
add
Logout
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

abhorsen wrote:Welcome You have made it to the members area!

Code: Select all

Your user level is 0 which enables you access to the following areas:
- Forums
- Chat Room
Array ( [first_name] => wesley [last_name] => jones [email_address] => *snip*  [special_user] => [user_level] => 0 )
add
Logout
That's probably from login_success.php. Can you show us the code of that script?
abhorsen
Forum Newbie
Posts: 8
Joined: Tue Aug 22, 2006 8:35 am

Post by abhorsen »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


yep that is the login sucsses, is there some where on longin.php you want me to paste that print code?

Code: Select all

<?
session_start();

echo "Welcome ". $_SESSION['username']." You have made it to the members area!<br /><br />";

echo "Your user level is ". $_SESSION['user_level']." which enables you access to the following areas: <br />";

if($_SESSION['user_level'] == 0){
	echo "- Forums<br />- Chat Room<br />";
}
if($_SESSION['user_level'] == 1){
	echo "- Forums<br />- Chat Room<br />- Moderator Area<br />";
}
//              header("Location: login_success.php");
                print_r($_SESSION);
echo "<br /><a href=add.php>add</a>";
echo "<br /><a href=logout.php>Logout</a>";

?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
abhorsen
Forum Newbie
Posts: 8
Joined: Tue Aug 22, 2006 8:35 am

Post by abhorsen »

One thing i have just thought of is that on the loginsuccses.php when printing out he session the following are displayed.

out put to screen
Array ( [first_name] => wesley [last_name] => jones [email_address] => *snip* [special_user] => [user_level] => 0 )


the vars put into the array, 'userid', 'username', 'email_address', 'user_level'

Even thou the code does not put the outputted var's into the seession, so is there something else that it could be, but i do not see how seeing as the session is only created in one place.
Post Reply