Page 1 of 1

session handling question

Posted: Thu May 30, 2002 11:22 pm
by cooler75
Hi all,

I have been asking this question over and over everywhere (other sites) and got no response so i was hoping someone from this forum can help me. Thanks in advance.

Here is my problem:

I have a 'change password' script,

Code: Select all

....
//CHANGE PASSWORD
        if ($changepassword != "")
                {
                print "Your old password has been deleted...";



                $query = "UPDATE job SET username = $username, password = $password WHERE clientid='$currentuser'";

                if (!mysql_query ($query, $link) )
                        {
                        die (mysql_error());
                        }
               print "Your new password is $password</b></font>";
               print "</td></tr></table>";
               Print "</td></tr></table><br><br>";
                }

                $result = mysql_query("SELECT * FROM job WHERE clientid='$currentuser';",$link);
                while ($a_row =mysql_fetch_array ($result) )
            {


print "<form name="cp" action="./changepassword.php?changepassword=$a_rowїclientid]&edit=$currentuser" method=post>";


print "User Name:$a_rowїusername]";

print "Password:<input type="text" name="password" value="$a_rowїpassword]">";

print "<input type=submit Value='Change Now'></form></center>";
}
Everytime when I change a password, it will give me an error message due to session register. To fix this, i will have to use unregister_session or destroy_session, here comes my problem,

I have something like this:

Code: Select all

session_unregister("password");
$password=$newpassword;
session_register("password");
and I inserted it into the script:

Code: Select all

//CHANGE PASSWORD
        if ($changepassword != "")
                {
                print "Your old password has been deleted...";



                $query = "UPDATE job SET username = $username, password = $password WHERE clientid='$currentuser'";

                if (!mysql_query ($query, $link) )
                        {
                        die (mysql_error());
                        }
session_unregister("password");
$password=$newpassword;
session_register("password");
               
print "Your new password is $password</b></font>";
               print "</td></tr></table>";
               Print "</td></tr></table><br><br>";
                }

                $result = mysql_query("SELECT * FROM job WHERE clientid='$currentuser';",$link);
                while ($a_row =mysql_fetch_array ($result) )
            {


print "<form name="cp" action="./changepassword.php?changepassword=$a_rowїclientid]&edit=$currentuser" method=post>";


print "User Name:$a_rowїusername]";

print "Password:<input type="text" name="password" value="$a_rowїpassword]">";

print "<input type=submit Value='Change Now'></form></center>";
}
It still didnt work, I still get error message after changing password. Could you tell me what went wrong, what did i miss, what did i do wrong?

Thank you very much

Posted: Fri May 31, 2002 1:17 am
by volka
can you post the original error, please?
I have three assumptions
  • check that there is no use of $_SESSSION or change all scripts to it (http://www.webmasterbase.com/article.php?pid=0&aid=758)
  • You haven't called session_start. session_register will call it implicitly but will fail since there already has been content sent (print "Your old password has been deleted..."; )
  • php is configured to session-file-handler and the session-data-path is invalid (in which case no session would be possible - so this is unlikely)

Posted: Mon Jun 03, 2002 11:39 am
by Crashin
Also check that you are quoting everything correctly (i.e. using single quotes around your variables in your queries). For instance, I noticed in the following:

Code: Select all

$query = "UPDATE job SET username = $username, password = $password WHERE clientid='$currentuser'";
that $username and $password are not quoted.