toby_c500 wrote:Thanks for the advice re: inc files. Does inc.php do the same thing then? I will replace that now.
php doesn't care about the name of a file that is included/required. But the webserver does. And if someone enters
http://serv.er/main.inc instead of
http://serv.er/login.php the webserver doesn't know how to handle file and will send the
source code as text/plain or text/html to browser.
toby_c500 wrote:also, the $_SESSION array. What needs to go in the ()? is it similar to a $_POST? I have tried putting var's into the () and in mention using a string only. I've also tried without the $.
It's just an array that happens to be filled with the session data on session_start and to be saved when the script stops or session_write_close is called. Apart from that it's quite a normal array.
toby_c500 wrote:I have 'session_start()' before each html tag on the page.
So you didn't tell us the whole story about sessiontest.php ? Why?
try
Code: Select all
<?php //main.inc.php
function dbconnect() {
$link = mysql_connect('localhost', 'root', 'root');
if ( !$link ) {
die(mysql_error());
}
return $link;
}
?>
Code: Select all
<?php // login.php
require 'main.inc.php';
error_reporting(E_ALL);
ini_set('display_errors', true);
if ( isset($_POST['loginid'], $_POST['password']) ) {
$link = dbconnect();
mysql_select_db("jobs4alltrades", $link) or die(mysql_error());
$loginid = mysql_real_escape_string($_POST['loginid'], $link) or die(mysql_error());
$password = mysql_real_escape_string($_POST['password'], $link) or die(mysql_error());
$query = "SELECT
loginid
FROM
members
WHERE
`loginid`='$loginid'
AND `password`='$password'
";
$result = mysql_query($query, $link) or die(mysql_error());
if (mysql_num_rows($result) >0) {
session_start();
$_SESSION['loginid'] = $_POST['loginid'];
echo '<h1>Welcome ', $_POST['loginid'], "</h1>\n",
'<br><a href="sessiontest.php">click here</a>';
exit;
}
else{
echo "<h1>Sorry</h1><p>There is no match on our records. Please try again or register as a new user.</p>\n";
echo '<div>Debug: ', htmlentities($query), "</div>\n";
}
}
?>
Code: Select all
<?php // sessiontest.php
error_reporting(E_ALL);
ini_set('display_errors', true);
session_start();
echo '<pre>_COOKIE: '; var_export($_COOKIE); echo '</pre>';
echo '<pre>_SESSION: '; var_export($_SESSION); echo '</pre>';
if ( isset($_SESSION['loginid']) ) {
echo 'loginid: ', $_SESSION['loginid'], "<br />\n";
}
else {
echo '<div>no loginid stored</div>';
}
?>
(tested by php -l syntac check only)