PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Im having a problem. I have built a login script that works, that sets the rights to the users on the website using a $_SESSION call. Now, it works on the first page I go to, but after the first page, the session clears itself out. I ran in isset call on this Session on the second page I visit, and its empty. Can anyone help me with this? Thank you
you can check it out at http://www.n-volved.com
login at the top with
username:test
password:test1
Here is the code for the adduser page
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
// username and password sent from signup form
$myusername=$_POST['username'];
$password = $_POST['password'];
$mypassword= md5($password);
$sql="SELECT username, password, rights FROM login WHERE username='$myusername' and password='$mypassword'";
Don't use POST/GET input directly in queries. You have to escape it, in your case with mysql_real_escape_string().
The second page has a session_start() its at the bottom. So, I dont believe that is the problem. Im still really confused on why its dumping the session variables after just one page. Secondly, im a litle confused on what the last post said about not using POST/GET. Could someone explain a little more in depth please?
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Also, the way the pages are built I use lots of requires so I dont have to worry about re coding, or even copying and pasting information into each page I build. I have now put the ob_start(); and session_start(); tags in the header.php file (which is the head of each page) and I have put ob_flush_end(); into the footer of each page.
Here is the header
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Regarding the other post about using Post/Get to query a database, by using just POST/GET without any other precautions you be the victim of SQL Injections. Look it up and have a read.
When I post values from a form that are going to be used to query a database I do the following:
if(isset($_POST['submit'])) //check if form has been submitted
{
if(!empty($_POST['username'])) //check if field is NOT empty
{
$username=htmlentities(trim($_POST['username'])); //cater for html chars and remove whitespace
$sql=sprintf("SELECT * FROM tbl WHERE username='%s'", mysql_real_escape_string($username)); //a more secure way to query a db
$res=mysql_query($sql);
}
}
Now, when I submit the form on the page it tells me no session is stored, but, it will display 11 (which is the value stored in $_session['rights'] This is really confusing now.
Ok, well, I have solved the problem. For some reason or another when testing the script I took the if (isset($_Post['submit'])) out of it. I re added that code, and all seems to work fine now for some reason, lol. I dont know why having that code missing would cause the sessions to clear, but, hey, if it works it works. BTW I was calling session_start() the whole time in all of the scripts because I put the session_start() in the header file that I war requiring in every page.