SESSION

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
pinkygal
Forum Newbie
Posts: 8
Joined: Tue Jan 21, 2003 7:54 am

SESSION

Post by pinkygal »

hi, I am currently having problem with my signin page. Whenever I try to sign in, it will bring me back to the main signin page again. I suspect the session is not created and i cannot find the error. Can anyone PLEASE HELP ME? ITS URGENT! THANKS

this is the session.php page
<?php
session_start();
global $verified_user;
//echo "$verified_user";
if ($verified_user=="") {
header("Location: http://www.ebizhorizon.com/bitfyp2003/g ... signin.php");
exit;
}
?>

this is the create session.php page.
<?php
session_start();
include "../connection/connection.php";

$login=$HTTP_POST_VARS['login'];
$pass=$HTTP_POST_VARS['password'];

$loginstr="$login"."$pass";
$loginstrlen=strlen($loginstr);

if ($loginstrlen<2){
$error = "Wrong%20Password%20or%20User%20does%20not%20exits.";
header("Location: signin.php?message=$error");
}

if($login!="" && $pass!=""){

$query = "SELECT LoginID, UserLevel, Name FROM Login WHERE LoginID = \"$login\" AND Password = \"$pass\"";
$results = mysql_query($query, $connection);

if(@mysql_num_rows($results) != 0) {

$verified_user = $login;
//$verified_userpw = $pass;
global $verified_user;
session_register("verified_user");
//session_register("verified_userpw");
setcookie("time",$PHPSESSID,time()+60,"/",".mydomain.com",0);
header("Location: ../secure/project.php");
}else {
$error = "Wrong%20Password%20or%20User%20does%20not%20exits.";
header("Location: signin.php?message=$error");
}
}
mysql_close($connection);
?>
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You don't mention which version of PHP you are using so I am going to assume that it is at least version 4.1, if it's 4.0.6 or below then the code I am about to give won't work.

For the create session page:

Code: Select all

<?php 
session_start(); 
include '../connection/connection.php'; 

$login = $_POST['login']; 
$pass  = $_POST['password']; 

// you do not need to put double quotes around variable names so you should change
// $loginstr = "$login"."$pass"; to what's below:
$loginstr    = $login.$pass; 

// do you really need this temporary variable - if you don't use it againg then it
// would make more sense to just use the strlen function in the if statement
/* $loginstrlen = strlen($loginstr); */

// Do you really need this if you check that the login and pass are not empty in the
// next if statement?
if (strlen($loginstr) < 2) { 
	// you could use urlencode() so that you don't have to worry about encoding all
	// those spaces:
	$error = urlencode('Wrong Password or User does not exits.'); 
	header('Location: signin.php?message='.$error);
	exit(); // because you don't want the code to continue on beyond this point
} 

// you can empty() to test if the variables are empty:
if (!empty($login) && !empty($pass)) { 
	// use single quotes around strings in SQL statements so LoginID = '$login' instead
	// of LoginID = "$login"
	$query = "SELECT LoginID, UserLevel, Name FROM Login WHERE LoginID = '$login' AND Password = '$pass'"; 
	// add some error handling
	@$results = mysql_query($query, $connection) or die('Query could not be executed'); 

	if (mysql_num_rows($results) > 0) { 
		// this does nothing unless you are making a variable global within a user-
		// defined function so you can get rid of it:
		/* global $verified_user; */
		
		// Try using the $_SESSION array as this would be better than session_register
		$_SESSION['verified_user'] = $login;
		setcookie('time', $_SERVER['PHPSESSID'], time()+60, '/', '.mydomain.com', 0); 
		header('Location: ../secure/project.php');
		exit();
	} else { 
		$error = urlencode('Wrong Password or User does not exits.');
		header('Location: signin.php?message='.$error); 
		exit();
	} 
} 
mysql_close($connection); 
?>
and for the session.php page:

Code: Select all

<?php 
session_start(); 
// unless you are in a function then I don't see what this global statement does?
/* global $verified_user;  */

// Did this echo anything for you when you used it because you didn't mention
// the results of your own debugging
/* echo "$verified_user"; */

if (empty($_SESSION['verified_user']) { 
	header('Location: http://www.ebizhorizon.com/bitfyp2003/g ... ignin.php'); 
	exit(); 
} 
?>
Mac
Last edited by twigletmac on Tue Apr 15, 2003 7:34 am, edited 1 time in total.
Tubbietoeter
Forum Contributor
Posts: 149
Joined: Fri Mar 14, 2003 2:41 am
Location: Germany

Post by Tubbietoeter »

twigletmac wrote:(...)
and for the session.php page:

Code: Select all

<?php 
session_start(); 
// unless you are in a function then I don't see what this global statement does?
/* global $verified_user;  */

// Did this echo anything for you when you used it because you didn't mention
// the results of your own debugging
/* echo "$verified_user"; */

if (!empty($_SESSION['verified_user']) { 
	header('Location: http://www.ebizhorizon.com/bitfyp2003/g ... ignin.php'); 
	exit(); 
} 
?>
Mac

should't it be

Code: Select all

...
if (empty($_SESSION['verified_user']) { 
...
the variable is only filled when the username/pw where correct, right?
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Ta for spotting that Tubbietoeter - teach me to reread my code a bit better :oops:

[I've edited the original code BTW]

Mac
Last edited by twigletmac on Tue Apr 15, 2003 7:34 am, edited 1 time in total.
Tubbietoeter
Forum Contributor
Posts: 149
Joined: Fri Mar 14, 2003 2:41 am
Location: Germany

Post by Tubbietoeter »

no problem ... *lol*
Post Reply