Page 1 of 1

Session not being created

Posted: Tue Dec 23, 2008 12:25 am
by Greg19
Hey everyone,
I've made a login page, and what i'm trying to do is take the username (or company) and save that data in a session. Now on the next page(account.php), my code checks for $_SESSION['company'], if your logged in you should be able to access the account.php page, however despite being logged in I keep getting redirected.
I'm guessing I'm not creating the sessions properly in the login page.

Login:

Code: Select all

<?php
  session_start(); 
$query = mysql_connect("************.net", "*******", "********") or die(mysql_error());
mysql_select_db('*********', $query) or die(mysql_error());
  
 if(isset($_GET['try'])) {
  
     If(empty($_POST['company']) OR empty($_POST['password'])) {
         echo 'Please fill in all the required fields!';
     }
     else {
         $company = addslashes($_POST['company']);
         $password = md5($_POST['password']);
         $query = mysql_query("SELECT usergroup FROM users WHERE company = '" . $company . "' AND password = '" . $password . "'") or die(mysql_error());
         
        
         list($usergroup) = mysql_fetch_row($query);
  
         if(empty($usergroup)) {
            echo 'No combination of username and password found.';
         }
         else{
             session_start();
             $_SESSION['Company'] = ($_POST['company']);
             $_SESSION['Company'] = $company;
             echo "<a href='account.php'> Next>> </a>\n";
        }      
    
     }
  
 }
?>
 <form action="login.php?try=true" method="post">
     Username: <input type="text" name="company"><br>
     <br>
     Password: <input type="password" name="password"><br>
     <br>
    <input type="submit" value="Login">
  </form>
account.php:

Code: Select all

<?php
session_start(); 
if(!isset($_SESSION['company'])){ 
     die('<a href="login.php">Login first!</a>');
   }
$query = mysql_connect("*************.net", "*********", "********") or die(mysql_error());
mysql_select_db('********', $query) or die(mysql_error());
 
if(isset($_POST['product'])) {
    
     $product = ($_POST['company']);
    
     $firm ="SELECT name FROM `product_docs_support` WHERE product_id =  '".mysql_real_escape_string($_post['product'])."' AND type = 'frimware'";
     $result = mysql_query($conn,$query);
     while($row=mysql_fetch_row($result))
          {
           $name[] = $row[0];
          }
         echo "<ul>\n";
         foreach( $name as $z  )
                {
                 echo "<li> <a href='support/$product/firmware/$z'>\n" .$z."</a></li>\n";
                }
         echo "</ul>\n";
         echo "<br />";
         
     $soft ="SELECT name FROM `product_docs_support` WHERE product_id =  '".mysql_real_escape_string($_post['product'])."' AND type = 'software'";
     $result = mysql_query($conn,$query);
     while($row=mysql_fetch_row($result))
          {
           $name[] = $row[0];
          }
         echo "<ul>\n";
         foreach( $name as $y  )
                {
                 echo "<li> <a href='support/$product/software/$y'>\n" .$y."</a></li>\n";
                }
         echo "</ul>\n";
         echo "<br />";
         
     $doc =="SELECT name FROM `product_docs_support` WHERE product_id =  '".mysql_real_escape_string($_post['product'])."' AND type = 'doc'";
     $result = mysql_query($conn,$query);
     while($row=mysql_fetch_row($result))
          {
           $name[] = $row[0];
          }
         echo "<ul>\n";
         foreach( $name as $x  )
                {
                 echo "<li> <a href='support/$product/doc/$x'>\n" .$x."</a></li>\n";
                }
         echo "</ul>\n";
         echo "<br />";
 }
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>account</title>
</head>
<body>
<form method="post" action="account.php">
<?php
         $conn ='SELECT product_id FROM `customers_products` WHERE company =  \''.mysql_real_escape_string($_SESSION['company']).'\'' ;
         $result = mysql_query($conn,$query);
  
         while($row=mysql_fetch_row($result))
          {
           $product_id[] = $row[0];
          }
         echo  "<select name='product'>\n" ;
         foreach( $product_id as $v  )
                {
                 echo "<option value='$v'>\n" .$v."</option>\n";
                }
         echo "</select>\n";
         
?>       
    <input type="submit" name="submit" value="Go" />
</form>
<a href="logout.php">Log Out</a>
</body>
</html>

Re: Session not being created

Posted: Tue Dec 23, 2008 1:18 pm
by califdon
In the first script you have these lines:

Code: Select all

             session_start();
              $_SESSION['Company'] = ($_POST['company']);
              $_SESSION['Company'] = $company;
First of all, you shouldn't restart the session; you already started it at the top of script. Then, after assigning a value to the session variable, you immediately assign a different value to it--why? And since, on the first time through, there's no $_GET value for $company, you're assigning a null value to the session variable, so that replaces the value you just assigned to it.