Page 1 of 1

Session trouble

Posted: Tue Dec 23, 2008 2:23 am
by Greg19
Hey everyone,
I've made a login page, and what i'm trying to do is take the username (or company) and save that data in a session. Now on the next page(account.php), my code checks for $_SESSION['company'], if your logged in you should be able to access the account.php page, however despite being logged in I keep getting redirected.
I'm guessing I'm not creating the sessions properly in the login page.

Login:

Code: Select all

<?php
  session_start(); 
$query = mysql_connect("************.net", "*******", "********") or die(mysql_error());
mysql_select_db('*********', $query) or die(mysql_error());
  
 if(isset($_GET['try'])) {
  
     If(empty($_POST['company']) OR empty($_POST['password'])) {
         echo 'Please fill in all the required fields!';
     }
     else {
         $company = addslashes($_POST['company']);
         $password = md5($_POST['password']);
         $query = mysql_query("SELECT usergroup FROM users WHERE company = '" . $company . "' AND password = '" . $password . "'") or die(mysql_error());
         
        
         list($usergroup) = mysql_fetch_row($query);
  
         if(empty($usergroup)) {
            echo 'No combination of username and password found.';
         }
         else{
             session_start();
             $_SESSION['Company'] = ($_POST['company']);
             $_SESSION['Company'] = $company;
             echo "<a href='account.php'> Next>> </a>\n";
        }      
    
     }
  
 }
?>
 <form action="login.php?try=true" method="post">
     Username: <input type="text" name="company"><br>
     <br>
     Password: <input type="password" name="password"><br>
     <br>
    <input type="submit" value="Login">
  </form>
account.php:

Code: Select all

<?php
session_start(); 
if(!isset($_SESSION['company'])){ 
     die('<a href="login.php">Login first!</a>');
   }
$query = mysql_connect("*************.net", "*********", "********") or die(mysql_error());
mysql_select_db('********', $query) or die(mysql_error());
 
if(isset($_POST['product'])) {
    
     $product = ($_POST['company']);
    
     $firm ="SELECT name FROM `product_docs_support` WHERE product_id =  '".mysql_real_escape_string($_post['product'])."' AND type = 'frimware'";
     $result = mysql_query($conn,$query);
     while($row=mysql_fetch_row($result))
          {
           $name[] = $row[0];
          }
         echo "<ul>\n";
         foreach( $name as $z  )
                {
                 echo "<li> <a href='support/$product/firmware/$z'>\n" .$z."</a></li>\n";
                }
         echo "</ul>\n";
         echo "<br />";
         
     $soft ="SELECT name FROM `product_docs_support` WHERE product_id =  '".mysql_real_escape_string($_post['product'])."' AND type = 'software'";
     $result = mysql_query($conn,$query);
     while($row=mysql_fetch_row($result))
          {
           $name[] = $row[0];
          }
         echo "<ul>\n";
         foreach( $name as $y  )
                {
                 echo "<li> <a href='support/$product/software/$y'>\n" .$y."</a></li>\n";
                }
         echo "</ul>\n";
         echo "<br />";
         
     $doc =="SELECT name FROM `product_docs_support` WHERE product_id =  '".mysql_real_escape_string($_post['product'])."' AND type = 'doc'";
     $result = mysql_query($conn,$query);
     while($row=mysql_fetch_row($result))
          {
           $name[] = $row[0];
          }
         echo "<ul>\n";
         foreach( $name as $x  )
                {
                 echo "<li> <a href='support/$product/doc/$x'>\n" .$x."</a></li>\n";
                }
         echo "</ul>\n";
         echo "<br />";
 }
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>account</title>
</head>
<body>
<form method="post" action="account.php">
<?php
         $conn ='SELECT product_id FROM `customers_products` WHERE company =  \''.mysql_real_escape_string($_SESSION['company']).'\'' ;
         $result = mysql_query($conn,$query);
  
         while($row=mysql_fetch_row($result))
          {
           $product_id[] = $row[0];
          }
         echo  "<select name='product'>\n" ;
         foreach( $product_id as $v  )
                {
                 echo "<option value='$v'>\n" .$v."</option>\n";
                }
         echo "</select>\n";
         
?>       
    <input type="submit" name="submit" value="Go" />
</form>
<a href="logout.php">Log Out</a>
</body>
</html>

Re: Session trouble

Posted: Tue Dec 23, 2008 2:30 am
by requinix
Don't create duplicate threads.

Re: Session trouble

Posted: Tue Dec 23, 2008 3:27 am
by Greg19
Opps my bad, my browser crashed when I posted that 1st one, I didn't think it went through.

Re: Session trouble

Posted: Tue Dec 23, 2008 3:37 am
by Thundergod
$_SESSION['Company'] <-- That is different from...


This --> if(!isset($_SESSION['company'])

When you first set the session the "C" in company is capitalized while when checking the session variable it is not...