Page 1 of 1

session problem

Posted: Wed Apr 29, 2009 2:41 pm
by nite4000
I made a script a while back and recently started doing a upgrade. I found that there was an error in the client section I was not aware of.

The problem I have is that I am unable to use session becuz when ever i try to use

$user = escape_data($_SESSION['email'], $dbc);

I get an error in the client area. and looses the session info.

I have compared to the login code and nothing i do works

Here is the login code :

Code: Select all

 
  if (strlen($_POST['login'])) {
      $username = escape_data($_POST['user'], $dbc);
 
  
  
    if(strlen($_POST['user'])==0) {
      $error=TRUE;
      $msg='Please enter your username!';
    } else {
      $username = escape_data($_POST['user'],$dbc);
    }
    
    
 
    
    if(strlen($_POST['pass'])==0) {
      $error=TRUE;
      $msg='Please enter your password!';
    } else {
      $password = md5($_POST['pass']);
    }
    
    
 
 
    
    $q=mysql_query("update users set last_login ='$date' WHERE email='$username' and password='$password' LIMIT 1")or die(mysql_error());
    if($error != TRUE) {   
     
      $query="SELECT * from users WHERE email='$username' and password='$password' LIMIT 1";
      $results = mysql_query($query) or die(mysql_error());
      if(@mysql_num_rows($results) > 0) {
     [b]   //Login valid
        $_SESSION['email'] = $_POST['user'];
        $_SESSION['password'] = $_POST['pass'];[/b] 
       
        $user_info = mysql_fetch_array($results, MYSQL_ASSOC);
        $_SESSION['id'] = $user_info['id'];
        
        // Remember?
        if(@intval($_POST['remember']) > 0) {
          setcookie("c_i", $user_info['id'], time()+1209600); 
          setcookie("c_e", $_POST['user'], time()+1209600);
          setcookie("c_p", md5($_POST['pass']), time()+1209600);
        } else {
          setcookie("c_i", "", time()-1209600);
          setcookie("c_e", "", time()-1209600);
          setcookie("c_p", "", time()-1209600);
        }
        
        $LOGIN = TRUE;
      } else {
        $error=TRUE;
        $msg = 'Invalid username/password!';
      }
    }
  }
}
$r = mysql_query("SELECT * FROM settings WHERE id='1'") or die(mysql_error());
$info = mysql_fetch_array($r, MYSQL_ASSOC);
@mysql_free_result($r);
 
$r = mysql_query("SELECT * FROM colors WHERE id='1'") or die(mysql_error());
$color = mysql_fetch_array($r, MYSQL_ASSOC);
@mysql_free_result($r);
 
 
 if(strlen($_POST['user']) == 0) {
    $_POST['user'] = 'Please enter your e-mail!';
     }
 
I put in bold the info that has to do with how i get teh users email to show which they are logged in with on pages in the client area.

If anyone has any idea or would like to chat with me about it please contact me here or on yahoo nite4000

Thanks
Don

Re: session problem

Posted: Wed Apr 29, 2009 6:12 pm
by tech603
In your code i didn't see a session_start() any where. Any page your looking for session variables on you'll need to make sure the session is started.

Code: Select all

 
session_start();
$user = escape_data($_SESSION['email'], $dbc);
Hope that helps.

Re: session problem

Posted: Thu Apr 30, 2009 1:26 am
by Yossarian
Looks as if you have not posted all the code ...

I cannot see where escape_data() is defined, are you including the file that contains that function?