handling sessions ...
Posted: Tue Sep 23, 2008 1:03 am
hii..
herez a small problem with session handling,
when i login to my application sessions are being registered, that is okay, and after getting logged in i can see the members page well, but when i'm opening the the loginpage.htm in the new tab of firefox browser, i'm able to see the login page itself and not the members page.
the sessions are not being synchronized, why is this happening?
i tried to include session.php in the login page itself, so if the user is already logged in even though when i open a login page it shld be redirected to members page instead itz showing me server configuration error on the browser.
i'm here with attaching my code..kindly help me with ur ideas and suggestions..
logincheck.php
here is code for session.php
Many Thanks,
Pavan.
herez a small problem with session handling,
when i login to my application sessions are being registered, that is okay, and after getting logged in i can see the members page well, but when i'm opening the the loginpage.htm in the new tab of firefox browser, i'm able to see the login page itself and not the members page.
the sessions are not being synchronized, why is this happening?
i tried to include session.php in the login page itself, so if the user is already logged in even though when i open a login page it shld be redirected to members page instead itz showing me server configuration error on the browser.
i'm here with attaching my code..kindly help me with ur ideas and suggestions..
logincheck.php
Code: Select all
<?php
//Connect to mysql server
$link=mysql_connect("localhost","root","");
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db=mysql_select_db("tge");
if(!$db) {
die("Unable to select database");
}
$username = $_POST["username"];
$password = $_POST['password'];
$encrypt = sha1($password);
$query="SELECT * FROM login WHERE username='" . mysql_real_escape_string($username) . "' AND password='". mysql_real_escape_string ($encrypt). "'";
//require_once('attempt.log.class.php');
$result=mysql_query($query);
$rows2=mysql_fetch_array($result);
if($rows2["password"] == $encrypt && $rows2["username"] == $username )
{
if(mysql_num_rows($result)>0)
{
//Login Successful
session_start();
$start=time();
$_SESSION['time_start']=$start;
$_SESSION['username']=$username;
$_SESSION['password']=$encrypt;
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
session_register('username');
session_register('password');
session_register('time_start');
session_regenerate_id();
session_write_close();
include "session.php";
header("Location: redirect.php");
exit();
}
else {
//Login failed
require_once('attempt.log.class.php');
session_unset();
session_destroy();
header("location: loginfail.htm");
exit();
}
}
else{
require_once('attempt.log.class.php');
session_unset();
session_destroy();
header("location: loginfail.htm");
}
?>Code: Select all
<?php
//start the session
session_start();
//check to make sure the session variable is registered
if(session_is_registered('username')){
//the session variable is registered, the user is allowed to see anything that follows
#echo 'Welcome, you are still logged in.';
}
else{
//the session variable isn't registered, send them back to the login page
header( "Location: login.htm" );
exit();
}
?>Pavan.