Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Banned
    Join Date
    Mar 2007
    Posts
    1,523
    Thanks
    116
    Thanked 0 Times in 0 Posts

    Question store username and use in protected pages to display

    checklogin.php
    Code:
    <?php
    require_once('connection.php');
    $tbl_name="members";
    
    // username and password sent from form
    $myusername=$_POST['myusername'];
    $mypassword=$_POST['mypassword'];
    
    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);
    
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);
    
    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $myusername and $mypassword, table row must be 1 row
    
    if($count==1){
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_register("myusername");
    session_register("mypassword");
    header("location:login_success.php");
    }
    else {
    echo "Wrong Username or Password";
    header("location:index.html");
    
    }
    ?>
    is $myusername a session? can i use it in protected pages to display show is logged in?

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    myusername and mypasword are not sessions themselves, rather they are stored within a session value. However, there are a few things that can cause you problems:
    • Cookies must be on for this one to work. Regardless of what the session.use_trans_sid is set at and whether you require cookies or not in your php.ini, your header call doesn't actually send the session variable with the client. If you want to go without cookies, you will need to run with
      PHP Code:
      ini_set('session.use_cookies'1);
      ini_set('session.use_only_cookies'0);
      ini_set('session.use_trans_sid'1); // for auto appending of sessioin id 
      then in your header('Location: login_success.php'); you will need to add the constant SID (so header('Location: login_success.php?' . SID);
    • session_register() is a deprecated method. As in, it will work today, but it will be removed in PHP 6. session_register() requires that register_globals are enabled in order to write session variables.

    To get around the register globals problem, use the session handling of session_start() instead.
    PHP Code:
    <?php
    session_start
    ();
    // All my code here
    $_SESSION['myusername'] = $username// I think you see how its done.
    unset($_SESSION['myusername']); // to destroy it
    Session_start() would now be required at the top of all of your pages.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •