Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts

    $_SESSION wont set on login

    I have checked over multiple times and I'm sure it's something stupid. I am new to debugging code I never used the
    PHP Code:
    or die(mysqli_error()) 
    till this try by myself. If you can point me into the right direction I would appreciate it.

    PHP Code:
    <?php
      
    require_once('../php_scripts/appvar.php');
      
    //if the user isn't logged, try to log in
      
    if(!isset($_SESSION['id']))
      {
          if(isset(
    $_POST['login_submit']))
        {
            
    //connect to database
            
    $dbc mysqli_connect($DB_HOST$DB_USER$DB_PASSWORD$DB_NAME)
                or die(
    mysqli_error());
                
            
    //grab the user input data
            
    $user_login mysqli_real_escape_string($dbctrim($_POST['login']));
            
    $user_password mysqli_real_escape_string($dbctrim($_POST['login_password']));
            
            if(!empty(
    $user_login) && !empty($user_password))
            {
                
    //look up the input data and confirm it exists in database
                
    $query "SELECT id, alias FROM gig_user WHERE alias = '$user_login' AND password = SHA('$user_password')";
                
    $data mysqli_query($dbc$query)
                    or die(
    mysqli_error());
                if(
    mysqli_num_rows($data) == 1)
                {
                    
    //login is confirmed set the sessions
                    
    $row mysqli_fetch_array($data);
                    
    $_SESSION['id'] = $row['id'];
                    
    $_SESSION['alias'] = $row['alias'];
                    
    //redirect to profile page
                    
    $profile_url 'http://' $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/profile.php';
                    
    header('Location: ' $profile_url);
                }
                else 
                {
                    
    //login was not found set an error msg
                    
    $err_msg 'Sorry, you must enter a valid username and password to log in.';    
                    echo 
    $err_msg;
                }            
            }        
        }
      }
    ?>
    Code:
    <form method = "post" action = "php_scripts/login.php">
    	<fieldset>
    	    <label>Login</label>
    	    <input type = "text" id = "login" name = "login" /><br />
    	    <label>Password</label>
    	    <input type = "password" id = "login_password" name = "login_password" /><br />
    	    <input type = "submit" name = "login_submit" id = "login_submit" />
    	</fieldset>
    </form>
    New Coder!!!!

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,502
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    All scripts that use $_SESSION in it, must start out like this:

    <?php
    session_start();

    I'm not sure if your "included" scripts already have it or not,
    but you can try adding "session_start();" at the top and if it's already
    defined, you'll just get an error "session already started".

  • #3
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by mlseim View Post
    All scripts that use $_SESSION in it, must start out like this:

    <?php
    session_start();

    I'm not sure if your "included" scripts already have it or not,
    but you can try adding "session_start();" at the top and if it's already
    defined, you'll just get an error "session already started".
    I have session start on the top. I am going to try and echo the input data to make sure im collecting that correctly.
    New Coder!!!!

  • #4
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts
    I think it has something to do with the query and using
    PHP Code:
    SHA('$user_password'
    does that query look correct?
    New Coder!!!!

  • #5
    New Coder
    Join Date
    Sep 2010
    Location
    The Twilight Zone
    Posts
    86
    Thanks
    17
    Thanked 2 Times in 2 Posts
    This query is incorrect:
    Code:
    $query = "SELECT id, alias 
                   FROM gig_user 
                   WHERE alias = '$user_login' 
                   AND password = SHA('$user_password')";

    First, it should be sha1, not sha. Second, somebody correct me if I'm wrong- but I don't think you can simply call sha1 in a query like that. I think you have to generate the hash first, then store it in a variable. Here's the updated version.

    Code:
    $password = sha1($user_password);
    $query = "SELECT id, alias 
                   FROM gig_user 
                   WHERE alias = '$user_login' 
                   AND password = '$password' ";

  • #6
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Quote Originally Posted by Ahlahn View Post
    This query is incorrect:

    ...

    First, it should be sha1, not sha. Second, somebody correct me if I'm wrong- but I don't think you can simply call sha1 in a query like that. I think you have to generate the hash first, then store it in a variable. Here's the updated version.
    Not true. You're confusing a PHP function and a MySQL function. SHA (or the alias SHA1) is a MySQL function run within the context of the query itself. So it's perfectly legal to have SHA('text'), or in the case of a double quoted string, SHA('$var').

  • #7
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,346
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Yes mysql does have its own functions that you can call from within the SQL but admittedly I never use them myself. One reason for that is that even mysql admit the functions can change with different releases. I don't know about the rest of you but I'd rather stick to tracking php changes rather than tracking mysql too.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #8
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts
    So the SHA is fine does anyone see anything else that could be preventing this session from setting?
    New Coder!!!!

  • #9
    Regular Coder
    Join Date
    Jul 2010
    Location
    Oregon City
    Posts
    280
    Thanks
    5
    Thanked 50 Times in 49 Posts
    edited



    before setting the session after if mysql num rows etc echo out "success" to see if you're even getting the right result, then you'll know it isnt your query.
    Last edited by Adee; 11-21-2011 at 08:16 PM.

  • #10
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,346
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by calebandchels View Post
    So the SHA is fine does anyone see anything else that could be preventing this session from setting?
    Well if it works on your system yes. If its code for a commercial product then scrap it now for the reasons I've mentioned above. Mysql internal functions can change from one version to another so you'll find yourself having to support numerous versions of mysql as well as php.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #11
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by tangoforce View Post
    Well if it works on your system yes. If its code for a commercial product then scrap it now for the reasons I've mentioned above. Mysql internal functions can change from one version to another so you'll find yourself having to support numerous versions of mysql as well as php.
    Not a commercial product just trying to get better. So I need to not use SHA because mySQL changes the support for it? I am not familiar with any other way to do it. Could you point me to an article? I will also google it to see what I get.
    New Coder!!!!

  • #12
    Regular Coder
    Join Date
    Nov 2009
    Location
    Florida United States
    Posts
    105
    Thanks
    6
    Thanked 2 Times in 2 Posts
    when I removed SHA it set the SESSIONS
    New Coder!!!!

  • #13
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,346
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by calebandchels View Post
    when I removed SHA it set the SESSIONS
    Someone did point out to you above that you should be using sha-1 yet you replied saying that your use of sha was ok then.

    Also instead of using the mysql functions use the PHP sha-1() function instead. Assign its output to a variable and put THAT into your SQL.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •