Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 29
  1. #1
    New Coder
    Join Date
    Mar 2004
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Session problems, havent been able to figure it out on my own

    Hi all, I have been having a rough time trying to get some sessions working...first off, I think this code that i use, to start a session upon having the user login and have them verified against a mysql db, SHOULD WORK
    Code:
    echo "logged in";
    	$_SESSION['name'] = $username;
    	session_id();
    	$_SESSION['login'] = 'yes';
    	header("Cache-control: private");
    Again the user has been verified that their name and pass exists and is correct. As for the sessions, I have some issues with them. They seem to be started and such ( I have session_start(); on the page right after <?php
    so it is in there, unless it needs to be elsewhere?
    I have a functions.php where I was trying to do a function logincheck()
    and then have the code to check to make sure that there is a session started for that particular user. what I am having problems doing is jsut that. I cant seem to get it to validate anything so of course its not working. How in the heck can I do this? I am setting up a family site, and only those who I manually approve (from the family), are able to login and then view the site. I want to secure it by forcing a login check on all of the pages (that way someone cant view anything, or post anything without being authorized. Can someone help me out? I have checked over php.net and such, and I am still I guess confused, so hopefully someone can help me out!! As long as I see an example that would work with what I got (unless im registering the sessions wrong of course lol) then I should be able to do the rest. Also, would the check need to occur in a <pre></pre> or the <head> section or would the body be fine? Also would the vars need to be global (which usually is a bad thing right?) or would this be a cookied issue, which I cant figure out myself either. Thanks for any info! I really appreciate this!!

  • #2
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    Try this:
    PHP Code:
    <?php
    session_start
    ();
    $_SESSION['name'] = $username//Unsure where you're getting $username from, if it by url or form, use the super globals ($_GET or $_POST)
    session_id(); // This isn't doing anything
    $_SESSION['login'] = 'yes';
    header("Cache-control: private"); 
    echo 
    "logged in<br>";
    print_r($_SESSION); // Shows info from the session, checks if it's working or not

    ?>

  • #3
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    What is your actual problem?

    I don't think you can echo something before sending header-info i would change that. I also don't understand what the session_id() is doing inthere

    It's no a cookie-issue. Sessions will work, regardless of the client cookie-settings.

    <edit>Nightfire, did we synchronise watches/brains ?</edit>
    Last edited by raf; 04-05-2004 at 08:45 PM.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #4
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    On the third beep, wasn't it?

  • #5
    New Coder
    Join Date
    Mar 2004
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thats cool and all, but once that is set and the user has been verified/logged in, how would i setup a function in my functions.php to CHECK to see if a login session exists, and if so then allow the user to proceed and see a page....thats the other thing I need. And if they arent logged in/verified, then I need to direct them to the login page. Get what I mean? Thanks for the help!

  • #6
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    To check they're logged in, use something like:
    PHP Code:
    <?php
    session_start
    ();
    if(isset(
    $_SESSION['login'])){
       echo 
    'logged in';
    }else{
       
    header("Location: loginform.php");
    }
    ?>

  • #7
    New Coder
    Join Date
    Mar 2004
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    but wouldnt that start a NEW session? I am unable to actually redirect users with the header function in php for some weird reason...any clues as to why that wouldnt work , or am I doing something wrong... isnt it header('Location: wherever'); ?
    Ive tried the variations of it that Ive found and it never seems to redirect :P

  • #8
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    All it's doing is seeing if the session variable loggedin exists. If it doesn't then it redirects to loginform.php. Not sure why your code isn't working, can you show your code?

  • #9
    New Coder
    Join Date
    Mar 2004
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Here is my functions.php :
    Code:
    <?php
    
    function checklogin()
    {
    	
    	session_start(); 
    	if(isset($_SESSION['login']))
    	{ 
    	   echo "logged in"; 
    	}
    	else
    	{ 
       
    	echo "Not logged in";
    	}
    } 
    
    	
    
    
    function registersession($username)
    {
    	
    	$_SESSION['name'] = $username; 
    	$_SESSION['login'] = 'yes'; 
    	header("Cache-control: private");  
    	echo "logged in<br>"; 
    	print_r($_SESSION); // Shows info from the session, checks if it's working or no
    
    	
    }
    
    
    ?>
    the portion of code going to registersession...coming from the login.php :
    Code:
    $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
    $result=mysql_query($query);
    $num=mysql_numrows($result);
    mysql_close();
    if($num > 0)
    {
    	registersession($username);
    
    }else{
    	echo "Invalid Username and/or Password! Could not log you in.  Please check your credentials and try again.  This attempt has been logged.";
    	session_destroy();
    }
    When just using that login form, if I login correctly, it gives me the your logged in message, and the session id. However, I cant get it all to stay for some reason. I am running windows xp pro with apache 1.x if that helps, and something like php version 4.x something or other..a stable release that didnt have issues usually lol. Hope that helps. $username is actually posted from the form as
    Code:
    $username = $_POST['username'];
    $password = $_POST['password'];
    Thats where that is coming from


    EDIT:

    Note that session_start(); is also at the top of my login.php page!! its the first thing after the <?php line!
    Last edited by jediman; 04-05-2004 at 10:10 PM.

  • #10
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by jediman
    but wouldnt that start a NEW session? I am unable to actually redirect users with the header function in php for some weird reason...any clues as to why that wouldnt work , or am I doing something wrong... isnt it header('Location: wherever'); ?
    Ive tried the variations of it that Ive found and it never seems to redirect :P
    This could be because you already sent output to the client before redirecting. But we indeed can help you better if we see the code.

    As for the sessioncheck, i'd use
    PHP Code:
    <?php 
    session_start
    (); 
    if(!isset(
    $_SESSION['login'])){ 
       
    header('Location: ./loginform.php'); 

    ?>
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #11
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Pots crossed.

    OK. First, change
    $result=mysql_query($query);
    $num=mysql_numrows($result);
    mysql_close();

    into
    PHP Code:
    $result=mysql_query($query) or die ('Queryproblem');
    $num=mysql_num_rows($result);
    /*mysql_close();  --> no need to close, or else first free the resultset. Like
    mysql_free_result($result);
    mysql_close(); */ 
    Then, about the logincheck --> i would not include the functionfile. I would include a headerfile (that does some checking, logging or whatever, and include the check there. Not inside a funcion (See previous post for code). Also, don't output inside a function --> store the output' in a variable and return that when the function is completed.

    Can you make this
    However, I cant get it all to stay for some reason.
    a bit more concrete
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #12
    New Coder
    Join Date
    Mar 2004
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm afraid im still lost...

  • #13
    New Coder
    Join Date
    Mar 2004
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ah ok, to eliviate. Once ive logged in, the session has started. Thats fine, great, dandy. However, since for whatever reason only God probably knows, header redirection is not working, so i just delete some things and just go back to my index.php . Then thats where that login check is supposed to occur, but doesnt seem to be picking up the fact that a session has indeed already started. So what that is telling me is things arent passing between the two.. I really should just probably pass out the session id to the pages, and have it check that way, and also have it quickly check against like i dunno, the database, and have it insert the current session into that? would that be suffice? or would that just add a whole lot of uncessesary overhead to it all?

  • #14
    New Coder
    Join Date
    Mar 2004
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Code:
    <html>
    <head>
    </head>
    <body>
    <?php
    session_start();
    
    require("system/config.php");
    require("system/functions.php");
    
    echo"<title>$title -Please Login</title>";
    
    
    if($_POST['login'])
    {	
    	$status = "active";
    	//post the fields
    	$username = $_POST['username'];
    	$password = $_POST['password'];
    	$username = md5($username);
    	$password = md5($password);
    	//connect to the db
    	mysql_connect($connection,$user,$pwd);
    	@mysql_select_db($database) or die( "Unable to select database");
    	$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password' AND status = '$status'";
    	$result=mysql_query($query);
    	$num=mysql_numrows($result);
    	$id=mysql_result($result, "id");
    
    mysql_close();
    if($num > 0)
    {
    	
    	$_SESSION['name'] = $username; 
    	$_SESSION['login'] = 'yes'; 
    	$sid = session_id();
    	mysql_connect($connection,$user,$pwd);
    	@mysql_select_db($database) or die( "Unable to select database");
    	$secondquery = "UPDATE users SET sid = '$sid' WHERE id = '$id'";
    	$rs=mysql_query($secondquery);
    	mysql_close();
    	if(!$rs)
    	{
    		echo "Error Updating User session id!".mysql_error();
    	}else{
    
    
    	header("Cache-control: private");  
    	echo "logged in<br>"; 
    	//print_r($_SESSION); // Shows info from the session, checks if it's working or no
    	echo "<a href=index.php>Back To Main Page</a>";
    	}
    
    }else{
    	echo "Invalid Username and/or Password! Could not log you in.  Please check your credentials and try again.  This attempt has been logged.";
    
    	session_destroy();
    }
    }
    else
    {
    ?>
    <form action="login.php" method="post">
    <table border=1>
    <tr>
    <td nowrap><b>Username:</b></td><td><input type="text" name="username" size="32"></td>
    </tr>
    <tr>
    <td nowrap><b>Password:</b></td><td><input type="password" name="password" size="32"></td>
    </tr>
    <tr>
    <td><input type="submit" name="login" value="Login"></td>
    </tr>
    </table>
    </form>
    <?php
    }
    ?>
    </body>
    </html>
    Here is my login script. I now have a field in the users table where the sid gets set when the user logs in. Now, can someone please write me a function that I can use/include on all pages, to be sure that the user is logged in, and if so allow the page to be viewed? Ive tried a bunch of times, but nothing seems to really work, and I am at a total loss! PLEASE HELP! THANKS!!!!!

  • #15
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you want more help, then you need to give us more info. 'Doesn't seem to work' etc is useless.
    I also see you are not following my other advice on the depreciated mysql_numrows and the connectionclose, so i'm not really motivated to point out things you should set straight in the last code you posted.

    The code nightfire and I posted should work just fine, and you better try getting it running then changing direction. Just print out the sessionvariales (with print_r($_SESSION); ) right after you set them, before you redirect and on top of all pages you use. And then look where it gets dropped and go backwards or print the code inbetween the last succesfull print and this one.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •