Jump to content

help with sessions


waterwn1097

Recommended Posts

alright so I have muliple different files and I think I know where my error is. I want to have my page set so that when a client logs in they they set the logged variable to 1 and not 0. So far whenever I log in the variable is staying at 0 there must be an issue.

here is the global.php file

<?php
include_once("connect.php");
session_start(); 
if(isset($_SESSION['username'])) { 
header("Location: index.php");


//checking if sessions are set.
if(isset($_SESSION['username'])){
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['pass'];
$session_id = $_SESSION['id'];

//check if the member exists
$query = mysql_query("SELECT * FROM clients WHERE id='$session_id' AND password='$session_pass'LIMIT 1") or die("Could not check member");
$count_count = mysql_num_rows($query);
if($count_count > 0){
//logged in stuff here
$logged = 1;

}else{
header("Location: logout.php");
exit();
}
}else if(isset($_COOKIE['id_cookie'])){
$session_id = $_COOKIE['id_cookie'];
$sessions_pass = $_COOKIE['pass_cookie'];


//check if the member exists
$query = mysql_query("SELECT * FROM clients WHERE id='$session_id' AND password='$session_pass'LIMIT 1") or die("Could not check member");
$count_count = mysql_num_rows($query);
if($count_count > 0){
while($row= mysql_fetch_array($query)){
$session_username = $row['username'];
}

//create sessions
$_SESSION['username']=$session_username;
$_SESSION['id']=$session_id;
$_SESSION['pass']=$session_pass;

//logged in stuff here
$logged = 1;

}else{
header("Location: logout.php");
exit();
}
}else{
//if the user is not logged in
$logged = 0;
}


 }



?>

here is the login.php script

<?php include_once("scripts/global.php");

if(isset($_POST['email'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
$remember = $_POST['remember'];

//error handeling 
if((!$email)||(!$pass)){
$message = 'Please insert both fields';
}else{
// secure the data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM clients WHERE email='$email' AND password='$pass' LIMIT 1" ) or die("Could not check member");
$count_query = mysql_num_rows($query);
if($count_query == 0){
$message = 'The information you entered is incorrect';
}else{
//start session
$_SESSION['pass'] = $pass;
while($row = mysql_fetch_array($query)){
$username = $_row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
if($remember == "yes"){
//create cookies
setcookie("id_cookie",$id,time()+60*60*24*100,"/");
setcookie("pass_cookie",$pass,time()+60*60*24*100,"/");
}

header("Location: home.php");






}
}
}

?>

Link to comment
Share on other sites

that still didnt fix it, this issue is really making me upset. Im going to post all codes now im done dealing with this. I have loops for some reason now. I am a DJ and I simply want the user to be able to log in to their account and see their information pulled from the register page and the mysql database. I would also like for the user to not be able to see others profiles. Here is the code for the global.php document found in all docs. All the connect.php doc includes is the db login information

<?php
include_once("connect.php");
session_start(); 
if(isset($_SESSION['username'])) { 
header("Location: home.php");


//checking if sessions are set.
if(isset($_SESSION['username'])){
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['pass'];
$session_id = $_SESSION['id'];

//check if the member exists
$query = mysql_query("SELECT * FROM clients WHERE id='$session_id' AND password='$session_pass'LIMIT 1") or die("Could not check member");
$count_count = mysql_num_rows($query);
if($count_count > 0){
//logged in stuff here
$logged = 1;

}else{
header("Location: logout.php");
exit();
}
}else if(isset($_COOKIE['id_cookie'])){
$session_id = $_COOKIE['id_cookie'];
$sessions_pass = $_COOKIE['pass_cookie'];


//check if the member exists
$query = mysql_query("SELECT * FROM clients WHERE id='$session_id' AND password='$session_pass'LIMIT 1") or die("Could not check member");
$count_count = mysql_num_rows($query);
if($count_count > 0){
while($row= mysql_fetch_array($query)){
$session_username = $row['username'];
}

//create sessions
$_SESSION['username']=$session_username;
$_SESSION['id']=$session_id;
$_SESSION['pass']=$session_pass;

//logged in stuff here
$logged = 1;

}else{
header("Location: logout.php");
exit();
}
}else{
//if the user is not logged in
$logged = 0;
}


 }



?>
this is the login.php page
<?php include_once("scripts/global.php");

if(isset($_POST['email'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
$remember = $_POST['remember'];

//error handeling 
if((!$email)||(!$pass)){
$message = 'Please insert both fields';
}else{
// secure the data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM clients WHERE email='$email' AND password='$pass' LIMIT 1" ) or die("Could not check member");
$count_query = mysql_num_rows($query);
if($count_query == 0){
$message = 'The information you entered is incorrect';
}else{
//start session
$_SESSION['pass'] = $pass;
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
if($remember == "yes"){
//create cookies
setcookie("id_cookie",$id,time()+60*60*24*100,"/");
setcookie("pass_cookie",$pass,time()+60*60*24*100,"/");
}

header("Location: home.php");






}
}
}

?>

this next document is the profile.php(what I have so far- im going to add when this starts working.

<?php include_once("scripts/global.php");
if($logged == 0){
echo("You need to be logged in to view quote information");
}
if(isset($_GET['id'])){
$id = $_GET['id'];
}else{
$id = $_SESSION['id'];
}
//collect member information
$query = mysql_query("SELECT * FROM clients WHERE id='$id' LIMIT 1") or die("Could not collect user information");
$count_mem = mysql_num_rows($query);
if($count_mem == 0){
echo("The user does not exist");
exit();
}
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$firstname = $row['firstName'];
$lastname = $row['lastName'];
$client_id = $row['id'];
if($session_id == $client_id){
$owner = true;
}else{
$owner = false;
}
}






?>

home.php has no code except for the include(global.php)

and finally the logout.php 

<?php
session_start();

session_destroy();

if(isset($_COOKIE['id_cookie'])){

setcookie("id_cookie",",time()-50000,'/");
setcookie("pass_cookie",",time()-50000,'/");

}
if(!isset($_SESSION['username'])){
echo("we could not log you out, please try again");
exit();
}else{
header("Location: index.php");
}

?>

thanks all for help. I would like just everything to work and not loop. This might be a big error or something really small im just tired of trying to fix it

 

Thanks!!!!

 

Link to comment
Share on other sites

How you have set up the login process is complicated. When the user logs in your are saving the users username and password to the session. And then on each page request you are querying the database to make sure the username and password stored in the session matches a record in the database and if it does you set the $logged variable to true.

 

The second part is unnecessary. If you have already checked their credentials matches there is no need to keep checking the database. Just set a session variable to say they are logged in (eg $_SESSION['logged_in'] = true;) and set any other data to the session that you want to remember about the user such as user id, username, real name, their access level (admin, mod, user) etc.

 

To see if the user is logged in you'd check for the session variable exists

if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true)
{
   // allow user to page they are logged in
}
else
{
   // user is not logged in, redirect/display login form or warning
}

When they logout you unset the session. 

 

I would not advise storing the users credentials in cookies for the remember me feature. Cookies are not secure and you have no control over them.

Link to comment
Share on other sites

you mentioned '... and not loop'. i'm guessing you have a redirect loop? if so, why are you redirecting on line 5 of your global.php file when the session based username is set?

 

here's a more basic question. what are you trying to accomplish with your "scripts/global.php" file? you need a clear statement of what the purpose of that code is and the confusing code you have now doesn't appear to have a defined goal.

 

are you trying to include that on any 'protected' page and a) have it present the login form if the visitor is not logged in, process the login form on that same page, and process the log out action on that same page, and b) only allow access to the protected page if the visitor is logged in?

 

edit: there are cases where you want/need to query the database on each page request, i.e to get a 'banned' status that takes affect immediately, to allow usernames/access level to be changed and take affect immediately. in these cases, your session variable only identifies who the visitor is, by his user_id. you would use the user_id to retrieve the rest of the user information to be used on the page request.

 

for a "remember me" feature, you would generate a unique id (see: the uniqid() function) and store this in the cookie and in a column in your clients table. this unique id will only identify who the visitor is. if it is set, you would use it to query for the actual user information it corresponds to.

Edited by mac_gyver
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.