Simple login form = Simple problem, lol

[sean14592]

Hi, I'm creating a simple login form, This is the code for the login page.

 

<?php
session_start();
include("../include/config.php");
include("../include/header.php");


$ms = mysql_pconnect($db_host, $db_username, $db_password);
if ( !$ms )
{
echo "Error connecting to database.\n";
}

// Then you need to make sure the database you want
// is selected.
mysql_select_db($db_database);
?>
<?php



if ($_GET["op"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
  {
  die("You need to provide a username and password.");
  }

// Create query
$q = "SELECT * FROM members "
  ."WHERE username='".$_POST["username"]."' "
  ."AND password='".$_POST["password"]."' "
  ."LIMIT 1";
// Run query
$r = mysql_query($q);

if ( $obj = @mysql_fetch_object($r) )
  {
  // Login good, create session variables
  $_SESSION["valid_id"] = $obj->id;
  $_SESSION["valid_user"] = $_POST["username"];
  $_SESSION["valid_time"] = time();

  // Redirect to member page
  header("Location: login_done.php");
  }
else
  {
  // Login not successful
  die("Sorry, could not log you in. Wrong login information.");
  }
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>
<?php
include("../include/footer.php");
?>

 

 

Now, on the next page I displeay the following session variables to make sure that the login system works. Sadly they keep coming all out blank, WEIRD!

<?php

echo ("<div align=\"center\">");
echo ("  <p><img src=\"http://www.sitedomain.com/images/log_done.jpg\" width=\"500\" height=\"250\" /></p>");
echo (" <h2><a href=\"../owners/cpanel.php\" class=\"style2\">Click Here To Access Your Control Panel!</a></h2>");
echo ("</div>");
echo ("Valid ID:");
echo $_SESSION["valid_id"];
echo ("<br>Valid Username:");
echo $_SESSION["valid_user"];
echo ("<br>Session Time:");
echo $_SESSION["valid_time"];




?>

[DarkWater]

You need to include session_start() on any page using sessions. =)

[dptr1988]

Put a session_start() at the begining of the second page.

 

You need to use session_start() for each page that the browser views.

[sean14592]

Ok, cool, thats fixed the problem of showing the session data, though now in my Cpanel.php page it keeps sending me to login.php even if I am logged in.

 

cpanel.php

<?php
session_start();

if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
header("Location: ../forms/login.php");
}

else
{

?>
<script type="text/javascript">
<!--
function MM_swapImgRestore() { //v3.0
  var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_preloadImages() { //v3.0
  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}

function MM_findObj(n, d) { //v4.01
  var p,i,x;  if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
    d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
  if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
  for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
  if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_swapImage() { //v3.0
  var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
   if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
//-->
</script>
<body onLoad="MM_preloadImages('../images/icons/hover_add.png','../images/icons/hover_edit.png','../images/icons/hover_stats.png','../images/icons/hover_news.png','../images/icons/hover_forum.png','../images/icons/hover_resources.png')">

<div align="center"><a href="#" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image6','','../images/icons/hover_add.png',1)"><img src="../images/icons/add_prop.png" name="Image6" width="100" height="100" border="0" id="Image6" /></a><a href="#" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image7','','../images/icons/hover_edit.png',1)"><img src="../images/icons/edit_prop.png" name="Image7" width="100" height="100" border="0" id="Image7" /></a><a href="#" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image8','','../images/icons/hover_stats.png',1)"><img src="../images/icons/stats.png" name="Image8" width="100" height="100" border="0" id="Image8" /></a><a href="#" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image9','','../images/icons/hover_news.png',1)"><img src="../images/icons/news.png" name="Image9" width="100" height="100" border="0" id="Image9" /></a><a href="#" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image10','','../images/icons/hover_forum.png',1)"><img src="../images/icons/forum.png" name="Image10" width="100" height="100" border="0" id="Image10" /></a><a href="#" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image11','','../images/icons/hover_resources.png',1)"><img src="../images/icons/resources.png" name="Image11" width="100" height="100" border="0" id="Image11" /></a></div>
<br>


<?php
}
include("../include/footer.php");
?>

 

Anyone know how to fix this?

Cheers

Sean

[dptr1988]

Try var_dump($_SESSION); to see if $_SESSION['valid_user'] is actually set.

 

 

[sean14592]

Sorry, I do not uderstand were would I go about putting var_dump($_SESSION);.

 

cheers

sean

[dptr1988]

var_dump() and print_r() are standard functions that are used to display the contents of variables for debugging.

 

Insert 'var_dump($_SESSION);' at the begining of 'cpanel.php' to see what you input variables are.

[sean14592]

Ok, done that and I get the following displayed:

 

array(0) { } 

 

What does this mean?

Cheers

Sean

[DarkWater]

Ok, done that and I get the following displayed:

 

array(0) { } 

 

What does this mean?

Cheers

Sean

 

Is your cpanel on the same domain as your other pages? (Just need to make sure)

[sean14592]

yes, thay are all under the same domain, though in different directories

 

cpanel in /owners/cpanel.php

login in /forms/login.php

 

 

Cheers

Sean Preston

[DarkWater]

yes, thay are all under the same domain, though in different directories

 

cpanel in /owners/cpanel.php

login in /forms/login.php

 

 

Cheers

Sean Preston

 

That's fine.  And print_r($_SESSION) displays a blank array?  Something's stopping it from being sent to the CPanel.  The stuff is getting to that other page though, right?

[dptr1988]

Double check that the login code ( the code that sets the session variables ) is actually setting the variables

 

Insert another var_dump($_SESSION); right after you set the session variables.

 

If you don't see anything, then your login code isn't getting run. Probably becuase of a invalid query or database connection error.

 

Check that you have  a MySQL connection and that you sql query is correct

 

 

 

[sean14592]

When I have print_r($_SESSION) on login_done.php, it displayes the following:

 

Array ( [username] => sean14592 [loggedin] => 1 [main_username] => sean14592 [valid_id] => 15 [valid_user] => sean14592 [valid_time] => 1208814011 ) 

 

yes, thay are all under the same domain, though in different directories

 

cpanel in /owners/cpanel.php

login in /forms/login.php

 

 

Cheers

Sean Preston

 

That's fine.  And print_r($_SESSION) displays a blank array?  Something's stopping it from being sent to the CPanel.  The stuff is getting to that other page though, right?

 

 

Cheers

Sean Preston

[dptr1988]

That looks good!

 

But what is the connection between 'login_done.php' and 'cpanel.php' where you are having the problem? Does 'login_done.php' redirect to 'cpanel.php'?

 

 

[sean14592]

When I print_r($_SESSION) on cpanel.php, yes it does come out blank with Array ( ) .

 

 

thanks again for your help, any more ideas?

 

Cheers

Sean Preston

[dptr1988]

Somewhere between 'login_done.php' and 'cpanel.php', you session variables are getting messed up.

 

Could you please explain what happens after you go to 'login_done.php'. Does it redirect you to 'cpanel.php'? Do you close you browser and open up a new window with 'cpanel.php'?

 

How do you get to 'cpanel.php' from 'login_done.php'?

[DarkWater]

When I print_r($_SESSION) on cpanel.php, yes it does come out blank with Array ( ) .

 

 

thanks again for your help, any more ideas?

 

Cheers

Sean Preston

 

Put this on the cpanel page and tell me what it outputs:

echo $session_name . ' | ' . $session_id;

[sean14592]

This is how it goes:

 

Login.php

  Fail - Displays error!

  Success - Redirects to login_done.php

 

login_done.php

  There is a link saying "click here to go to your cpanel", if clicked this then redirects to ../owners/cpanel.php

 

 

Hope this helps.

Cheers

Sean Preston

 

[DarkWater]

Read my suggestion.

[sean14592]

I have done that and all I get is "| ".

 

Cheers

Sean Preston

 

 

When I print_r($_SESSION) on cpanel.php, yes it does come out blank with Array ( ) .

 

 

thanks again for your help, any more ideas?

 

Cheers

Sean Preston

 

Put this on the cpanel page and tell me what it outputs:

echo $session_name . ' | ' . $session_id;

[dptr1988]

Yes, that is the information I needed to see.

 

Is that link that says 'click here to go to your cpane' just a regular <a href="url"> < /a> type of link? Or is it something fancy?

[sean14592]

It is basically:

 

echo (" <h2><a href=\"../owners/cpanel.php\" class=\"style2\">Click Here To Access Your Control Panel!</a></h2>");

 

Yes, that is the information I needed to see.

 

Is that link that says 'click here to go to your cpane' just a regular <a href="url"> < /a> type of link? Or is it something fancy?

[dptr1988]

A normal link like that shoudn't cause any trouble, it must be something else. It was just a wild guess.

 

Are you absolutly postitivly certain that you havn't outputed any data before using the 'session_start()' on 'login.php' and 'login_done.php'?

 

 

[sean14592]

yep, here is the full code for all 3 pages:

 

/forms/login.php

http://rafb.net/p/vKFCXN79.html

 

forms/login_done.php

http://rafb.net/p/sRtPqH84.html

 

/owners/cpanel.php

http://rafb.net/p/5pLaFq68.html

 

Has anyone got msn or Xfire that I can speak to?

 

 

Hope this helps

cheers

Sean Preston

[dptr1988]

Well I'm stumped!

 

All of that code looks good!

 

The only thing I can think of is on line 44 of 'login.php' where you send out the location header. Most browsers want a full URL for this header rather then just a relative URL like you are using ( 'login_done.php' ).

 

Try changing the URL for the "Location: " header to a full URL ( 'http://www.your_domain/path/example.php' ).  This is just another wild guess, but it might be worth a try.