Tandem Posted May 10, 2008 Share Posted May 10, 2008 Hey guys, It's been a while since I got off my butt and wrote some php so i'm a bit rusty. I'm writing a login script. At first it appears to work fine, if you put in the right username/pw then you get up a little admin panel. But when I click any of the links for my admin-only pages, I get logged out right away. Each of the admin-only pages has a little included script which checks to make sure I have a session going, and taking me back to the login page if I haven't. So basically my problem is that my sessions appear to be only lasting for one page load, and I want them to last long enough to at least view another page Here's the login script: <?php include 'db.php'; if ((isset($_POST['submit'])) && (!isset($_SESSION['username']))) { //if form is submitted and you aren't already logged in if (ctype_alnum($_POST['username'])) { //check the username is alphanumeric $_POST['password'] = md5($_POST['password']); //convert the password to an md5 hash $query = mysql_query("select username from login where username='$_POST[username]' and password='$_POST[password]'"); if (mysql_num_rows($query)>0) { session_start(); $_SESSION['username'] = mysql_result($query, 0); } else { $success = false; } } else { $success = false; } } include 'top.php'; if ((isset($_POST['submit'])) && (isset($success))) { echo '<div id="error">Wrong Username/Password.</div>'; } ?> <div id="tcontent"></div> <div id="content"> <?php if (!isset($_SESSION['username'])) { ?> <form action="login.php" method="POST"> <center> Username: <input type="text" name="username" /><br /> Password: <input type = "password" name="password" /><br /> <input type="submit" name="submit" value="Submit!" /> </center> </form> <?php } else { include 'adminlinks.php'; } ?> </div> <div id="bcontent"></div> <?php include 'bottom.php'; ?> and the session check in case i've made an embarrassingly obvious mistake that only I can't see, is: <?php if (!isset($_SESSION['username'])) { header("Location: login.php"); //back to the login page } ?> Also in case it helps, my hard drive died not too long ago taking with it my apache/php installation, and this new installation is relatively untouched so i may need to mess with the conifgurations if it's not the code. Thanks guys. Quote Link to comment Share on other sites More sharing options...
peranha Posted May 10, 2008 Share Posted May 10, 2008 you need session_start() at the top of every page that you are checking sessions on. <?php session_start(); if (!isset($_SESSION['username'])) { header("Location: login.php"); //back to the login page } ?> Quote Link to comment Share on other sites More sharing options...
Tandem Posted May 10, 2008 Author Share Posted May 10, 2008 Thanks man. I've just read through 3 tutorials that are all entirely wrong then Much appreciated. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 10, 2008 Share Posted May 10, 2008 Some tutorials are absolutely horrible, and some are completely amazing. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.