dxdolar Posted August 1, 2008 Share Posted August 1, 2008 I wrote a log-in function according to a reference book, with changes just to be appropriate for my site, but I can't seem to access the values of my $_SESSION superglobal array. I can't see what I'm doing wrong. I've been pounding my head over it for hours. I get the concepts but don't see where it's not applying. Here are my 2 pages, the full pages (with a few url for anonymity ) <?php // login.php // Start output buffering: ob_start(); // Initialize a session: session_start(); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title><?php echo $page_title; ?></title> </head> <body> <div id="Header"><?php echo $page_title; ?></div> <div id="Content"> <?php require_once ('ncludes/config.inc.php'); $page_title = 'Login'; if (isset($_POST['submitted'])) { require_once ('../dbc.php'); //database connection if (!empty($_POST['email'])) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $e = FALSE; echo '<p class="error">You forgot to enter your email address!</p>'; } // Validate the email address: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $p = FALSE; echo '<p class="error">You forgot to enter your password!</p>'; } // Validate the password: if ($e && $p) { // If everything's OK. $q = "SELECT id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p'))"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); // Query the database: if (mysqli_num_rows($r) == 1) { // A match was made. $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); // Set values to the session & redirect: mysqli_free_result($r); mysqli_close($dbc); $url = 'http://www.mysite.com/index.php'; // Define the URL: ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of SUBMIT conditional. ?> <h1>Login</h1> <form action="http://longhere.com/login.php" method="post"> <fieldset> <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <div id="Menu"> <a href="index.php" title="Home Page">Home</a><br /> <?php //this code shows a menu that's supposed to change links depending on whether or not the user is logged in if (isset($_SESSION['id'])) { echo '<a href="logout.php" title="Logout">Logout</a><br /> <a href="change_password.php" title="Change Your Password">Change Password</a><br />'; } else { // Not logged in. echo '<a href="register.php" title="Register for the Site">Register</a><br /> <a href="login.php" title="Login">Login</a><br /> <a href="forgot_password.php" title="Password Retrieval">Retrieve Password</a><br />'; } ?> </div> </body> </html> <?php // Flush the buffered output. ob_end_flush(); ?> I checked the SQL query, it pulls up the right bits of information. And when I get redirected to my index, it doesn't keep any of that information stored as as a Session. Here's my index page that I'm redirecting to <?php // Start output buffering: ob_start(); // Initialize a session: session_start(); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title><?php echo $page_title; ?></title> </head> <body> <div id="Header"><?php echo $page_title; ?></div> <div id="Content"> <?php // Include the configuration file: require_once ('includes/config.inc.php'); // Set the page title $page_title = 'Welcome to this Site!'; // Welcome the user (by name if they are logged in): echo '<h1>Hello'; if (isset($_SESSION['first_name'])) { echo ", {$_SESSION['first_name']}!"; } echo '</h1>'; ?> <p>TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST .</p> <p>TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST .</p> </div> <div id="Menu"> <a href="index.php" title="Home Page">Home</a><br /> <?php # Script 16.2 - footer.html // This page completes the HTML template. // Display links based upon the login status: if (isset($_SESSION['id'])) { echo '<a href="logout.php" title="Logout">Logout</a><br /> <a href="change_password.php" title="Change Your Password">Change Password</a><br /> '; } else { // Not logged in. echo '<a href="register.php" title="Register for the Site">Register</a><br /> <a href="login.php" title="Login">Login</a><br /> <a href="forgot_password.php" title="Password Retrieval">Retrieve Password</a><br /> '; } ?> </div> </body> </html> <?php // Flush the buffered output. ob_end_flush(); ?> The only thing I can see is that maybe I'm applying the variables to my $_SESSION wrong? Even though I'm following the example from my book. Also, my browser accepts all cookies, and I tried it in another browser as well, so I know it's not my security settings. Any help would be appreciated! thanks! Quote Link to comment Share on other sites More sharing options...
deansatch Posted August 1, 2008 Share Posted August 1, 2008 Before I read all your code, should the require_once url not be "includes" rather than "ncludes"? Quote Link to comment Share on other sites More sharing options...
Rottingham Posted August 1, 2008 Share Posted August 1, 2008 You need to use session_name('yoursessionname'); as well or session_start() has no idea what session to start... Use code like this at the top of every page: session_name("login"); session_start(); Quote Link to comment Share on other sites More sharing options...
deansatch Posted August 1, 2008 Share Posted August 1, 2008 you shouldn't have to name the session unless you want to run more than one at a time on the same domain. However, make sure you aren't starting a session on http then on logging in, redirecting to https as this will be a completely different session because it is a different domain. Quote Link to comment Share on other sites More sharing options...
dxdolar Posted August 1, 2008 Author Share Posted August 1, 2008 So i guess my $_SESSION values are storing. But for some reason when I redirect to the index page it doesn't display any of my $_SESSION dependent content BUT here's the thing that boggles my mind. if i go to my retrieve password page (function), and I click the submit button, EVEN if no queries are ran, just by the fact that I hit the submit button on ANOTHER page, the links all update with $_SESSION specific content... :eek:::mad: this is completely beyond me. To the prior posters, I'll see if session_name affects anything, I have to be more clear about that concept before I implement it, and it's all on the same domain. Oh yeah the ncludes is just a typo for the anonymity thing, it's correct on the actual code. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 1, 2008 Share Posted August 1, 2008 The following line in the first piece of code unconditionally overwrites any existing $_SESSION variables with whatever is fetched from the database - $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); // Set values to the session & redirect: If you have existing session variables from a previous page they won't be set after that line of code is executed. I recommend specifically setting named session variables using a list() statement instead of overwriting all existing session variables. Add the following two lines immediately after your first opening <?php tag on both pages - ini_set ("display_errors", "1"); error_reporting(E_ALL); Quote Link to comment Share on other sites More sharing options...
dxdolar Posted August 1, 2008 Author Share Posted August 1, 2008 I didn't get what you said early about HTTP's but now I do! thank you for bringing that to light it works now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.