[SOLVED] session help

[ngreenwood6]

I am trying to register my sessions with all the user data. Right now it is only registering their username and password because that is all that is required to login. However, in the database their firstname, lastname, and email are all stored. I can echo anywhere in my pages this:

 

echo $_SESSION['myusername'];

 

This will show their username. I want to be able to show their first and lastname but it is not registered because it is not part of the login. My check login page is:

 

<?php

$host="localhost"; // Host name 

$username="root"; // Mysql username 

$password=""; // Mysql password 

$db_name="login"; // Database name 

$tbl_name="members"; // Table name 



// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 

mysql_select_db("$db_name")or die("cannot select DB");


// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// encrypt password 
$encrypted_mypassword=md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$myusername = mysql_real_escape_string($myusername);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_register("myusername");
session_register("mypassword"); 


header("Location:logged_in.php");

}

else {

header("Location:error.php");

}

?>

 

Can anyone help? Any help is appreciated, if you need any additional info please ask.

[The Little Guy]

Change this:

 

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_register("myusername");
session_register("mypassword"); 


header("Location:logged_in.php");

}

 

To this:

 

if($count==1){
$row = mysql_fetch_array($result);
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION["username"] = $myusername; 
$_SESSION["first"] = $row['first']; 
$_SESSION["last"] = $row['last'];
// Place other sessions from the DB here
$_SESSION["logged"] = TRUE;  


header("Location:logged_in.php");
exit;
}

[ngreenwood6]

Now it won't let me log in. It takes me to the not logged in page.

[The Little Guy]

what is in your logged_in.php file.

[ngreenwood6]

This starts the session on each page.

<? 

session_start();

if(!session_is_registered(myusername)){

header("location:login.php");

}

?>

 

and this echo's in the page where I want it displayed

 

<?php
if(session_is_registered('myusername'))
{
echo "You are logged in as ";
echo $_SESSION['myusername'];
echo "!".'<br />';
echo "<a href='logout.php'>Click here</a> to log out!";

}
else
{ 		
?>

 

 

The original code I showed you was the page that allows the user to login.  The login form gets sent to that page.

[JonnyThunder]

Also make sure that your browser isn't caching the results of your login.  I've run into that problem before and it makes testing sessions kindof tricky!

[The Little Guy]

With my code, change this:

 

session_start();

if(!session_is_registered(myusername)){

header("location:login.php");

}

 

To This:

 

session_start();
if(!$_SESSION['logged']){
     header("location: login.php);
     exit;
}

[ngreenwood6]

Thanks that worked perfectly. I appreciate the help.

[The Little Guy]

I do also recommend strengthening your query.

 

To do so, do this:

 

$query= srpintf("SELECT * FROM $tbl_name WHERE username='%s' and password='%s'",mysql_real_escape_string($myusername),mysql_real_escape_string($encrypted_mypassword));
$sql = mysql_query($query);
$result=mysql_query($sql);