Sessions help.

[str8thug843]

Hello, let me start off by saying I dont know anything about sessions, I am trying to create a simple login system for users.

 

This is at the very top of my index

<?php
session_start();
$_SESSION['username'];
........

 

and I have this in my login.php

<?php
      if ($_SESSION[‘logged’] == 1) { // User is already logged in.
              header("Location: index.php"); // Goes to main page.
              exit(); // Stops the rest of the script.
      } else {
              if (!isset($_POST[’submit’])) { // The form has not been submitted.
                      echo "<form action=\"index.php?file=login\" method=\"POST\">";
                      echo "<table>";
                      echo "<tr>";
                      echo "<td colspan=\"2\">Login:</td>";
                      echo "</tr>";
                      echo "<tr>";
                      echo "<td width=\"50%\">Username:</td><td width=\"50%\"><input name=\"username\" size=\"18\" type=\"text\" />";
                      echo "</tr>";
                      echo "<tr>";
                      echo "<td width=\"50%\">Password:</td><td width=\"50%\"><input name=\"password\" size=\"18\" type=\"text\" />";
                      echo "</tr>";
                      echo "<tr>";
                      echo "<td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"submit\"</td>";
                      echo "</tr>";
                      echo "</table>";
                      echo "</form>";
              } else {
                      $username = form($_POST[‘username’]);
                      $password = md5($_POST[‘password’]); // Encrypts the password.
                      $q = mysql_query("SELECT * FROM `users` WHERE username = ‘$username’ AND password = ‘$password’") or die (mysql_error()); // mySQL query
                      $r = mysql_num_rows($q); // Checks to see if anything is in the db.
                      if ($r == 1) { // There is something in the db. The username/password match up.
                              $_SESSION[‘logged’] = 1; // Sets the session.
                              header("Location: index.php"); // Goes to main page.
                              exit(); // Stops the rest of the script.
                      } else { // Invalid username/password.
                              exit("Incorrect username/password!"); // Stops the script with an error message.
                      }
              }
      }
?>

 

when i attempt to login, all it does is refresh the page. I have been going at this for over a week now, seems to be doing my head in, can you tell me if im missing something or what I need to do please. Thanks 

[peranha]

session_start();

 

That has to be at the top of every page where you are using sessions.  Put it in the login.php page and try that.

[str8thug843]

its at the very top of my index page, witch i am calling my other files with includes like so

 

$page = $_GET['file'];
if (($page == "news") or ($page =="")) {
include('news.php');
} else if($page == "tutorials") {
include('tutorials.php');
} else if($page == "downloads") {
include('downloads.php');
} else if($page == "contact") {
include('contact.php');
} else if($page == "links") {
include('links.php');
} else if($page == "shoutbox") {
include('shoutbox.php');
} else if($page == "portfolio") {
include('portfolio.php');
} else if($page == "register") {
include('register.php');
} else if($page == "login") {
include('login.php');
} else {
echo"Page not found.";
}

[revraz]

He said the top of your LOGIN page, not INDEX page.

[str8thug843]

i did put it there and it still refreshs the page  ???

[revraz]

Let's see the rest of your index page and the new login page.

 

If you have never uses sessions before, it's possible the session save path may also be incorrect in your php.ini file.

[sKunKbad]

It's hard to say what is wrong without seeing the login form, and the rest of your code

[trq]

The first thing I notice is your using some sort of special quotes. These $_SESSION[‘logged’] ought be $_SESSION['logged'].

 

Next, you say you have this....

 

session_start();
$_SESSION['username'];

 

at the top of your index.php page. What exactly do you expect that to do? It doesn't actually do anything.

[str8thug843]

ok sorry about that here is my index

<?php
session_start();
$_SESSION['username'];
include("config.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>mysite.com</title>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="wrapper">
<div id="header">
<a class="headnav" href="index.php?file=links"><b>Links</b></a><a class="headnav" href="index.php?file=contact"><b>Contact</b></a><a class="headnav" href="index.php?file=downloads"><b>Downloads</b></a><a class="headnav" href="index.php"><b>Home</b></a>
<div id="logo"></div>
</div>
<div class="imgmiddle"></div>
<div id="bar">
<center><script type="text/javascript"><!--
google_ad_client = "pub-5808069362827247";
google_ad_slot = "1735036913";
google_ad_width = 468;
google_ad_height = 60;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script></center>
</div>
<div class="imgmiddle"></div>
<div id="container">
<div id="left">
<img src="images/navigation.gif" width="150" height="21" alt="Navigation" />
<ul id="nav">
<li><a href="index.php">Home</a></li>
<li><a href="index.php?file=forums">Forums</a></li>
<li><a href="index.php?file=downloads">Downloads</a></li>
<li><a href="index.php?file=links">Links</a></li>
<li><a href="index.php?file=contact">Contact</a></li>
<li><a href="index.php?file=portfolio">Portfolio</a></li>
<li><a href="index.php?file=tutorials">Tutorials</a></li>
<li><a href="index.php?file=statistics">Statistics</a></li>
<li><a href="index.php?file=shoutbox">Shoutbox</a></li>
</ul><br />
<img src="images/statistics.gif" width="150" height="21" alt="Statistics" /><br />
<?php
include("stats.php");
?><br />
<img src="images/advertisment.gif" width="150" height="21" alt="Advertisment" />
<script type="text/javascript"><!--
google_ad_client = "pub-5808069362827247";
google_ad_slot = "7181496776";
google_ad_width = 120;
google_ad_height = 240;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
</div>
<?php
$page = $_GET['file'];
if (($page == "news") or ($page =="")) {
include('news.php');
} else if($page == "tutorials") {
include('tutorials.php');
} else if($page == "downloads") {
include('downloads.php');
} else if($page == "contact") {
include('contact.php');
} else if($page == "links") {
include('links.php');
} else if($page == "shoutbox") {
include('shoutbox.php');
} else if($page == "portfolio") {
include('portfolio.php');
} else if($page == "register") {
include('register.php');
} else if($page == "login") {
include('login.php');
} else {
echo"Page not found.";
}
?>
<div id="right"></div>
<div class="clearer"></div>
</div>
<div id="footer">
<div class="imgmiddle"></div>
<p>Copyright © 2007-2008. All rights reserved.<br />
<a href="http://validator.w3.org/check?uri=referer"><img style="border:0;width:80px;height:15px" src="images/xhtml1.0.gif" alt="Valid XHTML 1.0 Strict" /></a>
<a href="http://jigsaw.w3.org/css-validator/"><img style="border:0;width:80px;height:15px" src="images/css.gif" alt="Valid CSS!" /></a>
</p>
<div class="imgbottom"></div>
</div>
</div>
</body>
</html>

 

and here is my login

<?php
session_start();
     if ($_SESSION[‘logged’] == 1) { // User is already logged in.
             header("Location: index.php"); // Goes to main page.
             exit(); // Stops the rest of the script.
     } else {
             if (!isset($_POST[’submit’])) { // The form has not been submitted.
                     echo "<form action=\"index.php?file=login\" method=\"POST\">";
                     echo "<table>";
                     echo "<tr>";
                     echo "<td colspan=\"2\">Login:</td>";
                     echo "</tr>";
                     echo "<tr>";
                     echo "<td width=\"50%\">Username:</td><td width=\"50%\"><input name=\"username\" size=\"18\" type=\"text\" />";
                     echo "</tr>";
                     echo "<tr>";
                     echo "<td width=\"50%\">Password:</td><td width=\"50%\"><input name=\"password\" size=\"18\" type=\"text\" />";
                     echo "</tr>";
                     echo "<tr>";
                     echo "<td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"submit\"</td>";
                     echo "</tr>";
                     echo "</table>";
                     echo "</form>";
             } else {
                     $username = form($_POST[‘username’]);
                     $password = md5($_POST[‘password’]); // Encrypts the password.
                     $q = mysql_query("SELECT * FROM `users` WHERE username = ‘$username’ AND password = ‘$password’") or die (mysql_error()); // mySQL query
                     $r = mysql_num_rows($q); // Checks to see if anything is in the db.
                     if ($r == 1) { // There is something in the db. The username/password match up.
                             $_SESSION[‘logged’] = 1; // Sets the session.
                             header("Location: index.php"); // Goes to main page.
                             exit(); // Stops the rest of the script.
                     } else { // Invalid username/password.
                             exit("Incorrect username/password!"); // Stops the script with an error message.
                     }
             }
     }
?>

[str8thug843]

The first thing I notice is your using some sort of special quotes. These $_SESSION[‘logged’] ought be $_SESSION['logged'].

 

Next, you say you have this....

 

session_start();
$_SESSION['username'];

 

at the top of your index.php page. What exactly do you expect that to do? It doesn't actually do anything.

 

as i said, i dont know anything about sessions. so i have been searching around on pixel2life, good-tutorials and now i ended up here,

[trq]

Sorry but none of that answers my question or fixes the problems I pointed out.

[revraz]

He was referring to your Quotes though, that has nothing to do with sessions.  Use standard single ' quotes and " double quotes.

 

With that said, you also just have a plain line

 

$_SESSION['username'];

 

which does nothing.  This again has nothing to do with sessions itself, it has to do with setting variables.  Did you mean to do something like

 

IF ($_SESSION['username']) which means you're checking to see if it's set?

 

[str8thug843]

Sorry but none of that answers my question or fixes the problems I pointed out.

 

lol my bad, i pasted the wrong part. it was suppose to be for the others that replyed before that asked for my index. i seen what you was talking about and corrected the problem. and now when i try to login i get this

 

Warning: Cannot modify header information - headers already sent by (output started at /home/blizz/public_html/config.php:10) in /home/blizz/public_html/login.php on line 3

 

He was referring to your Quotes though, that has nothing to do with sessions.  Use standard single ' quotes and " double quotes.

 

With that said, you also just have a plain line

 

$_SESSION['username'];

 

which does nothing.  This again has nothing to do with sessions itself, it has to do with setting variables.  Did you mean to do something like

 

IF ($_SESSION['username']) which means you're checking to see if it's set?

 

yes i have took that out also

[peranha]

Take the session_start();  out of you login page, I didnt know that you were including it in the index page on your first post, and try it again.  Also paste you config file if that does work, you are outputing data to the browser in that file, so you will get this error.

[str8thug843]

ok i took the sessions start out of the login along with the

 

              header("Location: index.php"); // Goes to main page.

              exit(); // Stops the rest of the script.

 

the error seems to of went away and now have a blank page when i try to view the login page, so im guessing it worked? this was after input my login info

[Galaxy_Stranger]

To be clear, session states themselves aren't any part of PHP.  You're constructing your own states based on PHP session variables.  That made things a little unclear to me when I first started using session states.  So, you're basically running scripts based on variable values.

 

The first thing I see wrong is the instantiation of your variable:

<?php
session_start();
$_SESSION['username'];
...

 

Session variables should be instantiated like so:

	session_register('loggedIn') ;
session_register('currentUser') ;

 

Then, you can "initialize" them later:

          $_SESSION['username']= <desired_value> ;

 

See if that helps.

[revraz]

You should no longer use session_register, and especially not if you use session_start.

[marcus]

Why register a session variable and not use it when you need to.

 

# just stick with
session_start();
$_SESSION['username'] = "marcus";

[Galaxy_Stranger]

You should no longer use session_register, and especially not if you use session_start.

 

I assume it's a security problem?  Did this change w/ PHP 5?  I started using a book using PHP 4 and I never cought that.  Time to do some more homework...

 

 

[BioBob]

Nope.  header() breaks sessions.  DO NOT USE header() to redirect session detection on login scripts.  Use meta refresh instead.

 

<?php
session_start();
if($_SESSION['loggedIn'])  {
  header('Location: www.aasdf.com');
  }

 

BAD!!!

 

<?php
ob_start();
session_start();
if($_SESSION['loggedIn'])  {
  $session_id = session_id();
  header('Location: www.aasdf.com/page.php?phpsessionid=$session_id');
  }

ob_ ... stuff to wrap up your output buffering handling...

 

That works, but kind of a pain, plus theres some security stuff with putting your session id in your url.  One of the reasons its not on by default.  Instead try using META REFRESH TAGS

 

<?php
session_start();
if($_SESSION['loggedIn'])  {
  echo "<meta http-equiv=\"refresh\" content=\"2;url=http://www.mysite.com/usersonly.php\">";
  }

[str8thug843]

how would i display the username, i tryed using $username. it shows mine. but when another user logs in with there info. it will show my username on there side also.

[DarkWater]

Nope.  header() breaks sessions.  DO NOT USE header() to redirect session detection on login scripts.  Use meta refresh instead.

 

<?php
session_start();
if($_SESSION['loggedIn'])  {
  header('Location: www.aasdf.com');
  }

 

BAD!!!

 

<?php
ob_start();
session_start();
if($_SESSION['loggedIn'])  {
  $session_id = session_id();
  header('Location: www.aasdf.com/page.php?phpsessionid=$session_id');
  }

ob_ ... stuff to wrap up your output buffering handling...

 

That works, but kind of a pain, plus theres some security stuff with putting your session id in your url.  One of the reasons its not on by default.  Instead try using META REFRESH TAGS

 

<?php
session_start();
if($_SESSION['loggedIn'])  {
  echo "<meta http-equiv=\"refresh\" content=\"2;url=http://www.mysite.com/usersonly.php\">";
  }

 

Umm....what?  Headers do not break sessions.  What exactly are you talking about?

[str8thug843]

how would i display the username, i tryed using $username. it shows mine. but when another user logs in with there info. it will show my username on there side also.

 

no one??

[revraz]

try echoing  $_SESSION['username']