aebstract Posted January 19, 2009 Share Posted January 19, 2009 <?php session_start(); header("Cache-control: private"); if(isset($_SESSION["id"])) { header("Location: index.php?page=myaccount"); } if(isset($_POST['submit'])) { $result = mysql_query("SELECT id, active FROM p_users WHERE email=('$_POST[email1]') AND password=('".md5($_POST['password1'])."')") or die(mysql_error()); if (mysql_num_rows($result) == 0) { $error .= '<div id=\"full_content\">The email and password you entered did not match with our database. <br /></div>'; } else { $worked = mysql_fetch_array($result); if ($worked[active] == '0') { $content .= '<div id=\"full_content\">You have not confirmed your e-mail address <br /></div>'; } else { $_SESSION["id"] = $worked[id]; header("Location: index.php?page=myaccount"); } } } $content .= "<div id=\"full_content\"> <form action=\"index.php?page=login\" method=\"post\" name=\"login\"> <p>Login Form</p> $error <table class=\"registration_form\" cellpadding=\"2\" cellspacing=\"0\" align=\"center\"> <tr><td align=\"right\"> Email Address </td><td> <td width=20></td> <td> <input type=\"text\" size=\"20\" name=\"email1\" value=\"\" /> </td></tr> <tr><td align=\"right\"> Password </td><td> <td width=20></td> <td> <input type=\"password\" size=\"20\" name=\"password1\" value=\"\" /> </td></tr> <tr><td align=\"right\"> <br /> </td><td> <td width=20></td> <td> </td></tr> <tr><td align=\"right\"> </td><td> <td width=20></td> <td align=\"right\"> <input type=\"submit\" name=\"submit\" class=\"textfield\" value=\"Login\" /> </td></tr> </table> </div>"; ?> Okay, basically this isn't setting the session id and I'm not seeing why it isn't so hopefully someone could point out my error? Thanks. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 19, 2009 Share Posted January 19, 2009 is it displaying any one of the error messages? Quote Link to comment Share on other sites More sharing options...
revraz Posted January 19, 2009 Share Posted January 19, 2009 Verify your conditions, echo $worked[active] and check it $worked[id] and check it Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 19, 2009 Author Share Posted January 19, 2009 <?php session_start(); header("Cache-control: private"); if(isset($_SESSION["id"])) { header("Location: index.php?page=myaccount"); } if(isset($_POST['submit'])) { $result = mysql_query("SELECT id, active FROM p_users WHERE email=('$_POST[email1]') AND password=('".md5($_POST['password1'])."')") or die(mysql_error()); if (mysql_num_rows($result) == 0) { $error .= '<div id=\"full_content\">The email and password you entered did not match with our database. <br /></div>'; } else { $worked = mysql_fetch_array($result); if ($worked[active] == '0') { $content .= '<div id=\"full_content\">You have not confirmed your e-mail address <br /></div>'; } else { $_SESSION["id"] = $worked[id]; header("Location: index.php?page=myaccount"); } } } echo "$worked[active] $worked[id]"; $content .= "<div id=\"full_content\"> <form action=\"index.php?page=login\" method=\"post\" name=\"login\"> <p>Login Form</p> $error <table class=\"registration_form\" cellpadding=\"2\" cellspacing=\"0\" align=\"center\"> <tr><td align=\"right\"> Email Address </td><td> <td width=20></td> <td> <input type=\"text\" size=\"20\" name=\"email1\" value=\"\" /> </td></tr> <tr><td align=\"right\"> Password </td><td> <td width=20></td> <td> <input type=\"password\" size=\"20\" name=\"password1\" value=\"\" /> </td></tr> <tr><td align=\"right\"> <br /> </td><td> <td width=20></td> <td> </td></tr> <tr><td align=\"right\"> </td><td> <td width=20></td> <td align=\"right\"> <input type=\"submit\" name=\"submit\" class=\"textfield\" value=\"Login\" /> </td></tr> </table> </div>"; ?> You can see where I added the echo. It isn't echoing anything and I am receiving no errors. Also, I had it just send me to the myaccount.php page ONCE, after clicking home page it was back to not accessible and the login continued to fail. Quote Link to comment Share on other sites More sharing options...
Philip Posted January 19, 2009 Share Posted January 19, 2009 Make $worked[active] -> $worked['active'] and $worked[id] -> $worked['id'] Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 I tried that and it had no effect. Upon first entering email/password to login it took me to the myaccount page, which at the top of the page has: session_start(); header("Cache-control: private"); if(!isset($_SESSION["id"])) { header("Location: index.php?page=login"); } Once I left the page I could no longer access it. Session isn't setting for some reason. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 20, 2009 Share Posted January 20, 2009 Add the following two lines immediately after your first opening <?php tag - ini_set ("display_errors", "1"); error_reporting(E_ALL); Every header() redirect needs an exit; statement following it so that the remainder of the code on the page is not executed while the browser is requesting the target of the redirect. Is that all the code on the page, because there is no logic connecting to your database so the mysql statements will fail. There is also no logic in the posted code to echo any of your errors or content. Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 It echos out through the index.php page, which is also where the database gets its connection. I can post the index page if needed, let me know. Notice: A session had already been started - ignoring session_start() in /home/virtual/site21/fst/var/www/html/performance/login.php on line 4 Notice: Undefined variable: error in /home/virtual/site21/fst/var/www/html/performance/login.php on line 70 Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 I echo'd session_id(); and got this: vh2nmus51cpeuhbcomgnucbom3 My id in the database is 1 Quote Link to comment Share on other sites More sharing options...
redarrow Posted January 20, 2009 Share Posted January 20, 2009 where the code that generates the session id please. Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 It's been posted twice now, above.. login.php: <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); session_start(); header("Cache-control: private"); if(isset($_SESSION["id"])) { header("Location: index.php?page=myaccount"); exit; } if(!isset($_SESSION["id"])) { if(isset($_POST['submit'])) { $result = mysql_query("SELECT id, active FROM p_users WHERE email=('$_POST[email1]') AND password=('".md5($_POST['password1'])."')") or die(mysql_error()); if (mysql_num_rows($result) == 0) { $error .= '<div id=\"full_content\">The email and password you entered did not match with our database. <br /></div>'; } else { $worked = mysql_fetch_array($result); if ($worked['active'] == '0') { $content .= '<div id=\"full_content\">You have not confirmed your e-mail address <br /></div>'; } else { $_SESSION["id"] = $worked['id']; header("Location: index.php?page=myaccount"); exit; } } } } echo session_id(); $content .= "<div id=\"full_content\"> <form action=\"index.php?page=login\" method=\"post\" name=\"login\"> <p>Login Form</p> $error <table class=\"registration_form\" cellpadding=\"2\" cellspacing=\"0\" align=\"center\"> <tr><td align=\"right\"> Email Address </td><td> <td width=20></td> <td> <input type=\"text\" size=\"20\" name=\"email1\" value=\"\" /> </td></tr> <tr><td align=\"right\"> Password </td><td> <td width=20></td> <td> <input type=\"password\" size=\"20\" name=\"password1\" value=\"\" /> </td></tr> <tr><td align=\"right\"> <br /> </td><td> <td width=20></td> <td> </td></tr> <tr><td align=\"right\"> </td><td> <td width=20></td> <td align=\"right\"> <input type=\"submit\" name=\"submit\" class=\"textfield\" value=\"Login\" /> </td></tr> </table> </div>"; ?> index.php <?php session_start(); header("Cache-control: private"); mysql_connect("localhost","**","**") or die(mysql_error()); mysql_select_db("**"); $content = ''; if (isset($_GET['page'])) { $page = ($_GET['page']); } else { $page = "home"; } include "$page.php"; ?> <html> <head> <title>BPE - Performance Parts Store</title> <link href="stylesheet.css" rel="stylesheet" type="text/css" title="default" /> </head> <body> <div id="container"> <div id="container_left"> <img src="logo.jpg"> <br /><br /> <br /><br /> <div class="black_menu"><a href="/performance/">> Home Page</a></div> <div class="black_menu">> Home</div> <div class="black_menu">> Home</div> <div class="black_menu"> <?php if(isset($_SESSION["id"])) { ?> <a href="index.php?page=myaccount">> My Account</a> <?php } else { ?> <a href="index.php?page=login">> Login</a> <?php } ?> </div> <div class="black_menu">> Contact Us</div> <div class="cat_menu_title">CATEGORY</div> <?php $result = mysql_query("SELECT DISTINCT category FROM `p_products`") or DIE(mysql_error()); while($r = mysql_fetch_array($result)) { $id = $r['id']; $category = $r['category']; echo "<div class=\"cat_menu\"><a href=\"index.php?page=product_page&product_cat=$category\">$category</a></div>"; } ?> </div> <div id="container_right"> <div id="user_box"> <?php if(isset($_SESSION["id"])) { ?> <?php } else { ?> <div id="outsidelogin">Not a member? <a href="index.php?page=register">Register Now!</a> | sign in box >>></div> <div id="loginbox"> <table class=\"login_form\" cellpadding=\"2\" cellspacing=\"0\"> <tr><td> Email </td><td>box</td></tr> <tr><td> Password </td><td>box</td></tr> <tr><td> </td><td>login</td></tr> </table> </div> <?php } ?> </div> <div class="spacer"></div> <div id="featured_product"><img src="featured.jpg" /></div> <div class="spacer"></div> <div id="cat_box"> HOME > ETC</div> <div class="spacer"></div> <div id="product_container"> <?php echo "$content"; ?> </div> </div> <div style="clear:both;"></div> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
revraz Posted January 20, 2009 Share Posted January 20, 2009 For your undefined error, you can fix it by doing if(isset($_POST['submit'])) { $error = ""; But there is nothing starting your session before line 4 of login.php, so either that is not the current code or you are not showing us something. Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 That is everything, I just threw in a if(isset($logout)) { unset ($_SESSION); session_destroy(); header("Location: index.php"); exit; } into the index.php, now making it: <?php session_start(); header("Cache-control: private"); mysql_connect("localhost","berryequipment","gU8Kso8Y") or die(mysql_error()); mysql_select_db("berryequipment_net_db"); $content = ''; if(isset($logout)) { unset ($_SESSION); session_destroy(); header("Location: index.php"); exit; } if (isset($_GET['page'])) { $page = ($_GET['page']); } else { $page = "home"; } include "$page.php"; ?> <html> <head> <title>BPE - Performance Parts Store</title> <link href="stylesheet.css" rel="stylesheet" type="text/css" title="default" /> </head> <body> <div id="container"> <div id="container_left"> <img src="logo.jpg"> <br /><br /> <br /><br /> <div class="black_menu"><a href="/performance/">> Home Page</a></div> <div class="black_menu">> Home</div> <div class="black_menu">> Home</div> <div class="black_menu"> <?php if(isset($_SESSION["id"])) { ?> <a href="index.php?page=myaccount">> My Account</a> <?php } else { ?> <a href="index.php?page=login">> Login</a> <?php } ?> </div> <div class="black_menu">> Contact Us</div> <div class="cat_menu_title">CATEGORY</div> <?php $result = mysql_query("SELECT DISTINCT category FROM `p_products`") or DIE(mysql_error()); while($r = mysql_fetch_array($result)) { $id = $r['id']; $category = $r['category']; echo "<div class=\"cat_menu\"><a href=\"index.php?page=product_page&product_cat=$category\">$category</a></div>"; } ?> </div> <div id="container_right"> <div id="user_box"> <?php if(isset($_SESSION["id"])) { ?> <?php } else { ?> <div id="outsidelogin">Not a member? <a href="index.php?page=register">Register Now!</a> | sign in box >>></div> <div id="loginbox"> <table class=\"login_form\" cellpadding=\"2\" cellspacing=\"0\"> <tr><td> Email </td><td>box</td></tr> <tr><td> Password </td><td>box</td></tr> <tr><td> </td><td>login</td></tr> </table> </div> <?php } ?> </div> <div class="spacer"></div> <div id="featured_product"><img src="featured.jpg" /></div> <div class="spacer"></div> <div id="cat_box"> HOME > ETC</div> <div class="spacer"></div> <div id="product_container"> <?php echo "$content"; ?> </div> </div> <div style="clear:both;"></div> </div> </body> </html> Which I went to index.php?logout and it redirected me to index.php, I went back to login.php and it still showed that session_id. index.php includes login.php and that's all that should be used, I'm not leaving anything out :/ edit: Fixed the variable error, still stuck with this error and this session_id being echo'd: Notice: A session had already been started - ignoring session_start() in /home/virtual/site21/fst/var/www/html/performance/login.php on line 4 vh2nmus51cpeuhbcomgnucbom3 edit 2: That little logout bit isn't doing anything to that session_id, it's remaining the same. I've always used that bit of code as a logout so I don't know? and edit 3: Notice: Undefined index: id in /home/virtual/site21/fst/var/www/html/performance/index.php on line 81 Found this hidden in the side, was unaware it was on the page until I just noticed it. Quote Link to comment Share on other sites More sharing options...
revraz Posted January 20, 2009 Share Posted January 20, 2009 You destroy will never fire since if(isset($logout)) is not set. Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 How come it is following through and redirecting me then? Quote Link to comment Share on other sites More sharing options...
revraz Posted January 20, 2009 Share Posted January 20, 2009 How can you tell it is, you are directing it back to the same page you are on. Replace the Header with a Echo $logout and test it. If it is in fact being set, then you have register globals on? Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 I know for a fact that it is redirecting me because when I put index.php?logout it sends me to index.php, removing the rest. It wouldn't do that without a redirect. Also, for shits n giggles I changed it to if($_GET['logout'] == 1) and went to index.php?logout=1 and got redirected, logout=3 and nothing. So it's running through those lines fine. if(isset($logout)) { unset ($_SESSION); session_destroy(); echo "$logout"; } Nothing gets echo'd.. though I could care less cause A: this isn't solving the problem either way, and B: there is no way it could get to the redirect if it wasn't firing off, and there's no way that ?logout would be removed from the url if it wasn't redirecting. Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 ^^ ^^ Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 Okay I took the if statement out to be 100% it's getting destroyed, after destroying it (nothing get's echo'd on the main index page) and going to login.php a session is being created instantly. Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 This may help some, on my index.php page alone, not going to my login page. <?php session_start(); header("Cache-control: private"); mysql_connect("localhost","berryequipment","gU8Kso8Y") or die(mysql_error()); mysql_select_db("berryequipment_net_db"); $content = ''; echo session_id(); unset ($_SESSION); session_destroy(); echo session_id(); if (isset($_GET['page'])) { $page = ($_GET['page']); } else { $page = "home"; } include "$page.php"; ?> <html> <head> <title>BPE - Performance Parts Store</title> <link href="stylesheet.css" rel="stylesheet" type="text/css" title="default" /> </head> <body> <div id="container"> <div id="container_left"> <img src="logo.jpg"> <br /><br /> <br /><br /> <div class="black_menu"><a href="/performance/">> Home Page</a></div> <div class="black_menu">> Home</div> <div class="black_menu">> Home</div> <div class="black_menu"> <?php if(isset($_SESSION["id"])) { ?> <a href="index.php?page=myaccount">> My Account</a> <?php } else { ?> <a href="index.php?page=login">> Login</a> <?php } ?> </div> <div class="black_menu">> Contact Us</div> <div class="cat_menu_title">CATEGORY</div> <?php $result = mysql_query("SELECT DISTINCT category FROM `p_products`") or DIE(mysql_error()); while($r = mysql_fetch_array($result)) { $id = $r['id']; $category = $r['category']; echo "<div class=\"cat_menu\"><a href=\"index.php?page=product_page&product_cat=$category\">$category</a></div>"; } ?> </div> <div id="container_right"> <div id="user_box"> <?php if(isset($_SESSION["id"])) { ?> <?php } else { ?> <div id="outsidelogin">Not a member? <a href="index.php?page=register">Register Now!</a> | sign in box >>></div> <div id="loginbox"> <table class=\"login_form\" cellpadding=\"2\" cellspacing=\"0\"> <tr><td> Email </td><td>box</td></tr> <tr><td> Password </td><td>box</td></tr> <tr><td> </td><td>login</td></tr> </table> </div> <?php } ?> </div> <div class="spacer"></div> <div id="featured_product"><img src="featured.jpg" /></div> <div class="spacer"></div> <div id="cat_box"> HOME > ETC</div> <div class="spacer"></div> <div id="product_container"> <?php echo "$content"; ?> </div> </div> <div style="clear:both;"></div> </div> </body> </html> I put this [code] echo session_id(); unset ($_SESSION); session_destroy(); echo session_id(); This echos vh2nmus51cpeuhbcomgnucbom3 every time I refresh the page, only once not both times. Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 I am still trying to find the solution to this, does anyone have any ideas? Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 Okay I've narrowed it down. It is something in this: <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); header("Cache-control: private"); if(isset($_SESSION["id"])) { header("Location: index.php?page=myaccount"); exit; } $error = ""; if(!isset($_SESSION["id"])) { if(isset($_POST['submit'])) { $result = mysql_query("SELECT id, active FROM p_users WHERE email=('$_POST[email1]') AND password=('".md5($_POST['password1'])."')") or die(mysql_error()); if (mysql_num_rows($result) == 0) { $error .= '<div id=\"full_content\">The email and password you entered did not match with our database. <br /></div>'; } else { $worked = mysql_fetch_array($result); if ($worked['active'] == '0') { $content .= '<div id=\"full_content\">You have not confirmed your e-mail address <br /></div>'; } else { $_SESSION["id"] = $worked['id']; header("Location: index.php?page=myaccount"); exit; } } } } I echo the session_id just after this and it's there. Though if I kill the session with unset ($_SESSION); session_destroy(); just before the echo, nothing displays. If I don't do it then I get: vh2nmus51cpeuhbcomgnucbom3 Quote Link to comment Share on other sites More sharing options...
aebstract Posted January 20, 2009 Author Share Posted January 20, 2009 Something else I just found, if I keep that session killer on my login form, everything works perfect. Though, I shouldn't have to do that.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.