Bopo Posted March 21, 2009 Share Posted March 21, 2009 Hi I'm not too sure why this isn't working however I am using sessions for logging into an admin section of a website, below is the coding of the Login script: <?php session_start(); if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; include("../createadmin/adminconnect.php"); $sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql, $connection); if(mysql_num_rows($result)) { $_SESSION['loggedin'] = 1; header('Location: http://www.website.com/scripts/admin/admin.php'); exit();} else { header('Location: http://www.website.com/scripts/admin/login.php?error1'); exit();} // if(!$result){die(mysql_error();} } ?> Now behind the admin page, I have the following code to validate whether the user is logged in, and if they are not, re-direct them. <?php session_start(); if(!isset($_SESSION['loggedin'])) { header('Location: http://www.website.com/'); exit(); } ?> The problem is, even when I do login I get re-directed, and can't figure out why, help appreciated. Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/ Share on other sites More sharing options...
jackpf Posted March 21, 2009 Share Posted March 21, 2009 Ahh well...first of all, I notice that you're checking if the form has been submitted by using if(isset($_POST['submit'])) which I assume is the submit button. The only problem with this is that if you don't actually click the submit button, ie you just press enter, it is ignored. So yeah, are you sure the form is actually being submitted? And also, maybe try simply echoing the contents of your sessions, to see if they are actually set or not...? Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-789973 Share on other sites More sharing options...
bluejay002 Posted March 21, 2009 Share Posted March 21, 2009 Also... you may also to alternatively check if the username and password fields has been set and are not empty. If okay, then you can do the session handling thing. Also, you might want to do some trimming and escaping to be safer from injection. <-- though out of topic. ^^ Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-789986 Share on other sites More sharing options...
Malevolence Posted March 21, 2009 Share Posted March 21, 2009 if(mysql_num_rows($result)) { invalid if statement. You'll need to put something like: if(mysql_num_rows($result) == 1) { or if(mysql_num_rows($result) === 1) { And as for the query, it's good practise to use the backticks for table names e.g. `colours` or whatever. You'll also want to use LIMIT 1 at the end of the query- also good practise seeing as you only want one row. In your form (like jackpf said) name the form itself and then use that to check if the form was submitted (includes enter & submit button) Finally like bluejay said, you'll want to trim and escape that query & variables for safety purposes. Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-789994 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Hi Thanks for the advice eveyone, I have put a few of those suggestions into practice, however it is still not working, I decided to echo the session 'loggedin' on the admin page, and nothing is returned, therefore it looks like theirs a problem with them, but I haven't been able to figure it out yet Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790029 Share on other sites More sharing options...
MasterACE14 Posted March 21, 2009 Share Posted March 21, 2009 what's your latest code? Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790045 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 <?php session_start(); if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; include("../createadmin/adminconnect.php"); $sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql, $connection); if(mysql_num_rows($result) == 1 ) { $_SESSION['loggedin'] = 1; header('Location: http://www.website.com/scripts/admin/admin.php'); exit();} else { header('Location: http://www.website.com/scripts/admin/login.php?error1'); exit();} // if(!$result){die(mysql_error();} } ?> And <?php session_start(); // echo "$_SESSION['loggedin']"; if(!isset($_SESSION['loggedin'])) { header('Location: http://www.website.com/'); exit(); } else { exit(); } ?> Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790048 Share on other sites More sharing options...
redarrow Posted March 21, 2009 Share Posted March 21, 2009 $_SESSION['loggedin'] = 1; to $_SESSION['loggedin']=1; also move <?php session_start(); ?> to <?php session_start(); ?> Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790056 Share on other sites More sharing options...
redarrow Posted March 21, 2009 Share Posted March 21, 2009 try this please. copy and past as if. <?php session_start(); if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; include("../createadmin/adminconnect.php"); $sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql, $connection) or die(mysql_error()); if(mysql_num_rows($result)==1) { $_SESSION['loggedin']=1; header('Location: http://www.website.com/scripts/admin/admin.php'); exit(); } else { header('Location: http://www.website.com/scripts/admin/login.php?error1'); exit(); } } ?> <?php session_start(); if(!isset($_SESSION['loggedin'])) { header('Location: http://www.website.com/'); exit(); }else{ exit(); } ?> Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790057 Share on other sites More sharing options...
Maq Posted March 21, 2009 Share Posted March 21, 2009 $_SESSION['loggedin'] = 1; to $_SESSION['loggedin']=1; also move <?php session_start(); ?> to <?php session_start(); ?> Just curious but what exactly is the difference between those two changes? Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790059 Share on other sites More sharing options...
redarrow Posted March 21, 2009 Share Posted March 21, 2009 wight spaces, There no difference to the session but could be wight space problem here. any think worth a shot i guess. Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790061 Share on other sites More sharing options...
Maq Posted March 21, 2009 Share Posted March 21, 2009 I don't think that would matter. I've only heard of w white space issues correlated with HEADER errors. Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790063 Share on other sites More sharing options...
redarrow Posted March 21, 2009 Share Posted March 21, 2009 Globals are turned off on the Linux machine (the register_globals php.ini directive) Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790064 Share on other sites More sharing options...
DeanWhitehouse Posted March 21, 2009 Share Posted March 21, 2009 @redarrow, whitespace problems occur with HTML whitespace not PHP whitespace. Also Ahh well...first of all, I notice that you're checking if the form has been submitted by using if(isset($_POST['submit'])) which I assume is the submit button. The only problem with this is that if you don't actually click the submit button, ie you just press enter, it is ignored. So yeah, are you sure the form is actually being submitted? And also, maybe try simply echoing the contents of your sessions, to see if they are actually set or not...? Are you serious ?? Try it, using if(isset($_POST['submit_button'])) works if you press the button or if you press the enter key. Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790245 Share on other sites More sharing options...
jackpf Posted March 21, 2009 Share Posted March 21, 2009 Well, it doesn't because I tested it out the other day on my site. Then I realised that if the submit button isn't actually pressed, it doesn't think the form has been submitted. It might just be IE, idk, I haven't tested it in anything else, I just changed it back because it didn't work. Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790253 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Thanks for all the suggestions, I tried redarrow code, and the exact same thing happens, the web server I'm using is paid for, and has everything but IIS installed, the PHP version it's using is 5.2.8, totally clueless on what to try next . Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790261 Share on other sites More sharing options...
redarrow Posted March 21, 2009 Share Posted March 21, 2009 try this tell me what happens. don't need to post nothing just go to the page it on ok. <?php session_start(); $_SESSION['redarrow']="hi there mate!"; if(isset($_SESSION['redarrow'])){ echo $_SESSION['redarrow']; exit; } if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; include("../createadmin/adminconnect.php"); $sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql, $connection) or die(mysql_error()); if(mysql_num_rows($result)==1) { $_SESSION['loggedin']=1; header('Location: http://www.website.com/scripts/admin/admin.php'); exit(); } else { header('Location: http://www.website.com/scripts/admin/login.php?error1'); exit(); } } ?> Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790262 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Well I get hi there mate! Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790273 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Okay I have been testing this for a while, if I do <?php $_SESSION['loggedin']=1; echo $_SESSION['loggedin']; exit(); ?. On either of the pages, it works, 1 is returned, however as soon as I want to transfer the variable value across pages e.g. Login page: $_SESSION['loggedin']=1; Admin Page: echo $_SESSION['loggedin']; It just returns blank ??? Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790281 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Anyone? Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790362 Share on other sites More sharing options...
jackpf Posted March 21, 2009 Share Posted March 21, 2009 You don't have session_start() in that code you just posted... Could be it a problem..? Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790375 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Hi Nah I just let it out. Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790403 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Is there anything else I can use to accomplish the same goal? Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790470 Share on other sites More sharing options...
jackpf Posted March 21, 2009 Share Posted March 21, 2009 Cookies? Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790471 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.