Bopo Posted March 21, 2009 Share Posted March 21, 2009 Hi I'm not too sure why this isn't working however I am using sessions for logging into an admin section of a website, below is the coding of the Login script: <?php session_start(); if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; include("../createadmin/adminconnect.php"); $sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql, $connection); if(mysql_num_rows($result)) { $_SESSION['loggedin'] = 1; header('Location: http://www.website.com/scripts/admin/admin.php'); exit();} else { header('Location: http://www.website.com/scripts/admin/login.php?error1'); exit();} // if(!$result){die(mysql_error();} } ?> Now behind the admin page, I have the following code to validate whether the user is logged in, and if they are not, re-direct them. <?php session_start(); if(!isset($_SESSION['loggedin'])) { header('Location: http://www.website.com/'); exit(); } ?> The problem is, even when I do login I get re-directed, and can't figure out why, help appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/ Share on other sites More sharing options...
jackpf Posted March 21, 2009 Share Posted March 21, 2009 Ahh well...first of all, I notice that you're checking if the form has been submitted by using if(isset($_POST['submit'])) which I assume is the submit button. The only problem with this is that if you don't actually click the submit button, ie you just press enter, it is ignored. So yeah, are you sure the form is actually being submitted? And also, maybe try simply echoing the contents of your sessions, to see if they are actually set or not...? Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-789973 Share on other sites More sharing options...
bluejay002 Posted March 21, 2009 Share Posted March 21, 2009 Also... you may also to alternatively check if the username and password fields has been set and are not empty. If okay, then you can do the session handling thing. Also, you might want to do some trimming and escaping to be safer from injection. <-- though out of topic. ^^ Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-789986 Share on other sites More sharing options...
Malevolence Posted March 21, 2009 Share Posted March 21, 2009 if(mysql_num_rows($result)) { invalid if statement. You'll need to put something like: if(mysql_num_rows($result) == 1) { or if(mysql_num_rows($result) === 1) { And as for the query, it's good practise to use the backticks for table names e.g. `colours` or whatever. You'll also want to use LIMIT 1 at the end of the query- also good practise seeing as you only want one row. In your form (like jackpf said) name the form itself and then use that to check if the form was submitted (includes enter & submit button) Finally like bluejay said, you'll want to trim and escape that query & variables for safety purposes. Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-789994 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Hi Thanks for the advice eveyone, I have put a few of those suggestions into practice, however it is still not working, I decided to echo the session 'loggedin' on the admin page, and nothing is returned, therefore it looks like theirs a problem with them, but I haven't been able to figure it out yet Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790029 Share on other sites More sharing options...
MasterACE14 Posted March 21, 2009 Share Posted March 21, 2009 what's your latest code? Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790045 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 <?php session_start(); if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; include("../createadmin/adminconnect.php"); $sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql, $connection); if(mysql_num_rows($result) == 1 ) { $_SESSION['loggedin'] = 1; header('Location: http://www.website.com/scripts/admin/admin.php'); exit();} else { header('Location: http://www.website.com/scripts/admin/login.php?error1'); exit();} // if(!$result){die(mysql_error();} } ?> And <?php session_start(); // echo "$_SESSION['loggedin']"; if(!isset($_SESSION['loggedin'])) { header('Location: http://www.website.com/'); exit(); } else { exit(); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790048 Share on other sites More sharing options...
redarrow Posted March 21, 2009 Share Posted March 21, 2009 $_SESSION['loggedin'] = 1; to $_SESSION['loggedin']=1; also move <?php session_start(); ?> to <?php session_start(); ?> Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790056 Share on other sites More sharing options...
redarrow Posted March 21, 2009 Share Posted March 21, 2009 try this please. copy and past as if. <?php session_start(); if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; include("../createadmin/adminconnect.php"); $sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql, $connection) or die(mysql_error()); if(mysql_num_rows($result)==1) { $_SESSION['loggedin']=1; header('Location: http://www.website.com/scripts/admin/admin.php'); exit(); } else { header('Location: http://www.website.com/scripts/admin/login.php?error1'); exit(); } } ?> <?php session_start(); if(!isset($_SESSION['loggedin'])) { header('Location: http://www.website.com/'); exit(); }else{ exit(); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790057 Share on other sites More sharing options...
Maq Posted March 21, 2009 Share Posted March 21, 2009 $_SESSION['loggedin'] = 1; to $_SESSION['loggedin']=1; also move <?php session_start(); ?> to <?php session_start(); ?> Just curious but what exactly is the difference between those two changes? Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790059 Share on other sites More sharing options...
redarrow Posted March 21, 2009 Share Posted March 21, 2009 wight spaces, There no difference to the session but could be wight space problem here. any think worth a shot i guess. Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790061 Share on other sites More sharing options...
Maq Posted March 21, 2009 Share Posted March 21, 2009 I don't think that would matter. I've only heard of w white space issues correlated with HEADER errors. Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790063 Share on other sites More sharing options...
redarrow Posted March 21, 2009 Share Posted March 21, 2009 Globals are turned off on the Linux machine (the register_globals php.ini directive) Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790064 Share on other sites More sharing options...
DeanWhitehouse Posted March 21, 2009 Share Posted March 21, 2009 @redarrow, whitespace problems occur with HTML whitespace not PHP whitespace. Also Ahh well...first of all, I notice that you're checking if the form has been submitted by using if(isset($_POST['submit'])) which I assume is the submit button. The only problem with this is that if you don't actually click the submit button, ie you just press enter, it is ignored. So yeah, are you sure the form is actually being submitted? And also, maybe try simply echoing the contents of your sessions, to see if they are actually set or not...? Are you serious ?? Try it, using if(isset($_POST['submit_button'])) works if you press the button or if you press the enter key. Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790245 Share on other sites More sharing options...
jackpf Posted March 21, 2009 Share Posted March 21, 2009 Well, it doesn't because I tested it out the other day on my site. Then I realised that if the submit button isn't actually pressed, it doesn't think the form has been submitted. It might just be IE, idk, I haven't tested it in anything else, I just changed it back because it didn't work. Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790253 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Thanks for all the suggestions, I tried redarrow code, and the exact same thing happens, the web server I'm using is paid for, and has everything but IIS installed, the PHP version it's using is 5.2.8, totally clueless on what to try next . Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790261 Share on other sites More sharing options...
redarrow Posted March 21, 2009 Share Posted March 21, 2009 try this tell me what happens. don't need to post nothing just go to the page it on ok. <?php session_start(); $_SESSION['redarrow']="hi there mate!"; if(isset($_SESSION['redarrow'])){ echo $_SESSION['redarrow']; exit; } if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; include("../createadmin/adminconnect.php"); $sql = "SELECT username, password FROM adminlogin WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql, $connection) or die(mysql_error()); if(mysql_num_rows($result)==1) { $_SESSION['loggedin']=1; header('Location: http://www.website.com/scripts/admin/admin.php'); exit(); } else { header('Location: http://www.website.com/scripts/admin/login.php?error1'); exit(); } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790262 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Well I get hi there mate! Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790273 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Okay I have been testing this for a while, if I do <?php $_SESSION['loggedin']=1; echo $_SESSION['loggedin']; exit(); ?. On either of the pages, it works, 1 is returned, however as soon as I want to transfer the variable value across pages e.g. Login page: $_SESSION['loggedin']=1; Admin Page: echo $_SESSION['loggedin']; It just returns blank ??? Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790281 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Anyone? Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790362 Share on other sites More sharing options...
jackpf Posted March 21, 2009 Share Posted March 21, 2009 You don't have session_start() in that code you just posted... Could be it a problem..? Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790375 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Hi Nah I just let it out. Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790403 Share on other sites More sharing options...
Bopo Posted March 21, 2009 Author Share Posted March 21, 2009 Is there anything else I can use to accomplish the same goal? Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790470 Share on other sites More sharing options...
jackpf Posted March 21, 2009 Share Posted March 21, 2009 Cookies? Quote Link to comment https://forums.phpfreaks.com/topic/150416-sessions-problem/#findComment-790471 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.