BlackWidow Posted May 6, 2009 Share Posted May 6, 2009 I have having problems with the following code, sometimes it will login and carry the session to the next page, sometimes it logs in but doesnt carry the session to the next page. Can anyone see why? It has me flumuxed. <?php //$uname = ""; //$pword = ""; //$errorMessage = ""; //========================================== // ESCAPE DANGEROUS SQL CHARACTERS //========================================== function quote_smart($value, $handle) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value, $handle) . "'"; } return $value; } if ($_SERVER['REQUEST_METHOD'] == 'POST'){ $uname = $_POST['username']; $pword = $_POST['password']; $uname = htmlspecialchars($uname); $pword = htmlspecialchars($pword); //========================================== // CONNECT TO THE LOCAL DATABASE //========================================== $hostname = "removed"; $username = "removed"; $password = "removed"; $database = "removed"; $db_handle = mysql_connect("$hostname", "$username", "$password"); $db_found = mysql_select_db("$database", $db_handle); if ($db_found) { //$uname = quote_smart($uname, $db_handle); //$pword = quote_smart($pword, $db_handle); $sql = "SELECT * FROM user WHERE uname = '$uname' AND pword = '$pword'"; $result = mysql_query($sql, $db_handle); if ($result) { $num_rows = mysql_num_rows($result); if ($num_rows > 0) { //$db_field = mysql_fetch_assoc($result); //$uname = $db_field['uname']; session_start(); $_SESSION['uname'] = $uname; $_SESSION['pword'] = $pword; header ("Location: loggon.php"); }else { $errorMessage = "Invalid Login."; session_start(); $_SESSION['uname'] = ''; $_SESSION['pword'] = ''; //========================================== // YOUR SIGNUP PAGE HERE //========================================== header ("Location: test_reg.php"); } } else { $errorMessage = "Error logging on - no results"; //header ("Location: reg.php"); } } else { $errorMessage = "Error logging on - last error"; } } ?> <?php include("member_header.php"); ?> <?php include("member_menu.php"); ?> <div id="content1"> <form name ="form1" method ="post" action ="logv1.php"> <fieldset> Username: <input type = "text" name ="username" value="<?php print $uname;?>" maxlength="20"><br /><br /> Password: <input type = "text" name ="password" value="<?php print $pword;?>" maxlength="16"><br /> <p> <input type = "submit" name = "submit" value = "Login"> </p> </fieldset> </form> <?php print $errorMessage;?> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 6, 2009 Share Posted May 6, 2009 $uname = htmlspecialchars($uname); $pword = htmlspecialchars($pword); Why? $db_handle = mysql_connect("$hostname", "$username", "$password"); $db_found = mysql_select_db("$database", $db_handle); You don't have to wrap variables in quote tags like that. session_start(); That line should be at the very top. $_SESSION['pword'] = $pword; Is there a need to store a password? Quote Link to comment Share on other sites More sharing options...
BlackWidow Posted May 6, 2009 Author Share Posted May 6, 2009 Hi, Done what you suggested, it is working now. Why has it worked sometimes ang not other times though? Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 6, 2009 Share Posted May 6, 2009 session_start() has to be the first line if you were to use $_SESSION. I assume that's the problem. But really, you shouldn't htmlspecialchars($uname) and same goes for password. I don't understand that. Quote Link to comment Share on other sites More sharing options...
revraz Posted May 6, 2009 Share Posted May 6, 2009 You may not have error display or reporting turned on, so you probably never seen the HEADER errors you were getting. Hi, Done what you suggested, it is working now. Why has it worked sometimes ang not other times though? Quote Link to comment Share on other sites More sharing options...
BlackWidow Posted May 7, 2009 Author Share Posted May 7, 2009 hi ken2k7 thank you for your kelp it appears to be working now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.