[SOLVED] If..then trouble on login page

[gladwell]

Wait-you meant in login.php

[947740]

Yeah.  You had it in the correct spot in the other php file.

[gladwell]

Somehow that changed the error message on the redirect page to this:

 

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

 

[947740]

When echoing variables like $_SESSION (when I mean `like` I am mainly referring to arrays and variables like $_SERVER,$_POST,$_GET, etc.), you have to separate it from the string or put brackets around it.

 

Also, your ; was in the wrong place.

 

<?php 
session_start();
echo "Welcome, {$_SESSION['firstname']}";

?>

OR

<?php 
session_start();
echo "Welcome, ".$_SESSION['firstname'];
?>

[gladwell]

Thanks for the syntax tip. That took care of the error message, but the name isn't showing up. Am I correct in understanding that the $_SESSION variable passes itself (as opposed to needing to be passed as a hidden value from page to page? I have firstname accounted for in the query.

[947740]

Can you post the update login script?  I think I have na idea as to why is not working, but I need to see the most recent srcipt you have.

[gladwell]

<?php session_start();
require 'script.php'; 

if (isset($_POST['submit'])) {


$username = $_POST['username'];

$password = $_POST['password'];

$query = "SELECT firstname FROM table WHERE username = '$username' AND password = '$password'";

if($result = mysql_query($query)) {

	if (mysql_num_rows($result) == 1) { //username and password are in the database

		$_SESSION['firstname'] = $row[1];
		header('Location: http://www.url_index.php');

	}
	else {	//username and password not in database. 

	echo '<p align="center"><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

	}
}


else {

echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";

}
}

?>

[KevinM1]

$row[1] doesn't contain anything because you never actually fetch the results after the query.  You need something along the lines of:

$row = mysql_fetch_array($results);
$_SESSION['firstname'] = $row[1];

[947740]

Nightslyr already answered the one part.

 

Also, just another semantic note...it is common practice to store passwords in the database using the md5() function.  That way it is not plain text.

[gladwell]

Adding this didn't change anything. What have I missed?

 

if (mysql_num_rows($result) == 1) { //username and password are in the database
		$row = mysql_fetch_array($result);

		$_SESSION['firstname'] = $row[1];

 

 

md5() is new to me. I'll research that.

[947740]

It shouldn't make a difference, but go ahead and try $row = mysql_fetch_row($result); instead.

[gladwell]

Changing to $row = mysql_fetch_row($result); did not make a difference.

 

[947740]

It is actually $row[0] because all arrays start at an index of 0.

 

Sorry I didn't catch that earlier.

[gladwell]

That was it! I should have caught that, too. Thank you so much for your help with these problems, 947740.

 

 

What happens if I don't close the session?

[947740]

I'm not up on the specifics, but nothing much should happen.  It will be closed when the browser is closed.  Maybe someone else has a better answer.

 

If you are concerned, just tack this on to the end of your pages (assuming you don't want information passed along).

 

This is mainly used for logout pages, seeing as you don't care about session data then.  (And it is redundant, but I find it is usefuly if you are paranoid.)

 

unset($_SESSION);
session_destroy();

[gladwell]

OK. For this application, I only wanted to use the session variable to pass the name.

 

Thanks again for your assistance. I learned some new things.

 

How does the thread get marked as solved?

[947740]

No problem.

 

There should be a link in the bottom left hand corner, below this post and the ad.