Jump to content

Sessions I'm Sick of Them (Please Help Me)


dual_alliance

Recommended Posts

When it comes to sessions l can't get them to work and it is SO frustrating.  I have tried many login script's and once l click any link it logs me out (in IE), l can't use sessions on localhost for some strange reason but l have SMF installed and working fine and another login script which l tried works in firefox but not IE.

How can l make it so sessions work?  Should l use cookies?  I no a session is sortof a cookie as well but l have seen people use cookies and sessions together.  If so can someone please give me an example of a login script using cookies + sessions or just one of the 2, because l am really getting frustrated.

Thankyou,

dual_alliance
Link to comment
Share on other sites

cookies and sessions, by default are used together.  You don't have to do anything, php does everything for you. 
the first thing, above EVERY page that uses sessions simply have session_start();
at the top with no white space, or nothing above it, keep any echo's a ways away from it or you get header errors.
As far as sesisons to setup a session
$_SESSION['variable'] = "whatever";
that session is set, if it's logging you out then you have to set the session maxlifetime high enough so it doesn't automatically close when the browser shuts down, or also doesn't cut them off in the middle of something either.
Link to comment
Share on other sites

Show the code that is giving you trouble?

Are you running a web server (like apache) locally on your own machine or is it hosted else where?

[code]
<?php

$_POST['username'] = "SharkBait"  // pretend this was retrieved from a form
$PASS = "myPass";

if(isset($_POST['submit'])) {
  // Check if user submitted a form
  if(!empty($_POST['username'])) {
    $username = $_POST['username'];
  }
  // Check Password
  if($_POST['password'] == $PASS) {
      // passwords match create sessions

      $_SESSION['username'] = $username;
    } else {
      // Password does not match
    }
}
?>
[/code]

Check for a session
[code]
<?php

if(isset($_SESSION['username'])) {
  echo "Hi {$_SESSION['username']}";
} else {
  echo "Session is not set, I don't know who you are";
}
?>
[/code]
Link to comment
Share on other sites

Hi SharkBait,

Thats very similar to what l have so I will post the codes l have tried (on localhost and a webhost):

[b]First Code[/b]
<br />
[b]process_login.php[/b]
[code=php:0]<?php

session_start();

header("Cache-control: private");

// Get MySQL Database information






include('db.php');

// Make variables from the form



$Username = $_POST['userName'];



$Password = $_POST['passWord'];

// Remove HTML (if any)

$Username = strip_tags("$Username");

$Password = strip_tags("$Password");

// Connect to server and select database.

mysql_connect("$dbHost", "$dbUserName", "$dbPassWord")or die("Cannot connect to server!");

mysql_select_db("$dbName")or die("Cannot select Database!");

// Does the user exist?



$sql_user_check = "SELECT * FROM users WHERE username=\"$Username\" ";



$result_name_check = mysql_query($sql_user_check);



$usersfound = mysql_num_rows($result_name_check);

// If the user doesn't exist, create error



if ($usersfound < 1) {



$error = "User $Username not found.";

// If the user does exist, continue with processing

}else{

// Check if the passwords match

$sql_pass_get = "SELECT * FROM users WHERE username=\"$Username\" ";

$user_info = mysql_fetch_array(mysql_query($sql_pass_get));

$encryptpass = $user_info['password'];

// If it doesn't match, note that and end
 
if ($encryptpass != md5($Password)) {

// If it does match, let in and pass on info to session variables

}else{

$_SESSION['userid'] = $user_info['userid'];
     
$_SESSION['username'] = $user_info['username'];
     
$_SESSION['password'] = $user_info['password'];

}

}

if (!$_SESSION['username']) {

die ("Invalid password.  Try again.");

}else{

include('admin2.php');

}

?>[/code]
<br />
[b]another page (linked from admin2.php)[/b]
[code=php:0]<?php

session_start();
header("Cache-control: private");
if (!isset($_SESSION['username'])) {
    echo "You aren't logged in.";
    include("index.php");
    exit();
}else{

// rest of code....

}

?>[/code]

[b]Outcome: Doesn't Work![/b]
<br />
[b]Second Code[/b]
<br />
[b]login.php[/b][code=php:0]<?php

// check username and password POST vars exists first, before continuing
if(isset($_POST['username']) && isset($_POST['password']))
{
    session_start();

@mysql_connect('localhost', 'root', '') or die ('Cannot connect');
@mysql_select_db('cokusers');

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    $passwords = md5($password);

    $sql = "SELECT * FROM `users` WHERE `username` ='$username' AND `password` ='$passwords'";
    $result = mysql_query($sql) or die(mysql_error());

    // returns numbers of matches found.
    $users = mysql_num_rows($result);

    // if there was 1 result returned, user has successfully logged in
    if ($users == 1)
    {
        $row = mysql_fetch_assoc($result);

        $_SESSION['userid'] = $row['id'];
        $_SESSION['username'] = $row['username'];

        header("Redirect=5; URL=logged_in.php");

        echo "You are logged in! You\'ll be automatically redirected in 5 secounds. ";
        echo 'Or click <a href="logged_in.php">here</a> if you are impatient';
    }
    // user was not logged in, username/password combo incorrect
    else
    {
        echo 'Your Password and/or Username are incorrect<br />Please try agin<br /><br /><a href="index.php">Here</a>';
    }
}
else
{
    die("You have either come to this page in error or you did not fill in the login form!");
}

?>[/code]
<br />
[b]The page it links to[/b]
[code=php:0]<?php
session_start();
if(isset(!$_SESSION['username'])){//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{

// Rest of code etc.......

}

?>[/code]
<br />
[b]Outcome: Doesn't Work![/b]
<br />
I hope you can see now why l am frustrated with sessions ;D.  Your help is very much appreciated.
Link to comment
Share on other sites

What happens if you
[code=php:0]
print_f($_SESSION);
[/code]

After you've tried setting the session?

Notice you also have this near the bottom:
[code=php:0]
if(isset(!$_SESSION['username']))) { //ifthere is nothing in seession

// Id change it to this:
if (!isset($_SESSION['username'])) {
[/code]
Link to comment
Share on other sites

no one has bothered to mention that sessions are a SERVER-SIDE issue.  they will not work differently in IE and firefox unless you have different cookie settings in one or the other; even then, it's hard to produce differences.
Link to comment
Share on other sites

[quote author=SharkBait link=topic=103762.msg413509#msg413509 date=1155250131]
What happens if you
[code=php:0]
print_f($_SESSION);
[/code]

After you've tried setting the session?

Notice you also have this near the bottom:
[code=php:0]
if(isset(!$_SESSION['username']))) { //ifthere is nothing in seession

// Id change it to this:
if (!isset($_SESSION['username'])) {
[/code]
[/quote]

Nothing changed still the same problem.  akitchin l will try a different free host and tell you what happens
Link to comment
Share on other sites

Well a word of advice do not use php01.net to host free php websites.  And the otherone l tried it works in firefox but not IE.  Can any of you guys/girls refer me to a free host that you know works with sessions in IE?

(I am only using a free host now because l trying to make an online game and well l dont want to pay serverpowered.com's large fee's until its completed lol).

Thanks,

dual_alliance
Link to comment
Share on other sites

I think this statement is wrong:
[code]$sql_user_check = "SELECT * FROM users WHERE username=\"$Username\" ";[/code]
-your usage of double quotes around $Username is wrong.  sql only allows the usage of single quotes in that usage. In fact I believe that should be generating a mysql error because of invalid syntax.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.