[SOLVED] Session problem?

ReeceSayer · November 19, 2009

Hi ive managed to set up a login/registration form for my site and im having a little trouble i think with storing my username in a session... I'm not sure exactly where the problem lies but i assume it must be in one of two files.

Login2

<?php
session_start();

// Start a session. Session is explained below.

include("connection2.php");

// Same checking stuff all over again.
if(isset($_POST['submit'])) {
if(empty($_POST['username']) || empty($_POST['password'])) {
	echo "Sorry, you have to fill in all forms";
	header("Location: login.php");
	exit;
}
// Create the variables again.
$username = $_POST['username'];
$password = $_POST['password'];
// Encrypt the password again with the md5 hash. 
// This way the password is now the same as the password inside the database.
$password = md5($password);

// Store the SQL query inside a variable. 
// ONLY the username you have filled in is retrieved from the database.
$query = "SELECT username,password 
		  FROM	 `users`
		  WHERE	 username='$username'";

$result = mysql_query($query);
if(!$result) { 
	// Gives an error if the username given does not exist.
	// or if something else is wrong.
	echo "The query failed " . mysql_error();
} else {
	// Now create an object from the data you've retrieved.
	$row = mysql_fetch_object($result);
	// You've now created an object containing the data.
	// You can call data by using -> after $row.
	// For example now the password is checked if they're equal.
	if($row->password != $password) {
		$message3 = "I am sorry, but the passwords are not equal.";
		//header("Location: login.php");
		//exit;
	}
	// By storing data inside the $_SESSION superglobal,
	// you stay logged in until you close your browser.
	$_SESSION['username'] = $username;
	$_SESSION['sid'] = session_id(); 
	// Make it more secure by storing the user's IP address.
	$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
	// Now give the success message.
	// $_SESSION['username'] should print out your username.
	$message1 = "Success! ". $_SESSION['username']; echo " You are now logged in " ;
	$message2 = "Click Home to go to your profile page <a href=\"access.php\">Home</a>";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" 
                                           lang="en">
<head>
   <title>Login 2</title>
   <meta http-equiv="Content-Type"
         content="text/html; charset=utf-8" />
   <link href="centered.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
body {
background-repeat: repeat;
}
-->
</style></head>
<body>
   <!-- wrapper div for positioning -->
   <div id="container">
      <!-- Header Section -->
      <div id="header">
  
   <img
   src="images/Semper Fi.png"
   alt="Semper Fi"
   longdesc="value"  
   title="Semper Fi"
/>

<object type="application/x-shockwave-flash" 
data="NCIS.swf" width="400" height="300">
<param name="movie" value="NCIS.swf" />
<param name="controller" value="true" />
<p>Sorry, your browser is not standards compliant; please try 
<a href="NCIS%20Slideshow.swf">NCIS.swf</a></p>
</object>
<br />
<a href=index.php>
    <img    
   src="images/NCIS Logo.png"
   alt="NCIS Logo"
   longdesc="value"  
   title="NCIS"
   width="339" height="107" />
   </a>

      </div>
  
      <!-- Content Section -->
      <div id="content">
  <?php
  $date = date_default_timezone_set('Europe');
	if (date("H") < 12) 
	 echo 'Good morning, ';
	 else
	 echo 'Good afternoon, ';
	echo 'the time is: ' . date('H:i') . ' on ' . date('D M j') .'th' . PHP_EOL .'<br>';

		if($row->password != $password) {
		echo "I am sorry, but the passwords are not equal.<br>";
		echo "<a href = \"/login.php\">Click here to try again</a>";
		session_destroy();

	}
else if
	($_SESSION['username'] = $username && $_SESSION['sid'] = session_id())
	{
	echo "" . $message1 . " ";
	echo "" . $message2 . "<br>";
	}


// login2.php

?>
      </div>
  
      <!-- Footer Section -->
       <div id="footer">
      <p>
      <a href="http://validator.w3.org/check/referer"><img
          src="http://www.w3.org/Icons/valid-xhtml10"
          alt="Valid XHTML 1.0!" height="31" width="88" /></a>
    </p>
<p> <a href="About Us.html">About Us </a> </p>

      </div>
  
   </div> 
   <!-- end container -->
</body>  
</html>

or in this one

access

<?php 
	session_start();
	if(!isset($_SESSION['username']) || !isset($_SESSION['sid']) ||!isset($_SESSION['ip'])) {
	header("Location: login.php");
	}
	include("connection2.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Index Page</title>
   <meta http-equiv="Content-Type"
         content="text/html; charset=utf-8" />
   <link href="centered.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
body {
background-repeat: repeat;
}
-->
</style></head>
<body>
   <!-- wrapper div for positioning -->
   <div id="container">
      <!-- Header Section -->
      <div id="header">
  
   <img
   src="images/Semper Fi.png"
   alt="Semper Fi"
   longdesc="value"  
   title="Semper Fi"
/>

   <object
   type="application/x-shockwave-flash" 
   data="NCIS.swf" width="400" height="300">
   <param name="movie" value="NCIS.swf" />
   <param name="controller" value="true" />
   <p>Sorry, your browser is not standards compliant; please try
      <a href="NCIS Slideshow.swf">NCIS.swf</a>
   </p>
</object>

<br />
    <img    
   src="images/NCIS Logo.png"
   alt="NCIS Logo"
   longdesc="value"  
   title="NCIS"
   width="339" height="107" />
   
<br />

      </div>
  
      <!-- Content Section -->
      <div id="content">
<?php
  $date = date_default_timezone_set('Europe');
	if (date("H") < 12) 
	 echo 'Good morning, ';
	 else
	 echo 'Good afternoon, ';
	echo 'the time is: ' . date('H:i') . ' on ' . date('D M j') .'th <br>' . PHP_EOL;
	echo "Welcome, " . $_SESSION['username'] . "";
	echo " You can only access this page if you are logged in.";
//		echo "<a href ="logout.php">Logout</a>;
?>
<br />
<p>Welcome to the only 100% unofficial NCIS website.</p>
<p>Here at Semper Fi 
<a href ="change password.php">Change password</a> 
<br />
<a href ="logout.php">Logout</a>  
  </div>
  
      <!-- Footer Section -->
       <div id="footer">
      <p>
      <a href="http://validator.w3.org/check/referer"><img
          src="http://www.w3.org/Icons/valid-xhtml10"
          alt="Valid XHTML 1.0!" height="31" width="88" /></a>
    </p>
<p> <a href="About Us.html">About Us </a> </p>

      </div>
  
   </div> 
   <!-- end container -->
</body>  
</html>

The actual problem is that when i go onto the access page... which can only be accessed once you have logged in... it will not display my session username... could this problem be to do with the way in which i make sure a user is not already in the database? for which the code is



$query2 = "select * from users where username='$username'";
$result2 = mysql_query($query2) or die (mysql_error());
$num = mysql_numrows($result2);
if ($num > 0) 
{
echo "<br>Username already exists<br>"; 
}
else
{
$result = mysql_query($query);
}

Thanks

[EDIT] Just a quick edit... there is some output where the session username should be but its just the number 1... which is why i thought it may be to do with the mysql_num_rows. thanks again [EDIT]

mrMarcus · November 19, 2009

for starters, it's mysql_num_rows(), not mysql_numrows();

premiso · November 19, 2009

for starters, it's mysql_num_rows(), not mysql_numrows();

I believe they are alias's of each other...although I cannot find a reference to that in the manual.

EDIT:

As to the OP's problem:

	else if
	($_SESSION['username'] = $username && $_SESSION['sid'] = session_id())

Notice you use single =, are you meaning to assign them there or are you meaning to set them? As == is the comparison operator...I am not sure if that was your intentions or not.

ReeceSayer · November 19, 2009

Thanks for the replies... i changed it from mysql_numrows to mysql_num_rows and it works exactly the same.

What i was meaning to do with the single equals was just to check that the session username and session id were the same before displaying the success message.

Not sure if thats how to do it. I'm fairly new to php

c-o-d-e · November 19, 2009

If your trying to compare and check, you'd use "=="

== is "Equal To"

= is "Is"

Thats how I learn with them.

	
else if
($_SESSION['username'] = $username && $_SESSION['sid'] = session_id())
//Above code sets username as $username and session sid as session_id.
//To compare if there correct.. use the above code to set the variables, though I wouldn't keep it there.. I'd move it to the top of the code .. in an non if place. Then do this
else if
($username == session_id){ do whatever here if corect } else { do whatever here if incorrect }

mrMarcus · November 19, 2009

for starters, it's mysql_num_rows(), not mysql_numrows();

I believe they are alias's of each other...although I cannot find a reference to that in the manual.

ya, i looked for one, too.

what page is this on:

$query2 = "select * from users where username='$username'";
   $result2 = mysql_query($query2) or die (mysql_error());
   $num = mysql_numrows($result2);
   if ($num > 0)
{
   echo "<br>Username already exists<br>";
}
else
{
   $result = mysql_query($query);
}

seems a little redundant. perhaps if you post more of this code i can see if all this is necessary. just seems a little odd to query the db twice in such a similar manner in such short secession.

and as premiso stated, use the == comparison operator to check if values are equal, but not necessarily of the same type.

and my apologies as i was unaware that mysql_numrows() was (possibly) an alias of mysql_num_rows().

premiso · November 19, 2009

Not sure if thats how to do it. I'm fairly new to php

Nope it is not, you were basically assinging them to that value, granted that probably will not solve your problem but this would be the correct way to do that:

	else if
	($_SESSION['username'] == $username && $_SESSION['sid'] == session_id())

I am looking at the access page and not really seeing any issues that stand out at me, it looks like it should display the username...if not what is the page doing that it should not be? You never really explained what the problem was in your original post...

However, looking at your code it is kind of a mess. I will try and clean it up and post a cleaned up version with comments here when I get a chance later for ya.

ReeceSayer · November 19, 2009

Thanks everyone for your replies and no need to apologise, you helped me out alot. I suppose its better to get into the proper practices. The problem was with the = sign...so thanks primiso, c-o-d-e and mrMarcus. Now that i've changed it to == everything works.

c-o-d-e · November 19, 2009

Remember what I said

"= is"

"== is equal to"

Otherwords "username is equal to password"

and "username is password"

Slight difference, might help you remember

Mark the topic as Solved. Which you find near the quick reply at the bottom.

Glad we helped you

ReeceSayer · November 19, 2009

Yep i'll remember in future thanks

Also marked as solved.

Sign In

[SOLVED] Session problem?

Recommended Posts

ReeceSayer

Link to comment

Share on other sites

mrMarcus

Link to comment

Share on other sites

premiso

Link to comment

Share on other sites

ReeceSayer

Link to comment

Share on other sites

c-o-d-e

Link to comment

Share on other sites

mrMarcus

Link to comment

Share on other sites

premiso

Link to comment

Share on other sites

ReeceSayer

Link to comment

Share on other sites

c-o-d-e

Link to comment

Share on other sites

ReeceSayer

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information