Sessions are confusing me

[Noskiw]

I'm trying to create a login script that keeps the user logged in until computer shut down. So far it is successful. But when I try to add the member ID on to the page. It just doesn't show up. I've tried to save the ID in the form of a session .

 

<?php
    
$username = $_POST['username'];
$password = $_POST['password'];

echo "<br />";

if($_POST['submit']){
    if($username||$firstname && $lastname && $password){
        $sql = "SELECT * FROM users WHERE username='".$username."' && id='".$id."'";
        $res = mysql_query($sql) or die(mysql_error());
        
        $numrows = mysql_num_rows($res);
        
        if($numrows != 0){
            while($row = mysql_fetch_assoc($res)){
                $dbusername = $row['username'];
                $dbpassword = $row['password'];
                $dbfirstname = $row['first Name'];
                $dblastname = $row['last Name'];
                $id = $row['id'];
            }
            
            if($username==$dbusername && md5($password)==$dbpassword){
                echo "You're now <b>Logged In</b> Click <a href='index.php?p=member'><b>here</b></a> to enter the member page!";
                $_SESSION['username']=$username;
                $_SESSION['first Name']=$dbfirstname;
                $_SESSION['last Name']=$dblastname;
                $_SESSION['id']=$id;
            }else{
                echo "Incorrect password!";
            }
            
        }else{
            echo "That user <b>doesn't</b> exist!";
        }
        
    }else{
        echo "Please <b>enter</b> a username and a password!";
    }
}

if(!$_POST['submit']){

?>

<form action="index.php?p=login" method="POST">

    <table>
    
        <h1>Login</h1>
        
        <tr><td>Username: </td><td><input type="text" name="username" /></td></tr>
        <tr><td>Password: </td><td><input type="password" name="password" /></td></tr>
        <tr><td><input type="submit" name="submit" value="Login" /></td></tr>
    
    </table>

</form>

<?php

}

?>

[kenrbnsn]

You need to use the function session_start at the start of each script where you use sessions.

 

Ken

[Noskiw]

This is part of a dynamic page in which the session_start() is on the main page. This is basically just the included part of the index.

[PFMaBiSmAd]

If the posted code is your 'login' code, where are you setting $id to a value at before you put it into into the query?

[Zagga]

As mentioned, you don't seem to be assigning a value to $id anywhere.

 

Also, your second IF statement is checking for a $firstname and a $lastname that also don't seem to be initialised anywhere.

 

 

Zagga

 

[Noskiw]

I've taken out the $firstname and $lastname.

 

This is my code now

 

<?php
    
$username = $_POST['username'];
$password = $_POST['password'];
$id = $_GET['id'];

echo "<br />";

if($_POST['submit']){
    if($username && $password){
        $sql = "SELECT * FROM users WHERE username='".$username."' && id='".$id."'";
        $res = mysql_query($sql) or die(mysql_error());
        
        $numrows = mysql_num_rows($res);
        
        if($numrows != 0){
            while($row = mysql_fetch_assoc($res)){
                $dbusername = $row['username'];
                $dbpassword = $row['password'];
                $dbfirstname = $row['first Name'];
                $dblastname = $row['last Name'];
                $id = $row['id'];
            }
            
            if($username==$dbusername && md5($password)==$dbpassword){
                echo "You're now <b>Logged In</b> Click <a href='index.php?p=member'><b>here</b></a> to enter the member page!";
                $_SESSION['username']=$username;
                $_SESSION['first Name']=$dbfirstname;
                $_SESSION['last Name']=$dblastname;
                $_SESSION['id']=$id;
            }else{
                echo "Incorrect password!";
            }
            
        }else{
            echo "That user <b>doesn't</b> exist!";
        }
        
    }else{
        echo "Please <b>enter</b> a username and a password!";
    }
}

if(!$_POST['submit']){

?>

<form action="index.php?p=login" method="POST">

    <table>
    
        <h1>Login</h1>
        
        <tr><td>Username: </td><td><input type="text" name="username" /></td></tr>
        <tr><td>Password: </td><td><input type="password" name="password" /></td></tr>
        <tr><td><input type="submit" name="submit" value="Login" /></td></tr>
    
    </table>

</form>

<?php

}

?>

 

I have no idea where to assign the $id.

[PFMaBiSmAd]

I've got a more basic question for you. Why did you add  && id='".$id."' to the query in your login code that is checking if the entered username is in your database table?

 

Computers only do exactly what their code and data tells them to do. If you cannot state why and where you are going to do something, you cannot write any code to accomplish it.

[Noskiw]

I've taken it out now. I do realise now that it did nothing. Is there any way that I can get it to add the member id at the end of it using a session?

[PFMaBiSmAd]

Provided you have a column named id and you are actually being logged in (the 'You're now Logged In' is being echoed) so you know that the code setting the session variables is being executed, your existing code -

 

....
$id = $row['id'];
....
$_SESSION['id']=$id;
....

 

should be setting $_SESSION['id'] with the id from the user's row in your table when the user logs in.

 

How do you know it is not? What is your code that is trying to use that information and what exact symptoms are you getting that tells you there is no value?