Session not working

[justinede]

Hey Guys,

 

I have a really simply login script, but it isnt working.

For some reason, the variable myusername is not being stored in the session correctly.

 

Here is my checklogin.php

 

<?php
ob_start();
session_start();
$host="****"; // Host name
$username="*****"; // Mysql username
$password="******"; // Mysql password
$db_name="******t"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
header("location:users/$myusername/");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

 

the script directs you to the right location, but when we get there, the session has lost the myusername variable. here is the user's page.

 

<?php
session_start();
echo $_SESSION['myusername'];
?>

 

All I get is a blanc page. :/

 

Thanks for any help.

[PFMaBiSmAd]

What are the complete URLs (with the http://www.domain.com/path/page_name.php, xxxxxx out the domain if you don't want to post it) of both the checklogin.php page and the users/username/ page?

 

Also, what does a phpinfo() statement show for the session.cookie_path and session.cookie_domain settings?

[justinede]

http://xxxxxxxxxxxxx.com/login/checklogin.php

and

 

http://xxxxxxxxxxxxx.com/login/users/username/index.php

 

session.cookie_path / /

session.cookie_domain no value no value

[PFMaBiSmAd]

Assuming that you didn't xxxxx out a www. vs no-www. on either of the URLs, add the following two lines of code at the line after the line with your first opening <?php tag in both files -

 

ini_set("display_errors", "1");
error_reporting(E_ALL);

[justinede]

Here is what I get:

 

Notice: Undefined index: myusername in /hermes/web03/b441/moo.xxxxxxxxxx/login/users/justin/index.php  on line 6

[PFMaBiSmAd]

If all the information you have posted is accurate, best guesses are that either you have disabled cookies in your browser or session handling is disabled or is not working as expected on your server.

 

After you attempt this and your browser is still open, look at the cookies or the page info in your browser and check if you are getting a cookie named PHPSESSID under your web site URL.

[justinede]

I am indeed getting a cooking named PHPSESSID.

[justinede]

cookie* lol

[PFMaBiSmAd]

Your use of ob_start(); and ob_end_flush(); could be hiding any errors being reported/displayed in the first code.

 

Just remove those two statements (you should only use output buffering if you want to capture output, not to fix problems in your logic.)

[justinede]

Removing those didnt do anything. :/