Wierd PHP Session Bug

[Lukeidiot]

Hey guys,

 

For 90% of the hosts I use, my login session script works. Now on the other hand, I just got one of those 10% login session bugs (I am pretty sure its a host configuration bug, but I want to see if I can edit my current login script to work 100% of the time).

 

Here is my current login script code:

<?php
session_start();

if(isset($_POST['Login'])) {

$email = $_POST['username'];
$password = $_POST['password'];
$email2 = strtolower(mysql_real_escape_string($_POST['username']));
$password2 = strtolower(mysql_real_escape_string($_POST['password']));

$sql = "SELECT * FROM rsp_users WHERE email = '$email2' OR username = '$email2' and password = '$password2'";
$sqlexe = mysql_query($sql) or die("MySQL error ".mysql_errno().": ".mysql_error()."");
$row = mysql_fetch_assoc($sqlexe);

$rowemail = strtolower($row['email']);
$rowusername = strtolower($row['username']);
$rowpassword = strtolower($row['password']);

if (($email2 == $rowemail && $password2 == $rowpassword && $email2 != '' && $password2 != '') || ($email2 == $rowusername && $password2 == $rowpassword && $email2 != '' && $password2 != '')) {
	//session_register('id');
	//session_register('email');
	session_start('username');
	$_SESSION['username'] = $row['username'];
	$ip = $_SERVER['REMOTE_ADDR'];
	$time = time();
	echo "<script>window.location='?goto=rslogin.php&go=home'</script>";
	mysql_query("INSERT INTO rsp_logins (username, ipaddress, time, successful_login) VALUES ('$row[username]','$ip','$time','1')");

} else {
	echo "<br><strong><font color='red'>Email or Password Incorrect!</font></strong>";
	$ip = $_SERVER['REMOTE_ADDR'];
	$time = time();
	$user = strtolower(mysql_real_escape_string($_POST['username']));
	mysql_query("INSERT INTO rsp_logins (username, ipaddress, time, successful_login) VALUES ('$user','$ip','$time','0')");
}
}


if(isset($_SESSION['username'])) {
//include('header.php');
echo "Weclome <b>$_SESSION[username]</b>, you are already logged in ";
}
else {
//include('header.php');
echo "<form method='post' action=''>";
echo "<fieldset>";
echo "<legend>Login</legend>";
echo "
  Username<br />
  <input type='text' name='username' />
  <br />
  <br />
  Password
  <br />
  <input name='password' type='password' id='password' />
  <br />
  <input type='submit' class='button' name='Login' value='Login' />
  <br />
  <br />
Not Registered? <a href='http://runescapesr.com/ucp.php?mode=register'>Sign-up</a>.<br>
Forgot Password? <a href='?goto=forgot'>Click Here</a>.
</form>";
echo "</fieldset>";
}
?>

 

 

As you can see, I am "logged in" but the other script doesn't recognize that I am logged in.

The "Logout" is dynamic and only shows according to this peice of code:

<?php if($_SESSION){ ?>
<li class="root" >
<a class="orphan item bullet" href="?goto=logout.php&logout=true">
<span>
Logout				   
</span>
</a>
</li>	
<?php } ?>

 

And here is the dynamic code that I use on the bottom:

<?php if($_SESSION['username']){ ?>
Logged in as: <strong><?php echo $_SESSION['username']; ?></strong>
<?php } else { ?>
Welcome <strong>Guest</strong>, <a href="http://runescapesr.com/beta/?goto=register&signup=true">registering</a> is completely free!
<?php } ?>

 

Why doesn't it recognize when I try to use

<?php if($_SESSION['username']){ ?> 

 

but it does when I try to use this:

<?php if($_SESSION){ ?>

[gizmola]

Start with -- if you're trying to check for the existence of a variable then use isset().  However let's say you have $_SESSION['username'] = ''.  What do you think isset() will return?  If you're trying to determine if the username actually contains something then try if (isset($_SESSION['username'] || empty(trim($_SESSION['username'])).

 

With that said, the obvious issue with your script is that you are doing session_start() twice.  You need to start the session at the start of the script whether or not a person is logged in, and there is no reason to do a 2nd session_start() after that.

[Lukeidiot]

Start with -- if you're trying to check for the existence of a variable then use isset().  However let's say you have $_SESSION['username'] = ''.  What do you think isset() will return?  If you're trying to determine if the username actually contains something then try if (isset($_SESSION['username'] || empty(trim($_SESSION['username'])).

 

With that said, the obvious issue with your script is that you are doing session_start() twice.  You need to start the session at the start of the script whether or not a person is logged in, and there is no reason to do a 2nd session_start() after that.

 

I've deleted the multiple session_starts(), and also changed to if(isset($_SESSION['username'])) however it still is producing the same error. Any ideas?

[phpSensei]

You weren't even logged in properly the first time

 

<?php if($_SESSION){ ?>

 

to

 

<?php if(isset($_SESSION['username'] || empty(trim($_SESSION['username'])){ ?>

 

 

This doesn't mean your logged in, the session can still have no value returned yet be set.

 

print $_SESSION['username'] and see the output on the page.

[Lukeidiot]

You weren't even logged in properly the first time

 

<?php if($_SESSION){ ?>

 

to

 

<?php if(isset($_SESSION['username'] || empty(trim($_SESSION['username'])){ ?>

 

 

This doesn't mean your logged in, the session can still have no value returned yet be set.

 

print $_SESSION['username'] and see the output on the page.

 

I wonder stand that, and I've tried it. The problem I am facing is that the $_SESSION is not registering. Any ideas?