spacepoet Posted June 26, 2012 Share Posted June 26, 2012 Hello: I am getting an error message when I try to use my login page, so I am trying to update it. But, the login page does not work - it seems I am not registering the Session properly. Any idea why? Login.php <?php include('../include/myConn.php'); include('include/myAdminNav.php'); session_start(); session_destroy(); $message=""; $Login=$_POST['Login']; if($Login){ $myUserName=$_POST['myUserName']; $myPassword=$_POST['myPassword']; $result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$myPassword'"); if(mysql_num_rows($result)!='0'){ //session_register("myUserName"); $_SESSION['myUserName'] = $myUserName; header("location:a_Home.php"); exit; }else{ $message="<div class=\"myAdminLoginError\">Incorrect Username or Password</div>"; } } ?> <form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>"> ... </form> myCheckLogin.php <? session_start(); //if(!session_is_registered(myUserName)){ if(!$_SESSION['myUserName']); { header("location:Login.php"); } ?> I am stuck on what I am missing .. Thanks! Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted June 26, 2012 Share Posted June 26, 2012 In what way does it not work? What happens, exactly? Quote Link to comment Share on other sites More sharing options...
spacepoet Posted June 26, 2012 Author Share Posted June 26, 2012 Good point .. I should have been more specific .. When I enter the username and password into the form and hit submit, then form just clears the fields and doesn't "go" anywhere .. Does that make sense?? Thanks for the reply! Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted June 26, 2012 Share Posted June 26, 2012 What is the form markup? Don't use short open <? tags, they'll come back and bite you one day. Use full <?php open syntax. Don't use $PHP_SELF, it's been deprecated for 10 years, and don't use $_SERVER['PHP_SELF'] either. Just use action="" to submit a form to itself. You should be validating and sanitizing any and all user supplied data before it goes in a database query. Quote Link to comment Share on other sites More sharing options...
spacepoet Posted June 26, 2012 Author Share Posted June 26, 2012 The form mark-up is really just this (with the styling DIVs removed): <form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>"> <input name="myUserName" type="text" id="myUserName" size="40" /> <input name="myPassword" type="password" id="myPassword" size="40" /> <input name="Login" type="submit" id="Login" value="Login" /> </form> Can you recommend a better way, based on your comments about sanitation of data? I have been reading a book on PHP, but I am not there yet in terms of fully understanding what is modern and what is old ... Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted June 26, 2012 Share Posted June 26, 2012 As far as the form just clearing, I'm going to guess the query is either failing, or isn't returning any matching records because even if the header redirect was ignored by the browser, the code would exit() before the form was displayed. Do you have error_reporting set up with: error_reporting = -1 display_errors = On in your php.ini file? Quote Link to comment Share on other sites More sharing options...
spacepoet Posted June 26, 2012 Author Share Posted June 26, 2012 Hi again: Sorry, my mistake on one thing: the form fields are NOT clearing out the data, but everything else is as I listed it. I know all the database fields, login credentials are correct. This worked fine until I got the error message about those function no longer being valid. I do have the info added to the php.ini file, but no errors are displayed. This is hosted on one of GoDaddy's unlimited plans, where there is one main domain/site in the root folder, and all the other sites - such as the one in question - are build in subfolders. Maybe that's a cause? The site use to be in the root of its own hosting package. Is it time for a new login script ?? This is my friend's site, so for once I'm not rushed to find a solution .. Quote Link to comment Share on other sites More sharing options...
kicken Posted June 26, 2012 Share Posted June 26, 2012 myCheckLogin.php if(!$_SESSION['myUserName']); { That is incorrect. You should not have the semi-colon at the end of the if. Doing so terminates the if there and causes the header line below it to always be executed, regardless of whether the condition is true or not. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.