Replacing session_register and session_is_registered

[spacepoet]

Hello:

 

I am getting an error message when I try to use my login page, so I am trying to update it.

But, the login page does not work - it seems I am not registering the Session properly.

 

Any idea why?

 

Login.php

<?php

include('../include/myConn.php');
include('include/myAdminNav.php');

session_start();
session_destroy();

$message="";

$Login=$_POST['Login'];
if($Login){
$myUserName=$_POST['myUserName'];
$myPassword=$_POST['myPassword'];

$result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$myPassword'");
if(mysql_num_rows($result)!='0'){

//session_register("myUserName");
$_SESSION['myUserName'] = $myUserName;

header("location:a_Home.php");
exit;
}else{
$message="<div class=\"myAdminLoginError\">Incorrect Username or Password</div>";
}

}
?>


<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">
...
</form>

 

myCheckLogin.php

<?
session_start();

//if(!session_is_registered(myUserName)){
if(!$_SESSION['myUserName']);

{
header("location:Login.php");
}
?>

 

 

I am stuck on what I am missing ..

 

Thanks!

 

 

 

 

 

 

 

[Pikachu2000]

In what way does it not work? What happens, exactly?

[spacepoet]

Good point .. I should have been more specific ..

 

When I enter the username and password into the form and hit submit, then form just clears the fields and doesn't "go" anywhere ..

 

Does that make sense??

 

Thanks for the reply!

[Pikachu2000]

What is the form markup?

Don't use short open <? tags, they'll come back and bite you one day. Use full <?php open syntax.

Don't use $PHP_SELF, it's been deprecated for 10 years, and don't use $_SERVER['PHP_SELF'] either. Just use action="" to submit a form to itself.

You should be validating and sanitizing any and all user supplied data before it goes in a database query.

[spacepoet]

The form mark-up is really just this (with the styling DIVs removed):

<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">

<input name="myUserName" type="text" id="myUserName" size="40" />

<input name="myPassword" type="password" id="myPassword" size="40" />

<input name="Login" type="submit" id="Login" value="Login" />

</form>

 

Can you recommend a better way, based on your comments about sanitation of data?

 

I have been reading a book on PHP, but I am not there yet in terms of fully understanding what is modern and what is old ...

[Pikachu2000]

As far as the form just clearing, I'm going to guess the query is either failing, or isn't returning any matching records because even if the header redirect was ignored by the browser, the code would exit() before the form was displayed. Do you have error_reporting set up with:

 

error_reporting = -1

display_errors = On

 

in your php.ini file?

 

 

[spacepoet]

Hi again:

 

Sorry, my mistake on one thing: the form fields are NOT clearing out the data, but everything else is as I listed it. I know all the database fields, login credentials are correct. This worked fine until I got the error message about those function no longer being valid.

 

I do have the info added to the php.ini file, but no errors are displayed.

 

This is hosted on one of GoDaddy's unlimited plans, where there is one main domain/site in the root folder, and all the other sites - such as the one in question - are build in subfolders. Maybe that's a cause? The site use to be in the root of its own hosting package.

 

Is it time for a new login script ??

 

This is my friend's site, so for once I'm not rushed to find a solution ..

 

[kicken]

myCheckLogin.php

if(!$_SESSION['myUserName']);
{

 

That is incorrect.  You should not have the semi-colon at the end of the if.  Doing so terminates the if there and causes the header line below it to always be executed, regardless of whether the condition is true or not.