php session question.. how to pass the session id in another script?

[vinsux]

 

php session question.. how to pass the session id in another script?

 

i'm using cookie in my localhost, but when my website is up.. the params is different so it gives me many errors..

my friend tells me to use session instead of cookie.. so i changed it to cookie..

but when i log in in the destination script..

it tells that the user is not logged in..

 

index.php (LOG-IN SCRIPT)

 

<?php 

mysql_connect("localhost","ocmpq_vinsux","3aazwzr9tx29") or die(mysql_error()); 
mysql_select_db("ocmpq_login") or die(mysql_error()); 
session_start();
$errors="";
$message="";

if(isset($_SESSION['id']))

{ 
	$username = $_SESSION['id']; 
	$pass = $_SESSION['pass'];

	 	$check = mysql_query("SELECT * FROM students  WHERE username = '$username'")or die(mysql_error());

	while($info = mysql_fetch_array( $check )) 	
		{
		if ($pass != $info['password']) 
			{

			 }

		else
			{

			}
		}
}

if (isset($_POST['submit'])) 
{ 

	if(!$_POST['username'] | !$_POST['pass']) {
		die('You did not fill in a required field...<a href=index.php>Back</a>');
	}

if (empty($errors)){
	//continue
		//Check for valid type
		$allowed_types = array('students','faculty');
		if (!in_array($_POST['type'],$allowed_types)){
			$errors .= "Please select a valid account type.";
		}else{
			$typecheck = $_POST['type'];
		}	

if (empty($errors)){
	//continue
		if (get_magic_quotes_gpc()){
			function stripslashes_deep($value)		{
			$value = is_array($value) ?
			array_map('stripslashes_deep', $value) :
			stripslashes($value);
			return $value;
			}
		$_POST = array_map('stripslashes_deep', $_POST);
		}
	}

	}

	$check = mysql_query("SELECT * FROM $typecheck WHERE username = '".$_POST['username']."'")or die(mysql_error());

$check2 = mysql_num_rows($check);

if ($check2 == 0) {
		die('That user does not exist in our database.<a href=index.php>Back</a>');
				}

while($info = mysql_fetch_array( $check )) 	
{

$_POST['pass'] = stripslashes($_POST['pass']);
	$info['password'] = stripslashes($info['password']);
	$_POST['pass'] = md5($_POST['pass']);

	if ($_POST['pass'] == $info['password']) {


	$id = $info['username'];
	$pass = $info['pass'];

	$_SESSION['id'] = $id;
	$_SESSION['pass'] = $pass;

switch($typecheck) {
    case "students" :
         header("location:student.php"); 
         break;
    default: 
         header("location:faculty.php"); 
}

	}
else 
{ 

die('Incorrect password, please try again.<a href=index.php>Back'); 	 
	} 
   } 
  }
else 
{	 

?> 

<!DOCTYPE html>
<html lang="en">

<?php include('include/header.php'); ?>

<body>
<?php include('include/container.php'); ?>    
        <div id="main">
            <section id="content">
                <div id="left">
                    <h3>Navigation</h3>
				<div style="border: 1px solid #000000; margin-top: 20px; margin-left: 10px; margin-right: 10px; margin-bottom: 20px; background-color: #F5F5FF; ">                              

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
<br>

<table border="0"> 
<br>
<tr><th colspan=2><center><h5><b><u>login your account</b></u></h5></center>
</th></tr> 
<tr><th><br>usn / id:</th><th> 
<br><input type="text" name="username" maxlength="20"> 
</th></tr> 
<tr><th><br>password:</th><th> 
<br><input type="password" name="pass" maxlength="20" > 
</th></tr> 
<tr>
		<th><br>login as:</th>
		<th colspan="3">
			<br><select name= "type">
			<?php
				$atype = array(
				"students" => "Student",
				"faculty" => "Teacher"
				);
				foreach($atype as $tkey => $tvalue){
				$selected_type = (isset($_POST['type']) && $_POST['type']==$tkey ? 'selected="selected"' : '');
				echo "<option value=\"$tkey\" $selected_type>$tvalue</option>\r";
				}
				?>	
			</select>
		</th>
	</tr>
        
<tr><th colspan="2" align="center"> 
<br>
<br>
<input type="submit" name="submit" value="Login" style="width: 100px; height: 25px"> 
<br>
<br>
<br>
<br>
</th></tr>  
</table> 
</form> 

<?php 
}
?>
</div>


                </div>
                 <div id="right">
                    <h3>Online Course Materials</h3>
                   <div style="border: 1px solid #000000; 
			width :580px; 
			margin-top: 20px; 
			margin-left: 25px;
			margin-right: 20px;
			margin-bottom: 20px;
			padding:20px 20px 20px 20px ; 		
			background-color: #F5F5FF;">     
			 <?php
			echo "<br />";
			echo "<br />";
			echo "<br />";
			echo " &nbsp<b><i>AMA Online Course Materials Registration Procedure</i></b>";
			echo "<br />";
			echo "<br />";
			echo " &nbsp &nbsp - Only the faculty members can register a student";
			echo "<br />";
			echo "<br />";
			echo " &nbsp &nbsp - The registration process will require  the students
			<br /> &nbsp &nbsp &nbsp to present their IDs or CORs that will prevent forgeries 
			<br /> &nbsp &nbsp &nbsp in the information they will provide and to confirm which 
			<br /> &nbsp &nbsp &nbsp subjects is the student enrolled.<br>
			<br /><br /> ";
			echo " <p align='justify' style='margin-left:2em; margin-right:2em'> 
					   The project Online Course Material will be a web-based program that 
					can access by the facultyand students of AMA Para単aque. The students must 
					have a registered account so that they can access the website and the
					registration of the accounts of the students must be registered by their 
					teachers to avoid outsiders to register to the  website.
					</p>
					<br />
					<p align='justify' style='margin-left:2em; margin-right:2em'>
					   The full purpose of this project is intended to help the
					students and faculty to gather information from their subjects easily.
					And for the students who has to leave school for a while due to reasonable  
					reasons like death of relatives, with the website they cannot skip some of 
					the lessons in school. </p>"; 

			?>

</div>
</div>
</div>


<?php include('include/footer.php'); ?>

</body></html>

 

 

 

student.php (destionation page after the user log in)

 

<?php 
mysql_connect("localhost","ocmpq_vinsux","3aazwzr9tx29") or die(mysql_error()); 
session_start();
mysql_select_db("ocmpq_login") or die(mysql_error());
if(isset($_SESSION['id'])) 
{ 
	$username = $_SESSION['id']; 
	 	$check = mysql_query("SELECT * FROM students WHERE username = '$username'")or die(mysql_error()); 
	while($info = mysql_fetch_array( $check )) 	 

		{ 

		if ($pass != $info['password']) 
			{ 
		echo "you're not logged in";
			} 
	else 
			{ 
		$name = $info['namelast']. ", " . $info['namefirst'];
		 echo "<br />";
			 echo "  you are logged in as:<p>"; 
		 echo "     <b><u>$name</b></u>";
		 echo "<br />";
		 echo "<br />";
			} 
		} 
		} 
  else 		 

{			 
echo "Your are not logged in";
} 

?>

 

 

 

also i changed the HEADER("location: index.php") to echo "you are not logged n";

to see the errors.. pls. help...... i really need to fix a big trouble in my website...

 

 

i got header errors too in many of my pages

[ManiacDan]

There are a LOT of problems with these scripts.  For one, change your database username and password immediately, you posted them online.  go, now, before you finish reading this.  Change them.

 

Now that your password is changed, you're unfortunately going to have to be more clear.  Your original problem statement:

 

 

i'm using cookie in my localhost, but when my website is up.. the params is different so it gives me many errors..

my friend tells me to use session instead of cookie.. so i changed it to cookie..

What params are different?  Why did you decide the solution was sessions instead of cookies?  You say you changed TO cookies, do you  mean AWAY from cookies and TO sessions? 

 

Do you realize that student.php uses $pass without ever getting it out of the session?  Maybe that's your entire problem.  If you're not seeing the warning that line would throw, you're developing without error_reporting turned on  and that's wrong.  You can never write good scripts if you  have all your error reporting turned off.