Jump to content

Help .. session not working in a cetain php


nadhim

Recommended Posts

hello i really need help

i cant get session to work in a particular php file but it works with others here are the codes

 

i'm working in mysql tables of student marks

i want to allow all students to logon and each one see his greads with a chart

 

 

i started with login.php

 

login.php

<?php


include("config.php");


session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{

// username and password sent from Form 


$myusername=addslashes($_POST['username']); 
$mypassword=addslashes($_POST['password']); 


$sql="SELECT id FROM users WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$active=$row['active'];
$count=mysql_num_rows($result);





// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
session_register("myusername");
$_SESSION['login_user']=$myusername;



header("location: users/panel.php");
}
else 
{
header("Location: invalid_login.html");
}
}

?>


 

then this will start a session in

 

lock.php

 

<?php 
include('config.php');
session_start();

$user_check=$_SESSION['login_user'];

$ses_sql=mysql_query("select username from users where username='$user_check' ");

$row=mysql_fetch_array($ses_sql);

$login_session=$row['username'];






if(!isset($login_session))
{
     
header("Location: login.php");
}


?>

 

 

then the result will be showed in auth.php which i included in the students' page to say welcome ..user...

 

<?php


include('lock.php');

print $login_session; 


?>

 

 

 

i have a table with the marks and i need to do charts and show marks  from that table

 

to show marks i used the following code and then include it in students page to see results

 

 

get_marks.php

 

 



<?php




include("config.php"); 


// connect to the mysql server 
$link = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) 
or die ("Could not connect to mysql because ".mysql_error()); 


// select the database 
mysql_select_db($mysql_database) 
or die ("Could not select database because ".mysql_error()); 




$query  = "SELECT id, sno, maths, english, physics, servicew, ast, defstudy, nav, other FROM Marks WHERE sno = '$login_session'";
$result = mysql_query($query);




if (mysql_query($query)) {
    echo "";
} else {
    echo 'Incorrect Name: ' . mysql_error() . "\n";
}


echo "<table border='0' bordercolor='#ffffff'  width=200 cellspacing=10 CELLSPACING=0 padding-bottom: 10px style='color:#629fa8 ;font-size:15px ;font-family: Georgia; font-weight:blod; background-color:#ffffff'>
<tr>


</tr>";

while($row = mysql_fetch_array($result))
   {




   echo "<tr>";
echo "<td style='color:#2f2f2f; font-size:15px; font-family: Georgia; border-bottom:non; font-weight:normal; background-color:#ffffff'>English:</td>";




   echo "<td>" . $row['english']. "</td>";
echo "</tr>";




   echo "<tr>";
echo "<td style='color:#2f2f2f; font-size:15px; font-family: arial; font-weight:normal; background-color:#ffffff'>Mathmatics:</td>";
   echo "<td>" . $row['maths'] . "</td>";
echo "</tr>";






   echo "<tr>";
echo "<td style='color:#2f2f2f; font-size:15px; font-family: arial; font-weight:normal; background-color:#ffffff'>Physics:</td>";
   echo "<td>" . $row['physics'] . "</td>";
echo "</tr>";




   echo "<tr>";
echo "<td style='color:#2f2f2f; font-size:15px; font-family: arial; font-weight:normal; background-color:#ffffff'>Servics writing:</td>";
   echo "<td>" . $row['servicew'] . "</td>";
echo "</tr>";




   echo "<tr>";
echo "<td style='color:#2f2f2f; font-size:15px; font-family: arial; font-weight:normal; background-color:#ffffff'>AST:</td>";
   echo "<td>" . $row['ast'] . "</td>";
echo "</tr>";




   echo "<tr>";
echo "<td style='color:#2f2f2f; font-size:15px; font-family: arial; font-weight:normal; background-color:#ffffff'>Navigation:</td>";
   echo "<td>" . $row['nav'] . "</td>";
echo "</tr>";






   echo "<tr>";
echo "<td style='color:#2f2f2f; font-size:15px; font-family: arial; font-weight:normal; background-color:#ffffff'>Defence Studies:</td>";
   echo "<td>" . $row['defstudy'] . "</td>";
echo "</tr>";




   echo "<tr>";
echo "<td style='color:#2f2f2f; font-size:15px; font-family: arial; font-weight:normal; background-color:#ffffff'>Other:</td>";
   echo "<td>" . $row['other'] . "</td>";
echo "</tr>";








   }
echo "</table>";



?>

 

 

 

 

 

 

 

notice this is where i put the session to get the logged student marks from the table row

 

$query  = "SELECT id, sno, maths, english, physics, servicew, ast, defstudy, nav, other FROM Marks WHERE sno = '$login_session'";

 

i used the $login_session to specify the logged student number and get his marks from the table

this works fine and the marks showed for everybody logged in by taking his username( which is a number called (sno) in the table ) and get the data from MYSQL

 

 

but the chart has problems why ?

i have no idea

 

the chart includes

 

 

phpgraphlib.php to configure it

 

and this file : mysql_graph_bar.php

 

<?php


include("phpgraphlib.php");
$graph=new PHPGraphLib(320,170); 


include("config.php"); 


// connect to the mysql server 
$link = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) 
or die ("Could not connect to mysql because ".mysql_error()); 


// select the database 
mysql_select_db($mysql_database) 
or die ("Could not select database because ".mysql_error()); 




$query  = "SELECT id, sno, maths, english, physics, servicew, ast, defstudy, nav, other FROM marks WHERE sno = '$login_session'";




$result = mysql_query($query); if ($result) {  
while ($row = mysql_fetch_assoc($result)) {  


    
$english=$row["english"];
$maths=$row["maths"];
$physics=$row["physics"];
$servicew=$row["servicew"];


$ast=$row["ast"];
$nav=$row["nav"];
$defstudy=$row["defstudy"];
$other=$row["other"];






     
//add to data areray      
$dataArray[$english]=$english; 
$dataArray[$maths]=$maths; 
$dataArray[$physics]=$physics; 
$dataArray[$servicew]=$servicew; 


$dataArray[$ast]=$ast; 
$dataArray[$nav]=$nav; 
$dataArray[$defstudy]=$defstudy; 
$dataArray[$other]=$other;


}


}  
//configure graph
$graph->addData($dataArray);
$graph->setupXAxis(12, 'gray');
$graph->setupYAxis(12, 'gray');
$graph->setTextColor('gray');
$graph->setGridColor('236,236,236');
$graph->setDataValues(false);
$graph->setGoalLine('65');
$graph->setGoalLineColor('red');
$graph->setDataFormat('%');
$graph->setGradient("Teal", "Teal");
$graph->setBarOutlineColor("gray");
$graph->setDataValues(false);
$graph->createGraph();


 

and this will be showed as an image in the student page by writing this code

 

<img src="mysql_graph_bar.php" />

 

 

 

the problem when i put the session same as marks after (sno) i wont get anything it fails and give damaged image where the chart should be

 

Example: this doesn't work because i used sno = '$login_session'

 

$query  = "SELECT id, sno, maths, english, physics, servicew, ast, defstudy, nav, other FROM marks WHERE sno = '$login_session'";

 

when i changed the value to a specific student number (sno) from the table (marks) it works

 

example student number 123456

 

$query  = "SELECT id, sno, maths, english, physics, servicew, ast, defstudy, nav, other FROM marks WHERE sno = '123456'";

 

 

 

please help me to get the session result works..

Link to comment
Share on other sites

and another thing i didnt use  session_start(); in Get_marks.php

but it gives the result

 

why the other file (mysql_graph_bar.php) can't git it ?

 

is there any effect of including two phps in this php ?

i spent masive hours trying to solve this

Link to comment
Share on other sites

I recommend moving session_start () to "config.php", and use it only there. It seems you're including this file in all of your entrance files, and as such it would be a good place to keep it. Will give you access to the session whenever you need it, without having to worry about it.

 

Secondly, you do not need to have session_start () in front of everything, as long as these two conditions are fulfilled:

  • It is before you attempt to use the $_SESSION superglobal, or anything else related to the session.
  • It is used before any content, besides other headers, are sent to the browser.

 

You've also used quite a few deprecated functions, such as session_register () and the entire mysql_* () library of functions. The former have been replaced by the $_SESSION superglobal, and the latter by MySQLi and/or PDO.

There is also a quite distinct lack of any type of input validation and output escaping in your scripts, which leaves you wide open for any attackers. Something you need to rectify asap.

 

I've taken the liberty of starting to cleaning up your code a bit, to show how it should be done. Left a few comments in the code, and noted down a few parts where you need to write some code.

<?php

include ("config.php");

session_start ();

if ($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from Form
// CF: Added alpha-numeric validation to the username 
if (ctype_alnum ($_POST['username'])) {
	$myusername = $_POST['username'];
} else {
	// TODO: Show error, repopulate login form, and show it again.
}

$mypassword = $_POST['password'];

// TODO: Retrieve the salt from the database, and hash the password with the salt from the database.

// CF: Added output escaping, to protect against SQL injections.
$sql = "SELECT id FROM users WHERE username='%s' and password='%s'";
$sql = sprintf ($sql, mysql_real_escape_string ($myusername), mysql_real_escape_string ($mypassword));
$result = mysql_query ($sql);

// If result matched $myusername and $mypassword, table row must be 1 row
if (mysql_num_rows ($result) == 1) {
	$row = mysql_fetch_array ($result);
	$active = $row['active'];

	$_SESSION['login_user'] = $myusername;
	header ("Location: users/panel.php");
	// CF: ALWAYS use die () after sending a Location header.
	die ();
} 

header ("Location: invalid_login.html");
// CF: ALWAYS use die () after sending a Location header.
die ();
}

?>

Link to comment
Share on other sites

The $login_session isnt used any where else

Actually im not that good in php im good at html more

 

I used login_session to show the user in external page to say hellow ( user) but i needed the same result to get data from marks table i didnt have any other code with $login_session

 

Im sure i miss understand something in this code and its about this value and this is why i need help because i got  sick trying to solve it i really really thank you

 

I will keep trying and inform you and if you want the whole source files i can upload them to you its not website its a school project

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.