Pandolfo Posted November 14, 2006 Share Posted November 14, 2006 Hey everyone,Thanks for looking at my post. I'm working on a web application for a while now and while some aspects work well others, namely sessions, are driving me nuts. I think i'm close, but i can't seem to nail down what i'm missing (this is my first adventure with sessions). The user authentication works, but i can't seem to pass the username from the login page to the main administration page. Everything in the administration page hinges on the username being available. Anway, if you have a moment please look over the code and let me know what you think. Thanks in advance!SamHere's the Login page[code]<html><link rel="stylesheet" type="text/css" href="style.css"/><head><title> RSO Administration Login</title></head><body><div align="center"> <p> </p> <p> </p> <p class="style1">SIUC R.S.O Administration Login</p> <HR size="1" color="#FFFFFF" width="80%"> <p class="style1"> </p> <table width="41%" border="0" cellspacing="0" cellpadding="0"> <tr> <td>Please enter your Organization's Admin Username and Password below. </td> </tr> </table> <form action="login.php" method=POST language="JavaScript" name="login"> <table width="40%" border="0" cellspacing="0" cellpadding="0"> <tr> <td colspan="5"> </td> </tr> <tr> <td width="120"> </td> <td colspan="2"><strong>Username</strong>:</td> <td width="151"> <input type="text" name="username"> </td> <td width="141"> </td> </tr> <tr> <td></td> <td colspan="2"><strong>Password</strong>:</td> <td> <input type="password" name="password"> </td> <td> </td> </tr> <tr> <td colspan="5"> </td> </tr> </table> <table width="40%" border="0" cellspacing="0" cellpadding="2"> <tr> <td width="37%"> </td> <td width="13%" align="center"><input type="submit" name="Login" value="Login"></td> <td width="2%"> </td> <td width="13%" align="center"><input type="reset" name="Reset" value="Reset"></td> <td width="35%"> </td> </tr> <tr> <td colspan="5"> </td> </tr> <tr align="center"> <td colspan="5"><p class="style2">Forgot your Username / Password? Click <a href="">here</a></p></td> </tr> </table> <p> </p> <p class="style1"> </p></div></form></body></html>[/code]And now the login.php script which authenticates the users and (hopefully someday) passes the session data to the next page.[code]<?phpinclude("config.php");// connect to the mysql server$link = mysql_connect($server, $db_user, $db_pass)or die ("Could not connect to mysql because of the following error. Please contact site Admin if this persists <br>" .mysql_error());// select the databasemysql_select_db($database)or die ("Could not select database because of the following error. Please contact site Admin if this persists <br>".mysql_error());//Grab the contents of the text fields$username = trim($_POST['username']);$password = trim($_POST['password']);$sql_username_check = mysql_query("select adminname, adminpass from rsoadmin where adminname = '$username' and adminpass = '$password';");$username_check = mysql_num_rows($sql_username_check);if($username_check !=1){echo "Sorry, there is no username with the specified password.<br>";echo "<a href=login.htm>Try again</a>";echo $username;echo $password;exit;}else{session_register("adminname");session_register("adminpass");session_register("rsoid");session_register("rsoname");session_register("rsobalance");session_register("rsopres");session_register("rsovp");session_register("rsosec");session_register("rsotres");session_register("loggedin");// set logged in to 1 $userid=$_POST['username'];$loggedin=1;$gotonext ='rsohome.php';header('Location: '. $gotonext);exit;}?>[/code]Lastly, the Admin page which should pickup the userid (username) from the login script.[code]<?session_start();if ($loggedin == 1) { mysql_connect("localhost","root",""); mysql_select_db("rso"); $result = mysql_query("select * from rsoadmin where adminname = $userid"); while($r=mysql_fetch_array($result)) { $rsoid=$r["rsoid"]; $rsoname=$r["rsoname"]; $adminname=$r["adminname"]; $adminpass=$r["adminpass"]; $rsobalance=$r["rsobalance"]; $rsopres=$r["rsopres"]; $rsovp=$r["rsovp"]; $rsosec=$r["rsosec"]; $rsotres=$r["rsotres"]; $welcomeuser= "<div class=help><table align=left width=95% cellspacing=0 cellpadding=8> <tr><td> <b> <font size=2 color=red>You are curretly logged in as $userid </b> </font></td> <td align=right> <b> <a href=logout.php>Logout</a> </b> </tr> </table> <br><br></div>";echo $welcomeuser; }}else { echo "Sorry, you are not logged in. Please click on the link below to log in again<br>"; echo "<a href=login.htm>Try again</a></body></html>";}?>[/code] Link to comment https://forums.phpfreaks.com/topic/27224-sessions-problemnear-death/ Share on other sites More sharing options...
kenrbnsn Posted November 14, 2006 Share Posted November 14, 2006 First, you need to have the [code]<?phpsession_start();?>[/code]statement at the start of each script where you intend to use sessions.Second, do not use the session_register() function. Explicitly set your session variables.[code]<?php$_SESSION['adminname'] = $username;$_SESSION['adminpass'] = $password; //actually a bad idea$_SESSION['rsoid'] = $rsoid;$_SESSION['rsoname'] = $rsoname;$_SESSION['rsobalance'] = $rsobalance;$_SESSION['rsopres'] = $rspres;$_SESSION['rsovp'] = $rsovp;$_SESSION['rsosec'] = $rsovp;$_SESSION['rsotres'] = $rsotres;$_SESSION['loggedin'] = true;?>[/code]Ken Link to comment https://forums.phpfreaks.com/topic/27224-sessions-problemnear-death/#findComment-124480 Share on other sites More sharing options...
Pandolfo Posted November 14, 2006 Author Share Posted November 14, 2006 Ken,Thanks for the help with sessions. I think they are working now for the most part. My problem now is that i need to grab the row of data which corresponds to the authenticated username and then assign the values of the fileds to previously registered session variables. I have a fetch array function in place, but i keep getting an erorr about the supplied argument being invalid. I've checked the query and it seems to run fine elsewhere. Any ideas? Maybe i made a syntax error? Thanks,SamHere's the offending block of code.[code]mysql_connect("localhost","root",""); mysql_select_db("rso"); $result = mysql_query("select * from rsoadmin where adminname = $adminname"); while($row=mysql_fetch_array($result)) { $rsoid=$row["rsoid"]; $rsoname=$row["rsoname"]; $adminname=$row["adminname"]; $adminpass=$row["adminpass"]; $rsobalance=$row["rsobalance"]; $rsopres=$row["rsopres"]; $rsovp=$row["rsovp"]; $rsosec=$row["rsosec"]; $rsotres=$row["rsotres"];[/code] Link to comment https://forums.phpfreaks.com/topic/27224-sessions-problemnear-death/#findComment-124717 Share on other sites More sharing options...
Pandolfo Posted November 15, 2006 Author Share Posted November 15, 2006 Okay...Sessions are working much better now. Thanks for the help Ken! I've posted the latest versions of the code i've been working on. There's one last part i need help with. I can destroy the session via the logout page just fine, but if i type in the address of the rsohome.php page it loads the page (minus session variables) instead of displaying the error messgae about not being logged in. Any ideas? Thanks,SamThe login Script[code]<?session_start();include("config.php");$link = mysql_connect($server, $db_user, $db_pass)or die ("Could not connect to mysql because of the following error. Please contact site Admin if this persists <br>" .mysql_error());mysql_select_db($database);$username = trim($_POST['username']);$password = trim($_POST['password']);$sql_username_check = mysql_query("select adminname, adminpass from rsoadmin where adminname = '$username' and adminpass = '$password';");$username_check = mysql_num_rows($sql_username_check);if($username_check !=1){echo "Sorry, there is no username with the specified password.<br>";echo "<a href=login.htm>Try again</a>";exit;}else{$sql =("select * from rsoadmin where rsoadmin.adminname ='$username';");$result = mysql_query($sql);if (!$result) { echo 'Could not run query: ' . mysql_error(); exit;}$row = mysql_fetch_row($result);$_SESSION['rsoid'] =$row[0];$_SESSION['rsoname'] =$row[1];$_SESSION['adminname'] =$row[2];$_SESSION['rsobalance'] =$row[4];$_SESSION['rsopres'] =$row[5];$_SESSION['rsovp'] =$row[6];$_SESSION['rsosec'] =$row[7];$_SESSION['rsotres'] =$row[8];$_SESSION['loggedin'] = true;$gotonext ='rsohome.php';header('Location: '. $gotonext);}exit;?>[/code]The RSO Home page (just a mockup to test the session variables)[code]<?session_start();if ($loggedin =true) { $break ="<br>";echo "The RSO ID is ".$_SESSION['rsoid'];echo $break;echo "The RSO Name is ".$_SESSION['rsoname'];echo $break;echo "The Admin Name is ".$_SESSION['adminname'];echo $break;echo "The Balance of the RSO account is ".$_SESSION['rsobalance'];echo $break;echo "The President of the RSO is ".$_SESSION['rsopres'];echo $break;echo "The Vice President of the RSO is ".$_SESSION['rsovp'];echo $break;echo "The Secretary of the RSO is ".$_SESSION['rsosec'];echo $break;echo "The Treasurer of the RSO is ".$_SESSION['rsotres'];echo $break;$logout ="Click <a href=logout.php>here</a> to logout";echo $logout;}else { echo "Sorry, you are not logged in. Please click on the link below to log in again<br>"; echo "<a href=login.htm>Try again</a></body></html>";}?>[/code]And the Logout script.[code]<?php session_start();$welcomeuser= "<div class=help><table align=left width=95% cellspacing=0 cellpadding=8> <tr><td> <b> <font size=2 color=red>User Logged Out </b> </font></td> <td align=right> <b> <a href=Login.htm>Login Again</a> </b> </tr> </table> <br><br></div>";echo $welcomeuser;// set loggedin as false$loggedin==false;// Unset all of the session variables.$_SESSION = array();// If it's desired to kill the session, also delete the session cookie.// Note: This will destroy the session, and not just the session data!if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/');}// Finally, destroy the session.session_destroy();?>[/code]Also, whenever i logout the following error occurs even though the session is destroyed?Warning: Cannot modify header information - headers already sent by (output started at C:\Program Files\xampp\xampp\htdocs\RSO\logout.php:4) in C:\Program Files\xampp\xampp\htdocs\RSO\logout.php on line 12Any help at all would really be great. Thanks! Link to comment https://forums.phpfreaks.com/topic/27224-sessions-problemnear-death/#findComment-125134 Share on other sites More sharing options...
craygo Posted November 15, 2006 Share Posted November 15, 2006 if you want to make sure someone is logged in. You can put something like this on EVERY PAGE[code]<?php// start the sessionsession_start();header("Cache-control: private");if (session_is_registered("adminname")) {// put your page here} else {// Display this if not logged inecho "No Soup for you";}?>[/code]Ray Link to comment https://forums.phpfreaks.com/topic/27224-sessions-problemnear-death/#findComment-125171 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.