Problems with login script

[dazzathedrummer]

Hi, 

 

The 'admin' section of my website stopped working a couple of months ago and I'm just trying to fix it - I was getting an error about Session_Register being deprecated and I'm now trying to knife and fork my way around it with results from various google searches.

 

I'm an advanced SQL user but only occasionally dabble with PHP so any help would be appreciated.

 

 

So, basic set up, login page checks credentials against the DB, a session cookie is set and you're let into the admin area - my script is looping me back to the login page as my !isset is true.....because I can't figure out how to set it with the new functions!

 

This is the login include.....

<?php
$host="database.lcn.com"; // Host name 
$username="blahblah"; // Mysql username 
$password="blahblah"; // Mysql password 
$db_name="blahblah_db"; // Database name 
$tbl_name="users"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['username']; 
$mypassword= md5($_POST['pass']);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM users WHERE is_obv = '1' and username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username'] = $myusername;
$_SESSION['pass'] = $mypassword; 
header("location:../admin");
}
else {
header("location:http://www.web.co.uk/ooops");
}
?>

and this is the 'login_success' include that I include on each protected page....

<? 
session_start();
if(!isset($_SESSION['username'])){
header("location:http://www.web.co.uk/login");
}

?>

Darren

[Zephni]

Just checking before looking into it further. But are you running session_start(); at the top of that page? I know it's on the "protected pages" but you can't manipulate the session variables if you haven't started it which you are trying to do on the login page by the looks of things.

Edited December 17, 2015 by Zephni

[dazzathedrummer]

Just checking before looking into it further. But are you running session_start(); at the top of that page? I know it's on the "protected pages" but you can't manipulate the session variables if you haven't started it which you are trying to do on the login page by the looks of things.

session_start(); is in the second include that appears on each page once you're through the door - but not on the initial login include.....should it be?

[Zephni]

Yep, and it should always be the first thing at the top of the page. This is because you are trying to change the $_SESSION values which won't be associated with any particular session if you don't session_start(); first. Then on the next page it will be like the session was never set.

 

So just try adding:

session_start();

Underneath your opening <?php tag

Edited December 17, 2015 by Zephni

[dazzathedrummer]

Yep, and it should always be the first thing at the top of the page. This is because you are trying to change the $_SESSION values which won't be associated with any particular session if you don't session_start(); first. Then on the next page it will be like the session was never set.

 

Yes - I've just added it and it now works fine!!

 

thanks for your help - I guess I should read up on this!