Jump to content

Problems with login script


dazzathedrummer
Go to solution Solved by Zephni,

Recommended Posts

Hi, 

 

The 'admin' section of my website stopped working a couple of months ago and I'm just trying to fix it - I was getting an error about Session_Register being deprecated and I'm now trying to knife and fork my way around it with results from various google searches.

 

I'm an advanced SQL user but only occasionally dabble with PHP so any help would be appreciated.

 

 

So, basic set up, login page checks credentials against the DB, a session cookie is set and you're let into the admin area - my script is looping me back to the login page as my !isset is true.....because I can't figure out how to set it with the new functions!

 

This is the login include.....

<?php
$host="database.lcn.com"; // Host name 
$username="blahblah"; // Mysql username 
$password="blahblah"; // Mysql password 
$db_name="blahblah_db"; // Database name 
$tbl_name="users"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['username']; 
$mypassword= md5($_POST['pass']);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM users WHERE is_obv = '1' and username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username'] = $myusername;
$_SESSION['pass'] = $mypassword; 
header("location:../admin");
}
else {
header("location:http://www.web.co.uk/ooops");
}
?>

and this is the 'login_success' include that I include on each protected page....

<? 
session_start();
if(!isset($_SESSION['username'])){
header("location:http://www.web.co.uk/login");
}

?>

Darren

Link to comment
Share on other sites

Just checking before looking into it further. But are you running session_start(); at the top of that page? I know it's on the "protected pages" but you can't manipulate the session variables if you haven't started it which you are trying to do on the login page by the looks of things.

Edited by Zephni
Link to comment
Share on other sites

Just checking before looking into it further. But are you running session_start(); at the top of that page? I know it's on the "protected pages" but you can't manipulate the session variables if you haven't started it which you are trying to do on the login page by the looks of things.

session_start(); is in the second include that appears on each page once you're through the door - but not on the initial login include.....should it be?

Link to comment
Share on other sites

  • Solution

Yep, and it should always be the first thing at the top of the page. This is because you are trying to change the $_SESSION values which won't be associated with any particular session if you don't session_start(); first. Then on the next page it will be like the session was never set.

 

So just try adding:

session_start();

Underneath your opening <?php tag

Edited by Zephni
Link to comment
Share on other sites

Yep, and it should always be the first thing at the top of the page. This is because you are trying to change the $_SESSION values which won't be associated with any particular session if you don't session_start(); first. Then on the next page it will be like the session was never set.

 

Yes - I've just added it and it now works fine!!

 

thanks for your help - I guess I should read up on this!

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.