Sessions dying

LiTe · February 22, 2007

I'm implementing MD5 hashing for my login but the sessions keep dying when I navigate to a different page.

My old code works fine when navigating.

The new script logs in fine but just loses the session after going to a different link.

//----------------------------NEW LOGIN SCRIPT------------------------

if ($_GET['Login'] == "True") {
$count = mysql_num_rows(mysql_query("SELECT * FROM `Users` WHERE `account`='$_POST[username]'"));
if ($count == 0) { //$count will either be a 0 (user don't exist) or a 1 (user exists), no duplicate accounts
	$_SESSION['Login']="BAD";
}
if (isset($_POST['Username']) && isset($_POST['Password'])) {
	$query = "SELECT account, active, salt, password
		FROM `Users` WHERE `account`='" . $_POST['Username'] . "'";
		$result = mysql_query($query);
		while($r=mysql_fetch_array($result))
		{
			$cPass = $r['password'];
			if ($r['active'] == "0") {
				session_destroy();
				die("User is disabled");
			}
			$cSalt = $r['salt'];
			$oPass = $_POST['Password'] . $cSalt;

			if (md5($oPass) == $r['password']) {
				$_SESSION['Username'] = $_POST['Username'];
				$_SESSION['Hash'] = md5("$oPass");
				$_SESSION['Login']="GOOD";
			} else {
				$_SESSION['Login']="BAD";
			}
		}
}
}






//----------------------------OLD LOGIN SCRIPT------------------------
if ($_GET['Login'] == "True") {
$count = mysql_num_rows(mysql_query("SELECT * FROM `Users` WHERE `active`='1' AND `account`='" . $_POST['Username'] . "' AND `password`='" . $_POST['Password'] . "'"));
if ($count == "1") {
	$_SESSION['Login']="GOOD";
	$_SESSION['Username']=$_POST['Username'];
} else {
	if (isset($_POST['Username']) || isset($_POST['Password'])) {
		$_SESSION['Login']="BAD";
	}
}
}

jcbarr · February 22, 2007

session_start() needs to go at the very top of the page before any other code.

I don't know if you omitted that, or if it doesn't exist. If it doesn't then it needs to.

Also it may help if you show us one of the pages that you go to that loses the session.

LiTe · February 22, 2007

There is an index.php and all the links go ?cat=(link) in index.php.

jcbarr · February 22, 2007

We need to see the code from that page...

LiTe · February 22, 2007

which code? has a lot of code

read what I said in the first post, I gave you the code that don't work and the code that does work

jcbarr · February 22, 2007

You said the login works fine, the issue is when you leave that page and go to another correct?

Then I would think the issue lies on one of those other pages.

Show the code that seems relevant, or at least the part of the code that is dealing with the session variables.

Have you tried echoing the session variables on the login page to make sure they aren't empty?

LiTe · February 22, 2007

The only page that has any session code is the index.php.

LiTe · February 22, 2007

can't edit because button is junk,

I put

echo $_SESSION['Login'] . "<br>" . $_SESSION['Username'] . "<br>" . $_SESSION['Hash'];

at the bottom and top of the index.php

when I login, it's all correct seems there is no reason it would be losing the session, but when I go to any other page it loses it.

LiTe · February 22, 2007

Update:

I remove this code and the sessions work..:

$count = mysql_num_rows(mysql_query("SELECT * FROM `Users` WHERE `account`='$_POST[username]'"));
if ($count == 0) {
	$_SESSION['Login']="BAD";
}

Sign In

Sessions dying

Recommended Posts

LiTe

Link to comment

Share on other sites

jcbarr

Link to comment

Share on other sites

LiTe

Link to comment

Share on other sites

jcbarr

Link to comment

Share on other sites

LiTe

Link to comment

Share on other sites

jcbarr

Link to comment

Share on other sites

LiTe

Link to comment

Share on other sites

LiTe

Link to comment

Share on other sites

LiTe

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information