Jump to content

Sessions dying

LiTe

By LiTe
in PHP Coding Help

 Share

Recommended Posts

LiTe Newbie

LiTe

Posted
Posted

I'm implementing MD5 hashing for my login but the sessions keep dying when I navigate to a different page.

 

My old code works fine when navigating.

 

The new script logs in fine but just loses the session after going to a different link.

 

//----------------------------NEW LOGIN SCRIPT------------------------

if ($_GET['Login'] == "True") {
$count = mysql_num_rows(mysql_query("SELECT * FROM `Users` WHERE `account`='$_POST[username]'"));
if ($count == 0) { //$count will either be a 0 (user don't exist) or a 1 (user exists), no duplicate accounts
	$_SESSION['Login']="BAD";
}
if (isset($_POST['Username']) && isset($_POST['Password'])) {
	$query = "SELECT account, active, salt, password
		FROM `Users` WHERE `account`='" . $_POST['Username'] . "'";
		$result = mysql_query($query);
		while($r=mysql_fetch_array($result))
		{
			$cPass = $r['password'];
			if ($r['active'] == "0") {
				session_destroy();
				die("User is disabled");
			}
			$cSalt = $r['salt'];
			$oPass = $_POST['Password'] . $cSalt;

			if (md5($oPass) == $r['password']) {
				$_SESSION['Username'] = $_POST['Username'];
				$_SESSION['Hash'] = md5("$oPass");
				$_SESSION['Login']="GOOD";
			} else {
				$_SESSION['Login']="BAD";
			}
		}
}
}






//----------------------------OLD LOGIN SCRIPT------------------------
if ($_GET['Login'] == "True") {
$count = mysql_num_rows(mysql_query("SELECT * FROM `Users` WHERE `active`='1' AND `account`='" . $_POST['Username'] . "' AND `password`='" . $_POST['Password'] . "'"));
if ($count == "1") {
	$_SESSION['Login']="GOOD";
	$_SESSION['Username']=$_POST['Username'];
} else {
	if (isset($_POST['Username']) || isset($_POST['Password'])) {
		$_SESSION['Login']="BAD";
	}
}
}

Link to comment
Share on other sites
jcbarr Member

jcbarr

Posted
Posted

session_start() needs to go at the very top of the page before any other code.

 

I don't know if you omitted that, or if it doesn't exist. If it doesn't then it needs to.

 

Also it may help if you show us one of the pages that you go to that loses the session.

Link to comment
Share on other sites
jcbarr Member

jcbarr

Posted
Posted

You said the login works fine, the issue is when you leave that page and go to another correct?

 

Then I would think the issue lies on one of those other pages.

 

Show the code that seems relevant, or at least the part of the code that is dealing with the session variables.

 

Have you tried echoing the session variables on the login page to make sure they aren't empty?

Link to comment
Share on other sites
LiTe Newbie

LiTe

Posted
  • Author
Posted

can't edit because button is junk,

 

I put

 

echo $_SESSION['Login'] . "<br>" . $_SESSION['Username'] . "<br>" . $_SESSION['Hash'];

 

at the bottom and top of the index.php

 

when I login, it's all correct seems there is no reason it would be losing the session, but when I go to any other page it loses it.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.