LiTe Posted February 22, 2007 Share Posted February 22, 2007 I'm implementing MD5 hashing for my login but the sessions keep dying when I navigate to a different page. My old code works fine when navigating. The new script logs in fine but just loses the session after going to a different link. //----------------------------NEW LOGIN SCRIPT------------------------ if ($_GET['Login'] == "True") { $count = mysql_num_rows(mysql_query("SELECT * FROM `Users` WHERE `account`='$_POST[username]'")); if ($count == 0) { //$count will either be a 0 (user don't exist) or a 1 (user exists), no duplicate accounts $_SESSION['Login']="BAD"; } if (isset($_POST['Username']) && isset($_POST['Password'])) { $query = "SELECT account, active, salt, password FROM `Users` WHERE `account`='" . $_POST['Username'] . "'"; $result = mysql_query($query); while($r=mysql_fetch_array($result)) { $cPass = $r['password']; if ($r['active'] == "0") { session_destroy(); die("User is disabled"); } $cSalt = $r['salt']; $oPass = $_POST['Password'] . $cSalt; if (md5($oPass) == $r['password']) { $_SESSION['Username'] = $_POST['Username']; $_SESSION['Hash'] = md5("$oPass"); $_SESSION['Login']="GOOD"; } else { $_SESSION['Login']="BAD"; } } } } //----------------------------OLD LOGIN SCRIPT------------------------ if ($_GET['Login'] == "True") { $count = mysql_num_rows(mysql_query("SELECT * FROM `Users` WHERE `active`='1' AND `account`='" . $_POST['Username'] . "' AND `password`='" . $_POST['Password'] . "'")); if ($count == "1") { $_SESSION['Login']="GOOD"; $_SESSION['Username']=$_POST['Username']; } else { if (isset($_POST['Username']) || isset($_POST['Password'])) { $_SESSION['Login']="BAD"; } } } Quote Link to comment Share on other sites More sharing options...
jcbarr Posted February 22, 2007 Share Posted February 22, 2007 session_start() needs to go at the very top of the page before any other code. I don't know if you omitted that, or if it doesn't exist. If it doesn't then it needs to. Also it may help if you show us one of the pages that you go to that loses the session. Quote Link to comment Share on other sites More sharing options...
LiTe Posted February 22, 2007 Author Share Posted February 22, 2007 There is an index.php and all the links go ?cat=(link) in index.php. Quote Link to comment Share on other sites More sharing options...
jcbarr Posted February 22, 2007 Share Posted February 22, 2007 We need to see the code from that page... Quote Link to comment Share on other sites More sharing options...
LiTe Posted February 22, 2007 Author Share Posted February 22, 2007 which code? has a lot of code read what I said in the first post, I gave you the code that don't work and the code that does work Quote Link to comment Share on other sites More sharing options...
jcbarr Posted February 22, 2007 Share Posted February 22, 2007 You said the login works fine, the issue is when you leave that page and go to another correct? Then I would think the issue lies on one of those other pages. Show the code that seems relevant, or at least the part of the code that is dealing with the session variables. Have you tried echoing the session variables on the login page to make sure they aren't empty? Quote Link to comment Share on other sites More sharing options...
LiTe Posted February 22, 2007 Author Share Posted February 22, 2007 The only page that has any session code is the index.php. Quote Link to comment Share on other sites More sharing options...
LiTe Posted February 22, 2007 Author Share Posted February 22, 2007 can't edit because button is junk, I put echo $_SESSION['Login'] . "<br>" . $_SESSION['Username'] . "<br>" . $_SESSION['Hash']; at the bottom and top of the index.php when I login, it's all correct seems there is no reason it would be losing the session, but when I go to any other page it loses it. Quote Link to comment Share on other sites More sharing options...
LiTe Posted February 22, 2007 Author Share Posted February 22, 2007 Update: I remove this code and the sessions work..: $count = mysql_num_rows(mysql_query("SELECT * FROM `Users` WHERE `account`='$_POST[username]'")); if ($count == 0) { $_SESSION['Login']="BAD"; } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.