[SOLVED] Problem with sessions

jtrost · March 5, 2007

Hello. I am writing my first CMS from scratch and am using sessions to hold user data once they are logged in. The problem is that the session data is not retained unless a username and password is passed through the URL. For example, if I go to index.php no session data is loaded, but if I go to index.php?username=this&password=that then the session data is loaded. But passing this through the URL sort of defeats the purpose of having sessions. So how do I set the session variables without having data passed through the URL?

I have three functions: login() grabs the user data from the database and loads it all into session variables; authenticate() sees if the user is logged in and returns the appropriate boolean; and display_session() displays all of the session data. I have made sure that I only call authenticate() after login() has successfully ran, so the session data set in login() should be reatined for authenticate().

Here is the code:

<?php

function login()

{

if ((isset($_GET['username'])) && (isset($_GET['password'])))

{

$sql = "SELECT * FROM `users` WHERE `username` = '".$_GET['username']."' AND `password` = '".$_GET['password']."'";

$result=mysql_query($sql);

if (!$result)

{

echo 'Could not run query: ' . mysql_error()." ".$sql;

exit;

}

$row = mysql_fetch_row($result);

// start the session

session_name('user_sid');

session_start();

$_SESSION['logged_in'] = 1;

$_SESSION['id'] = $row[0];

$_SESSION['username'] = $row[1];

$_SESSION['password'] = $row[2];

$_SESSION['firstname'] = $row[3];

$_SESSION['lastname'] = "asdf";

$_SESSION['homepage'] = $row[5];

$_SESSION['about'] = $row[6];

$_SESSION['classes'] = $row[7];

$_SESSION['gallery'] = $row[8];

$_SESSION['newsletter'] = $row[9];

$_SESSION['StartTimestamp'] = time();

$_SESSION['UserIP'] = $_SERVER['REMOTE_ADDR'];

$_SESSION['UserAgent'] = $_SERVER['HTTP_USER_AGENT'];

}

function authenticate()

{

if (isset($_SESSION['logged_in']))

return true;

else return false;

}

function display_session()

{

$out = "";

echo "<table border='1'>";

echo "<tr><td>".$_SESSION['id']."</td></tr>";

echo "<tr><td>".$_SESSION['username']."</td></tr>";

echo "<tr><td>".$_SESSION['password']."</td></tr>";

echo "<tr><td>".$_SESSION['firstname']."</td></tr>";

echo "<tr><td>".$_SESSION['lastname']."</td></tr>";

echo "<tr><td>".$_SESSION['homepage']."</td></tr>";

echo "<tr><td>".$_SESSION['about']."</td></tr>";

echo "<tr><td>".$_SESSION['classes']."</td></tr>";

echo "<tr><td>".$_SESSION['gallery']."</td></tr>";

echo "<tr><td>".$_SESSION['newsletter']."</td></tr>";

echo "<tr><td>".$_SESSION['StartTimestamp']."</td></tr>";

echo "<tr><td>".$_SESSION['UserIP']."</td></tr>";

echo "<tr><td>".$_SESSION['UserAgent']."</td></tr>";

echo "</table>";

}

?>

fert · March 5, 2007

you need to have session start at the very top of all your scripts

Snooble · March 5, 2007

to stop the sessions starting via URL, use the POST method. instead of GET. search google and have a read on how to use the two commands.

Quick lesson: GET command retrieves info from the URL (ex. mysite.com/index.php?blah=yes) $_GET['blah'] would equal yes.

Sending via POST means it's hidden from the users eyes.

(ONLY disadvantage is, it doesn't let the user bookmark the exact page)

change get to POST and stop the form to write into the URL, rather send the variables via POST.

Snooble

jtrost · March 5, 2007

Putting session_start() at the beginning of each page worked perfectly!

I am using gets right now because they're easier to debug than posts. I'll change everything to post before I launch the program.

Thanks for the quick replies guys!

Sign In

[SOLVED] Problem with sessions

Recommended Posts

jtrost

Link to comment

Share on other sites

fert

Link to comment

Share on other sites

Snooble

Link to comment

Share on other sites

jtrost

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information