[SOLVED] Session/login

[bhavin_85]

hey guys

 

ive just written this code for a simple log in form but im having some trouble with the session variable

 

<?
session_start();

$username=$_POST['username'];	
$password=$_POST['password'];
echo $username;
echo $password;

include('config.php');

$sql="SELECT * FROM regcustomer WHERE username='$username' AND password='$password'"; 
$query=mysql_query($sql) or die("Queryfailed:".mysql_error());
if (mysql_num_rows($query) != 0) { 
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
$username=$_SESSION['username'];
echo "$username";
}
//header("Location:default.php");

?>

 

when i echo the session variable it doesnt print anything, however if in the sql statement i put a username and password it works....i dont know where im going wrong!

 

please help! cheers

 

 

[only one]

$username=$_SESSION['s_username'];

$password=$_SESSION['s_password'];etc...

[bhavin_85]

im already doing that in the code

 

ive put echo in the if and else, it seems that the statement is only going down the else statement

 

i dont understand whats goin wrong  ???

[only one]

from what i can see youve got: $_SESSION['username'] not $_SESSION['s_username']

[boo_lolly]

use:

echo "<b>SESSION</b>\n";
echo "<pre>"; print_r($_SESSION); echo "</pre>";

echo "<b>POST</b>\n";
echo "<pre>"; print_r($_POST); echo "</pre>";

 

to print those values. it's much better.

[bhavin_85]

hey guys thanks 4 the replies but thats not the actual problem

 

the problem is with the if statement

 

$sql="SELECT * FROM regcustomer WHERE username='$username' AND password='$password'"; 
$query=mysql_query($sql) or die("Queryfailed:".mysql_error());
if (mysql_num_rows($query) != 0) { 
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
echo "hell";
}
else {
echo "shit dont work";
} 

 

it doesnt seem to run the if it just jumps to the else

 

however if i put actual values from the table in $username and $password it runs the if.

 

theres nothing wrong with the form that brings the values as i have echoed them and they are correct

 

any1 know whats wrong? ???

[Caesar]

Try this simple test:

 

<?php

  $sql = "SELECT * FROM regcustomer WHERE username='$username' && password='$password'"; 
  $query = mysql_query($sql);

  $count = mysql_num_rows($query);

  if($count < 1) {

  echo'This Sucks Nuts';
  }

    else {
    echo'Hell jes';
    }

?>

   

 

[bhavin_85]

still doesnt work 

 

the if statement is getting stuff on the first if regardless of what i type into the form

 

ive written countless if statements but i just cant figure out why this 1 wont work!!

 

[Caesar]

Where is the $username variable being defined?

[bhavin_85]

<?php
session_start();

$username=$_POST['username'];	
$password=$_POST['password'];
echo $username;
echo $password;

include('config.php');

$sql="SELECT * FROM regcustomer WHERE username='$username' && password='$password'"; 
$query=mysql_query($sql) or die("Queryfailed:".mysql_error());
$count=mysql_num_rows($query);
if($count != 0){
//if (mysql_num_rows($query) != 0) { 
//$row = mysql_fetch_assoc($query);
//$_SESSION['username'] = $row['username'];
echo "hell";
}
else {
echo "shit dont work";
} 
?>

 

right at the top...its coming from the form on the page before...i know that its passing the right value aswell cuz ive echoed them and they are correct

[bhavin_85]

any1?

[Hughesy1986]

Hi

 

I would do it like this i havent tested it but it should work

 

<?php
session_start();

$username = addslashes($_POST['username']);	
$password = addslashes($_POST['password']);

include('config.php');

$sql = "SELECT * FROM regcustomer WHERE username='$username' AND password = '$password'"; 
$query = mysql_query($sql) or die (mysql_error());
$row = @mysql_fetch_array($query);
if ($row)
  {
echo "It worked <br />";
$_SESSION['username'] = $row['username'];
$user = $_SESSION['username'];
echo "Logged in as $user <br />";
}else{
echo "Wrong username or password";
}
?>