Jump to content

Yet another Log-in script question

iamcaper

By iamcaper
in PHP Coding Help

 Share

Recommended Posts

iamcaper Newbie

iamcaper

Posted
Posted

I have an authentication script running which uses database stored usernames, passwords, and access right levels.  The log-in script works but the sessions don't seem to be passing the session info from page to page.  I've run a test to try to get it to work but with no luck.  Here is my script for my log-in check

 

<html>

<title>Login Verification</title>

<body>

 

<?php

ob_start();

$host="####"; // Host name

$username="#####"; // Mysql username

$password="#####"; // Mysql password

$db_name="huckle"; // Database name

$tbl_name="users"; // Table name

 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

// Define $myusername and $mypassword

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

$result=mysql_query($sql);

 

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

 

if($count==1){

// Register $myusername, $mypassword

$_SESSION['myusername'] = $myusername;

$_SESSION['mypassword'] = $mypassword;

header("location:index.html");

}

else {

echo "Wrong Username or Password";

}

 

ob_end_flush();

?>

 

 

</body>

</html>

 

When I try call the value in another file, I tested this script to see if it would work.  This is the index.html file

 

<?

session_start();

echo $_SESSION['myusername'];

?>

 

My first question is, why are my values not being passed.  Secondly, once fixed, how do I include the access right levels so that users can only view what they're given the rights to view?

Link to comment
https://forums.phpfreaks.com/topic/50812-yet-another-log-in-script-question/
Share on other sites
iamcaper Newbie

iamcaper

Posted
  • Author
Posted

Okay, I've added session_start to the initial page but still no luck...

 

<?php

session_start();

?>

 

<html>

<title>Checking Login</title>

<body>

 

<?php

ob_start();

$host="#####"; // Host name

$username="#####"; // Mysql username

$password="#####"; // Mysql password

$db_name="huckle"; // Database name

$tbl_name="users"; // Table name

 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot

 

connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

// Define $myusername and $mypassword

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and

 

password='$mypassword'";

$result=mysql_query($sql);

 

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1

 

row

 

if($count==1){

// Register $myusername, $mypassword and redirect to file

 

//"login_success.php"

//session_register("myusername");

//session_register("mypassword");

//session_start();

$_SESSION['myusername'] = $myusername;

$_SESSION['mypassword'] = $mypassword;

header("location:index.html");

}

else {

echo "Wrong Username or Password";

}

 

ob_end_flush();

?>

 

 

</body>

</html>

 

The index.html file is this:

 

<?

session_start();

echo $_SESSION['myusername'];

?>

ph2007 Newbie

ph2007

Posted
Posted

I spent a day and a half wracking my brain to figure out why my session information wasn't being stored properly, and I ended up finding out that my remote hosting environment is a load-balancing cluster of servers.  This means that the session-data file existed on some servers and not on others, which not only led to my script not working, but to really unpredictable and seemingly non-deterministic results!  In order to resolve this, I am attempting to move to storing session data in a database.  Is it possible that your hosting environment is set up similarly?

 

Another possibility is that the php.ini configuration is attempting to write sessions to a non-existent path or a path to which it does not have write access.

 

 

Daleeburg Member

Daleeburg

Posted
Posted

so i was having a problem close to that and here is what i found works,

 

<?php 
session_start();
setcookie(session_name(), session_id(), 0, "/", "");
?>

 

Now i wasnt using clustered servers, and i still have no clue what the setcookie does, but it seems to work for what i do.

 

~d

Psycho Prolific Member

Psycho

Posted
Posted

I notice that you are calling index.html. Did you configure your server to process html pages for PHP code???

 

Edit: You are also writing content to the page (HTML and HEAD) when you plan to redirect. You should put all the output into the else statement. otherwise you will get an error on the redirected page when you invoke session_start again - so now I really do think the problem is that you are including PHP code in an html file and the server is not processing it.

Psycho Prolific Member

Psycho

Posted
Posted

OK, I just did some testing and from what I found what you are trying to do won't work.

 

First off, if the redirected page was getting processed, you won't get an error, but the session value you created won't be set. I suspect that the header("Location: newpage") is preventing the value from being set.

 

You need to rework the process flow.

iamcaper Newbie

iamcaper

Posted
  • Author
Posted

ahh, okay. 

 

I did notice that the session data was being written to a different location from what was specified in the PHP.ini file so I changed the file to point to the correct folder.

 

I also changed the redirect from a html file to a php file with the same code placed inside.

 

But, if the process will not work, I'm beating a dead horse.  Any suggestions? 

 

What I'm trying to do is ultimately have the user info passed from page to page so that I can control what pages he/she can view.  Would a database work best for this seeing as I already have the database with the username/password/accesslevel saved within?

Psycho Prolific Member

Psycho

Posted
Posted

There's no reason you can't use sessions. I think the problem is that you are writing content tot he page before setting the session variables. I think that is preventing the session variable from being set. This will work:

 

<?php
session_start();

$host="#####"; // Host name 
$username="#####"; // Mysql username 
$password="#####"; // Mysql password 
$db_name="huckle"; // Database name 
$tbl_name="users"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

if(mysql_num_rows($result)){
  // Register $myusername, $mypassword and redirect to file 

  //"login_success.php"
  //session_register("myusername");
  //session_register("mypassword");
  //session_start();
  $_SESSION['myusername'] = $myusername;
  $_SESSION['mypassword'] = $mypassword; 
  header("location: index.php");
}
  else {
  echo "<html>";
  echo "<head><title>Checking Login</title></head>";
  echo "<body>Wrong Username or Password</body>";
  echo "</html>";

}

 

iamcaper Newbie

iamcaper

Posted
  • Author
Posted

Hey mjdomato,

 

I actually was able to get it to work once I took out the "ob_start" handlers.  I also changed all of my pages over to .PHP from .HTML as some of them, even though they were not actually doing any coding in PHP, were still in .HTML format.

 

I now have a log-in script working, as well as my drop-down menu, now I just have to find a way to incorporate the access level for the logged in user.  My journey has just begun!

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.