Jump to content

Session problem. can't keep session active.

thyscorpion

By thyscorpion
in PHP Coding Help

 Share

Recommended Posts

thyscorpion Member

thyscorpion

Posted
Posted

Am attaching the code below..

when i login.. it accepts a valid login and even shows the

"You are authenticated as " . $_SESSION['user'] . "<br>";" line with the username.

But when i reload the page or just open it again it asks me for the login again.

i am a novice so i know i must be doing a simple mistake.

My question is: why is it asking for my login info again after i have logged in and reload the page again?

how to i keep the session?

Please help!..

 

<?php 
	// Start the login session
	//session_start();
?>
........
...........  (Rest of HTML Code)
........
	<div id="footer">
		<img src="images/footer.jpg" alt="Ankur Bakshi 'Copy Right'\">
	<?PHP

	include("dbinfo.inc.php");	
	$db = mysql_connect(localhost,$user,$password) or die("Couldn't connect to the database.");
	mysql_select_db($database) or die("Couldn't select the database");

	// Add slashes to the username, and make a md5 checksum of the password.
	$_POST['user'] = addslashes($_POST['user']);
	$_POST['pass'] = md5($_POST['pass']);

	$result = mysql_query("SELECT count(id) FROM people WHERE user_pw='$_POST[pass]' AND username='$_POST[user]'") or die("Couldn't query the user-database.");
	$num = mysql_result($result, 0);
	mysql_close();
	if (!$num) {

		// When the query didn't return anything,
		// display the login form. 
		echo "<form id='login' action='$_SERVER[php_SELF]' method='post'>";
		echo "<!--Username:--><input type='text' class='theInput' name='user' />";
		echo "<!--Password: --><input type='password' class='theInput' name='pass' />";
		echo "<input type='submit' value='login' class='theSubmit' name='Submit' /></form>";
	} else {

	// Start the login session
	//session_start();

	// We've already added slashes and MD5'd the password
	$_SESSION['user'] = $_POST['user'];
	$_SESSION['pass'] = $_POST['pass'];

	// All output text below this line will be displayed
	// to the users that are authenticated. Since no text
	// has been output yet, you could also use redirect
	// the user to the next page using the header() function.
	// header('Location: page2.php');

	echo "<h1>Welcome</h1><a href='logout.php'>Logout</a>";
	echo "You are authenticated as " . $_SESSION['user'] . "<br>";
	}
		?>
	</div>
</div>
</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/57829-session-problem-cant-keep-session-active/
Share on other sites
thyscorpion Member

thyscorpion

Posted
  • Author
Posted

It's more interesting to see what your PHP code looks like.... please post it :)

 

Why have you commented out session_start()?

Oh that is all of my php code for this page..

and  :-) yeah i commented the session_start() line there as it was giving an error... (it is supposed to be before any thing else.) so its there on top before the html tag itself.. :-)

 

Any ideas?

thyscorpion Member

thyscorpion

Posted
  • Author
Posted

session_start() have to be called if you wanna use your session data after for example a page reload/refresh...

i have used the session_start(); command in my page. its before the <html> tag of my file. (its shown in the code i attached with my first post.

 

am i doing it wrong?

thyscorpion Member

thyscorpion

Posted
  • Author
Posted

SORRY

session_start() have to be called if you wanna use your session data after for example a page reload/refresh...

i have used the session_start(); command in my page. its before the <html> tag of my file. (its shown in the code i attached with my first post.

 

am i doing it wrong?

oops! :-P i feel like an ass!

lol

yup i accidently commented the session_start func.. SORRY

i have removed it. but still no change in my problem...

 

when i login.. after that if i just load the same page again also. the login form comes up again.  To my knowledge it shouldn't..

 

:-)

Wuhtzu Member

Wuhtzu

Posted
Posted

$_POST['pass'] and $_POST['user'] is only set if the use hits submit/login button which means when you reload the page your mysql query wont "find any rows" and if(!$num) will be true so and it shows the login form again...

Koobazaur Member

Koobazaur

Posted
Posted

$_POST['pass'] and $_POST['user'] is only set if the use hits submit/login button which means when you reload the page your mysql query wont "find any rows" and if(!$num) will be true so and it shows the login form again...

 

Yup. Basically, you want to check your database against your $_SESSION['user'] and pass (if they exist), not the POST ones.

 

Either that, or keep it the way it is, but if login is successful set something like $_SESSION['logged in']=true; and check that each pageload instead of the database (quicker and safer since you are not accessing the database every page load, just when logging in).

thyscorpion Member

thyscorpion

Posted
  • Author
Posted

$_POST['pass'] and $_POST['user'] is only set if the use hits submit/login button which means when you reload the page your mysql query wont "find any rows" and if(!$num) will be true so and it shows the login form again...

hmm u got a valid point there Wuhtzu.

 

I just added tried this code in addition to the code i shared with u above .

the above code was "index.php"

i have added another line at the end of the code (after being logged in.)

which directs a new script page which does exactly what you point out is missing in my index.php.

but still the page doesn't work.

here are the codes of the two pages:

INDEX.PHP

<?php 
	// Start the login session
	session_start();
?>
.....................
..............[Rest of HTML]
.....................
	<div id="footer">
		<img src="images/footer.jpg" alt="Ankur Bakshi 'Copy Right'\">
	<?php

	include("dbinfo.inc.php");	
	$db = mysql_connect(localhost,$user,$password) or die("Couldn't connect to the database.");
	mysql_select_db($database) or die("Couldn't select the database");

	// Add slashes to the username, and make a md5 checksum of the password.
	$_POST['user'] = addslashes($_POST['user']);
	$_POST['pass'] = md5($_POST['pass']);

	$result = mysql_query("SELECT count(id) FROM people WHERE user_pw='$_POST[pass]' AND username='$_POST[user]'") or die("Couldn't query the user-database.");
	$num = mysql_result($result, 0);
	mysql_close();
	if (!$num) {

		// When the query didn't return anything,
		// display the login form. 
		echo "<form id='login' action='$_SERVER[php_SELF]' method='post'>";
		echo "<!--Username:--><input type='text' class='theInput' name='user' />";
		echo "<!--Password: --><input type='password' class='theInput' name='pass' />";
		echo "<input type='submit' value='login' class='theSubmit' name='Submit' /></form>";
	} else {

	// Start the login session
	//session_start();

	// We've already added slashes and MD5'd the password
	$_SESSION['user'] = $_POST['user'];
	$_SESSION['pass'] = $_POST['pass'];

	// All output text below this line will be displayed
	// to the users that are authenticated. Since no text
	// has been output yet, you could also use redirect
	// the user to the next page using the header() function.
	// header('Location: page2.php');

	echo "<h1>Welcome</h1><a href='logout.php'>Logout</a>";
	echo "You're now logged in. Try visiting <a href='login.php'>login page</a>.";
	echo "You are authenticated as " . $_SESSION['user'] . "<br>";
	}
	?>
	</div>
</div>
</body>
</html>

Second file (picked up from a tutorial)

( to my knowledge it points back to the index.php page if session is not found.

LOGIN.PHP

<?php
session_start();
// Start the login session


if (!$_SESSION['user'] || !$_SESSION['pass']) {

// What to do if the user hasn't logged in
// We'll just redirect them to the login page.
header('Location: index.php');
die();

} else {

// If the session variables exist, check to see
// if the user has access.
include("dbinfo.inc.php");
$db = mysql_connect(localhost,$user,$password) or die("Couldn't connect to the database.");
mysql_select_db($database) or die("Couldn't select the database");

$result = mysql_query("SELECT count(id) FROM users WHERE user_pw='$_SESSION[pass]' AND username='$_SESSION[user]'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);
mysql_close();
if (!$num) {
// If the credentials didn't match,
// redirect the user to the login screen.
header('Location: index.php');
die();
}
}

// All output text below this line will be displayed
// to the users that are authenticated.

echo "<h1>Access Granted</h1>";
echo "You see? It travelled over these two pages.<br><br>";
echo "You are authenticated as " . $_SESSION['user'] . "<br>";
echo "The MD5 checksum of your password is " . $_SESSION['pass'];

?>

 

thyscorpion Member

thyscorpion

Posted
  • Author
Posted

 

Yup. Basically, you want to check your database against your $_SESSION['user'] and pass (if they exist), not the POST ones.

 

 

hey Koobazaur,  i did that with my second php file which i shared in this topic above. still i am getting the same problem. any ideas?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.