Jump to content

Session problem. can't keep session active.

thyscorpion

By thyscorpion
in PHP Coding Help

Recommended Posts

thyscorpion Member

thyscorpion

Posted
Posted

Am attaching the code below..

when i login.. it accepts a valid login and even shows the

"You are authenticated as " . $_SESSION['user'] . "<br>";" line with the username.

But when i reload the page or just open it again it asks me for the login again.

i am a novice so i know i must be doing a simple mistake.

My question is: why is it asking for my login info again after i have logged in and reload the page again?

how to i keep the session?

Please help!..

 

<?php 
	// Start the login session
	//session_start();
?>
........
...........  (Rest of HTML Code)
........
	<div id="footer">
		<img src="images/footer.jpg" alt="Ankur Bakshi 'Copy Right'\">
	<?PHP

	include("dbinfo.inc.php");	
	$db = mysql_connect(localhost,$user,$password) or die("Couldn't connect to the database.");
	mysql_select_db($database) or die("Couldn't select the database");

	// Add slashes to the username, and make a md5 checksum of the password.
	$_POST['user'] = addslashes($_POST['user']);
	$_POST['pass'] = md5($_POST['pass']);

	$result = mysql_query("SELECT count(id) FROM people WHERE user_pw='$_POST[pass]' AND username='$_POST[user]'") or die("Couldn't query the user-database.");
	$num = mysql_result($result, 0);
	mysql_close();
	if (!$num) {

		// When the query didn't return anything,
		// display the login form. 
		echo "<form id='login' action='$_SERVER[php_SELF]' method='post'>";
		echo "<!--Username:--><input type='text' class='theInput' name='user' />";
		echo "<!--Password: --><input type='password' class='theInput' name='pass' />";
		echo "<input type='submit' value='login' class='theSubmit' name='Submit' /></form>";
	} else {

	// Start the login session
	//session_start();

	// We've already added slashes and MD5'd the password
	$_SESSION['user'] = $_POST['user'];
	$_SESSION['pass'] = $_POST['pass'];

	// All output text below this line will be displayed
	// to the users that are authenticated. Since no text
	// has been output yet, you could also use redirect
	// the user to the next page using the header() function.
	// header('Location: page2.php');

	echo "<h1>Welcome</h1><a href='logout.php'>Logout</a>";
	echo "You are authenticated as " . $_SESSION['user'] . "<br>";
	}
		?>
	</div>
</div>
</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/57829-session-problem-cant-keep-session-active/
Share on other sites
thyscorpion Member

thyscorpion

Posted
  • Author
Posted

It's more interesting to see what your PHP code looks like.... please post it :)

 

Why have you commented out session_start()?

Oh that is all of my php code for this page..

and  :-) yeah i commented the session_start() line there as it was giving an error... (it is supposed to be before any thing else.) so its there on top before the html tag itself.. :-)

 

Any ideas?

thyscorpion Member

thyscorpion

Posted
  • Author
Posted

session_start() have to be called if you wanna use your session data after for example a page reload/refresh...

i have used the session_start(); command in my page. its before the <html> tag of my file. (its shown in the code i attached with my first post.

 

am i doing it wrong?

thyscorpion Member

thyscorpion

Posted
  • Author
Posted

SORRY

session_start() have to be called if you wanna use your session data after for example a page reload/refresh...

i have used the session_start(); command in my page. its before the <html> tag of my file. (its shown in the code i attached with my first post.

 

am i doing it wrong?

oops! :-P i feel like an ass!

lol

yup i accidently commented the session_start func.. SORRY

i have removed it. but still no change in my problem...

 

when i login.. after that if i just load the same page again also. the login form comes up again.  To my knowledge it shouldn't..

 

:-)

Koobazaur Member

Koobazaur

Posted
Posted

$_POST['pass'] and $_POST['user'] is only set if the use hits submit/login button which means when you reload the page your mysql query wont "find any rows" and if(!$num) will be true so and it shows the login form again...

 

Yup. Basically, you want to check your database against your $_SESSION['user'] and pass (if they exist), not the POST ones.

 

Either that, or keep it the way it is, but if login is successful set something like $_SESSION['logged in']=true; and check that each pageload instead of the database (quicker and safer since you are not accessing the database every page load, just when logging in).

thyscorpion Member

thyscorpion

Posted
  • Author
Posted

$_POST['pass'] and $_POST['user'] is only set if the use hits submit/login button which means when you reload the page your mysql query wont "find any rows" and if(!$num) will be true so and it shows the login form again...

hmm u got a valid point there Wuhtzu.

 

I just added tried this code in addition to the code i shared with u above .

the above code was "index.php"

i have added another line at the end of the code (after being logged in.)

which directs a new script page which does exactly what you point out is missing in my index.php.

but still the page doesn't work.

here are the codes of the two pages:

INDEX.PHP

<?php 
	// Start the login session
	session_start();
?>
.....................
..............[Rest of HTML]
.....................
	<div id="footer">
		<img src="images/footer.jpg" alt="Ankur Bakshi 'Copy Right'\">
	<?php

	include("dbinfo.inc.php");	
	$db = mysql_connect(localhost,$user,$password) or die("Couldn't connect to the database.");
	mysql_select_db($database) or die("Couldn't select the database");

	// Add slashes to the username, and make a md5 checksum of the password.
	$_POST['user'] = addslashes($_POST['user']);
	$_POST['pass'] = md5($_POST['pass']);

	$result = mysql_query("SELECT count(id) FROM people WHERE user_pw='$_POST[pass]' AND username='$_POST[user]'") or die("Couldn't query the user-database.");
	$num = mysql_result($result, 0);
	mysql_close();
	if (!$num) {

		// When the query didn't return anything,
		// display the login form. 
		echo "<form id='login' action='$_SERVER[php_SELF]' method='post'>";
		echo "<!--Username:--><input type='text' class='theInput' name='user' />";
		echo "<!--Password: --><input type='password' class='theInput' name='pass' />";
		echo "<input type='submit' value='login' class='theSubmit' name='Submit' /></form>";
	} else {

	// Start the login session
	//session_start();

	// We've already added slashes and MD5'd the password
	$_SESSION['user'] = $_POST['user'];
	$_SESSION['pass'] = $_POST['pass'];

	// All output text below this line will be displayed
	// to the users that are authenticated. Since no text
	// has been output yet, you could also use redirect
	// the user to the next page using the header() function.
	// header('Location: page2.php');

	echo "<h1>Welcome</h1><a href='logout.php'>Logout</a>";
	echo "You're now logged in. Try visiting <a href='login.php'>login page</a>.";
	echo "You are authenticated as " . $_SESSION['user'] . "<br>";
	}
	?>
	</div>
</div>
</body>
</html>

Second file (picked up from a tutorial)

( to my knowledge it points back to the index.php page if session is not found.

LOGIN.PHP

<?php
session_start();
// Start the login session


if (!$_SESSION['user'] || !$_SESSION['pass']) {

// What to do if the user hasn't logged in
// We'll just redirect them to the login page.
header('Location: index.php');
die();

} else {

// If the session variables exist, check to see
// if the user has access.
include("dbinfo.inc.php");
$db = mysql_connect(localhost,$user,$password) or die("Couldn't connect to the database.");
mysql_select_db($database) or die("Couldn't select the database");

$result = mysql_query("SELECT count(id) FROM users WHERE user_pw='$_SESSION[pass]' AND username='$_SESSION[user]'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);
mysql_close();
if (!$num) {
// If the credentials didn't match,
// redirect the user to the login screen.
header('Location: index.php');
die();
}
}

// All output text below this line will be displayed
// to the users that are authenticated.

echo "<h1>Access Granted</h1>";
echo "You see? It travelled over these two pages.<br><br>";
echo "You are authenticated as " . $_SESSION['user'] . "<br>";
echo "The MD5 checksum of your password is " . $_SESSION['pass'];

?>

 

thyscorpion Member

thyscorpion

Posted
  • Author
Posted

 

Yup. Basically, you want to check your database against your $_SESSION['user'] and pass (if they exist), not the POST ones.

 

 

hey Koobazaur,  i did that with my second php file which i shared in this topic above. still i am getting the same problem. any ideas?

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.