[SOLVED] $_SESSION variables not being correctly assigned.

[academ1c]

Hi all!

This will probably be a fairly lengthy post...

So, firstly. A friend and I are writing a series of scripts that intend to teach some very basic PHP (ie: print/echo commands, variables etc, *very* simple stuff). The way we decided to do this was to create a simple login script (no encryption, this will be run on a local network and doing that would be an unnecessary waste of time). By registering with the script, a file is created with the username, eg: academ1c.php. After logging in, the idea is that the file is opened and the contents of a text area form is written to it. However, the latter (and most important part) of this project doesn't work. Through testing I've found that the problem is a $_SESSION variable that is being used to reference the current user throughout the script isn't being correctly assigned.

 

The whole project is around 8-10 scripts. The login script was written by my friend while I have written pretty much the rest (yes, what I have done is currently less, but he was doing his from a tutorial ). The scripts are as follows:

 

Combined file. Brings together written tutorial as well as text area form (in which the user can edit his code).

<html>
<head>
<frameset rows="60%,40%">
  <frame src="tutorial.php">
  <frame src="editor.php">
</frameset>
</html>
</head>

 

The previously mentioned editor file

<html>
<head>
<form method="post" action="writecode.php">
<textarea rows="10" cols="75" name="code">Code goes here.</textarea>
<br/>
<input type="submit" name="submit" value="Submit Code"></input>
</form>
</head>
</html>

 

The previously mentioned tutorial file. Still a WIP as you can see

<html>
<head>
<title>PHP Tutorial</title>
<h1>Welcome to PHP!</h1>
</head>
<body>
This tutorial will teach you some of the fundamentals of the PHP programming language.
</body>
</html>

 

The previously mentioned tutorial file. Still a WIP as you can see

<html>
<head>
<title>PHP Tutorial</title>
<h1>Welcome to PHP!</h1>
</head>
<body>
This tutorial will teach you some of the fundamentals of the PHP programming language.
</body>
</html>

 

The login script

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login</strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>
<input type="submit" name="Submit" value="Login">
<a href="newuser.php">Register</a>
</td>
</tr>
</table>
</td>
</form>
</tr>
</table>

 

The add user script. This is where the users files are created. Currently working!

<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="science_tutorial"; // Database name
$tbl_name="members"; // Table name

// Connects to your Database
mysql_connect("$host", "$username", "$password") or die("Cannot connect.");
mysql_select_db("$db_name")or die("cannot select DB");

// This makes sure both passwords entered match
if (!$_POST['myusername'] || !$_POST['mypassword'] || !$_POST['mypassword2'] ) {
die('You did not complete all of the required fields.');
}

//Assign the username to a variable.
$currentuser = $_POST['myusername'];

// Now we insert it into the database
$insert = "INSERT INTO $tbl_name (Name, username, password)
VALUES ('".$_POST['myname']."', '".$_POST['myusername']."', '".$_POST['mypassword']."')";
$add_member = mysql_query($insert);

//Create a file for the user.
$currentuser = fopen("$currentuser.php","x+");
?>
<h1>Registered</h1>
<p>Thank you, you have registered - you may now <a href ="login.php">login.</a></p>

 

This script checks the login details provided. It is here that the $_SESSION variables are declared.

<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
//$password=""; // Mysql password
$db_name="science_tutorial"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from signup form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

//assign username and password to session variables for access all over the script
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:loginsuccess.php");
}
else {
echo "Wrong Username or Password";
}
?>

 

This script is displayed to the user when they have succesfully entered their details.

<html>
<body>
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<p>Login Successful!</p>
<a href="combined.php">Click here to continue on to the tutorial!</a>
</body>
</html>

 

This script simply provides are form with which the user can use to register.

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="addlogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Name</td>
<td width="6">:</td>
<td width="294"><input name="myname" type="text" id="myname"></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td>Enter Password Again</td>
<td>:</td>
<td><input name="mypassword2" type="password" id="mypassword2"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

 

This script appears to be the faulty one. The idea is that it writes the contents of the previously submitted form to the user's PHP file. The two middle print commands are in place to check what variables are being sent and what ones aren't. The $code variable is successfully obtained but the $_SESSION variable isn't.

<html>
<head>
<title>PHP Tutorial</title>
</head>
<body>
<?php
print "Begin write to file...<br />";
$code = $_POST['code'];
print $code . "<br />";
$user = $_SESSION['myusername'];
print $user . "<br />";
$file = fopen("$user.php","w+") or exit("Unable to open file!");
fwrite($file, $code);
fclose($file);
?>
</body>
</html>

 

Final Notes

Please note, both my friend and I are beginners to PHP as this script probably demonstrates () and I'm sure the error is something quite obvious. We have been testing this entirely on local servers but setting it up for testing is simple enough, all files go in some folder in the 'www' folder Thanks in advance for any help that is given!

[Fadion]

Try placing session_start() in each individual file where you use sessions.