Jump to content

Creating a session that has variables from user id from a query

bruckerrlb

By bruckerrlb
in PHP Coding Help

 Share

Recommended Posts

bruckerrlb Regular Member

bruckerrlb

Posted
Posted

I know this is probebly pretty simple, but I am just not able to find out what I am messing up here, if anyone could help me with this it would be much appreciated.

 

<?php

//Start session

session_start();

 

//Connect to mysql server

$link=mysql_connect("localhost","root");

if(!$link) {

die('Failed to connect to server: ' . mysql_error());

}

//Select database

$db=mysql_select_db("users");

if(!$db) {

die("Unable to select database");

}

 

//Sanitize the value received from login field

//to prevent SQL Injection

if(!get_magic_quotes_gpc()) {

$login=mysql_real_escape_string($_POST['username']);

}else {

$login=$_POST['username'];

}

 

//Create query

$qry="SELECT id FROM login WHERE username='$login' AND password='".md5($_POST['password'])."'";

$result=mysql_query($qry);

 

 

//Check whether the query was successful or not

if($result) {

if(mysql_num_rows($result)>0) {

//Login Successful

session_regenerate_id();

$member=mysql_fetch_assoc($result);

$_SESSION['SESS_MEMBER_ID']=$member['id'];

session_write_close();

header("location: member-index.php");

exit();

}else {

//Login failed

header("location: login-failed.php");

exit();

}

}else {

die("Query failed");

}

 

?>

 

basically this page is called from a login form, and I continusly get the login-failed.php page to come up, I know the problem must be in the red area, because I have been doing some troubleshooting on the script, and I get a statment when I call $result (in orange), I just am not seeing what the problem is, but i've narrowed it down to there is something going wrong here

 

$member=mysql_fetch_assoc($result);

$_SESSION['SESS_MEMBER_ID']=$member['id'];

 

Any help would be much appreciated

bruckerrlb Regular Member

bruckerrlb

Posted
  • Author
Posted

The problem seems to be bigger than originally thought, I went ahead

 

if(mysql_num_rows($result)>0)  to this  if(mysql_num_rows($result) == 0)

 

Just to see what would happen, well what happened was, it set a session value of nothing (I think), and took me to the members page, which looked at the sessions to see if I was authorized to see the page, and there was obviously nothing in the session, so I was taken to my denied access page.

 

Now, if I think about what's happening here it would be the $result variable is not getting any info, but it is getting info, because I did a print statement here

 

<?php

  //Start session

  session_start();

 

  //Connect to mysql server

  $link=mysql_connect("localhost","root");

  if(!$link) {

      die('Failed to connect to server: ' . mysql_error());

  }

  //Select database

  $db=mysql_select_db("users");

  if(!$db) {

      die("Unable to select database");

  }

 

  //Sanitize the value received from login field

  //to prevent SQL Injection

  if(!get_magic_quotes_gpc()) {

      $login=mysql_real_escape_string($_POST['username']);

  }else {

      $login=$_POST['username'];

  }

 

  //Create query

  $qry="SELECT id FROM login WHERE username='$login' AND password='".md5($_POST['password'])."'";

  $result=mysql_query($qry);

 

print "The result is equal to $result";

 

?>

 

And that returned The result is equal to resource id 3

 

So in that variable "resource id 3" is stored. I am thinking there is a problem with what that says, because that one statement is one row of data, and that is greater than 0, but when I do that statement, it tells me that basically "resource id 3" is == 0, and it ultimetly fails, and what 'm trying to do is store "resource id 3" in as a session variable.

 

If this is confusing, please let me know and I will try my best to explain it. Thanks in advance for any help

bruckerrlb Regular Member

bruckerrlb

Posted
  • Author
Posted

Okay, just an update, I started from scrath and it worked, I am pretty sure there was a problem in my login form, I have been using this tutorial

 

http://phpsense.com/php/php-login-script.html

 

All I did was modify the parts of the database to work with my database, and once I started from scratch I got it down. Thanks, and i'm sure i'll be posting another question in 30 minutes when I have searched every web page on the face of the earth and I can't find the answer to my next question.  :D

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.