Jump to content

PHP5 and passing session values

ghgarcia

By ghgarcia
in PHP Coding Help

 Share

Recommended Posts

ghgarcia Member

ghgarcia

Posted
Posted

Hi,

I have an login script the collects user name and password also if they are present it executes my index application. Within the index application it requires a protection program that checks to see if the user name is present in the variables and if not it calls the login application.

 

The protection application looks like the following:

 

  session_start();
  session_register("user");

//Buffer output in case of redirection.
ob_start();
//If not logged in, redirect to the login page.
if ($_SESSION['user']=="")
{
  header("Location: login.php");
}

 

The login app uses a form to collect the user and password. This process works perfectly in PHP4 and in most cases with PHP5 however there are some cases that for some reason the session values are not available after the login application. The login app uses:

 

$username=$_POST['username'];
$password=$_POST['password'];

 

to read the values.

 

Any help would be greatly appreciated.

 

George

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

session_register() has long been depricated in both php4 and php5. Your check should simply look like...

 

<?php

 session_start();

 ob_start();

 if ( ! isset($_SESSION['user'])) {
   header("Location: login.php");
 }

?>

 

We need to see where you set your session vars within the login script.

Link to comment
Share on other sites
ghgarcia Member

ghgarcia

Posted
  • Author
Posted

Here is a copy of my login script:

 

<?
  session_start();
  session_register("user");
  session_register("uname");
$subtitle="Login";
ob_start();
require("header.php");
//Get any form data.
$football->WhoOnlineDelete;

$username=$_POST['username'];
$password=$_POST['password'];

if ($_POST)
{
//Make sure cookies are enabled.
// if ($_COOKIE["football"]=="")
//  {

//      $football->ErrorMessage("You must use a browser that supports cookies and<br> have them enabled in order to access this site.");
//  }
//    else
//  {
//Check input.
    if ($username=="")
    {
                $football->ErrorMessage("Please enter a username.");
    }
        elseif ($password=="")
    {
                $football->ErrorMessage("Please enter your password.");
    }
      else
    {
//Verify the password and redirect to default page if correct.
     $sql="select * from ".$football->prefix."users where user = '".$username."'";
         $rs = $football->dbQuery($sql,$football->database);
         $row = mysql_fetch_object($rs);
         $rows = mysql_num_rows($rs);
      if($rows == 0)
      {
                $football->ErrorMessage("User '".$username."' not found.");
      }
      elseif (md5($password) != $row->password)
      {
                $football->ErrorMessage("Incorrect password, please reenter.");
      }
       else
      {

        $user=$row->user;
        if ($row->name =="") {
        $uname=$row->user;
        } else {
        $uname=$row->name;
        }
        header("Location: index.php");
      }

    }


  }


//}
  else
{
//Set test cookie.
  setcookie("football","peanutbutter",0,"/",$football->domain,0);
}
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
<table class="main" cellpadding="0" cellspacing="0">
<tr>
  <th align="left">User Login</th>
</tr>
<tr>
<td>
<div class="freeForm">
<table border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td><strong>Username:</strong></td>
    <td><input name="username" value="" size="12" /></td>
  </tr>
  <tr>
    <td><strong>Password:</strong></td>
    <td><input name="password" type="password" value="" size="12" /></td>
  </tr>
</table>

<p>Enter your username and password and press 'Login'.</p>

</div>
</td></tr>
</table>
<p><input class="button" type="submit" value="Login" />
<input class="button" type="reset" value="Clear" onclick="this.form.elements['username'].selectedIndex = 0; this.form.elements['password'].value = ''; return false;" /></p>
</form>

<?php require("footer.php"); ?>

 

Thanks,

G

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

I'm not going to dig right through that code but I can tell you, you never actually set any session vars. You might want to look for a decent tutorial on writting a login system but I'll post a small example.

 

<?php

  if (isset($_POST['submit'])) {
    $uname = mysql_real_escape_string($_POST['uname']);
    $upass = mysql_real_escape_string($_POST['upass']);
    $sql = "SELECT uname FROM users WHERE uname = '$uname' && upass = '$upass';";
    if ($result = mysql_query($sql)) {
      if (mysql_num_rows($result)) {
        // we have a valid user.
        session_start();
        $_SESSION['logged'] = true;
        $_SESSION['uname'] = $uname;
        // redirect to memebers only page.
        header("Location members.php");
      } else {
        // invalid user. redirect to login form.
        header("Location login.php");
      }
    }
  }

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.