My Login Script

[BlueSkyIS]

DO NOT USE session_register and session_destroy. They are deprecated.

[forumnz]

DO NOT USE session_register and session_destroy. They are deprecated.

 

Does this mean I shouldn't use sessions?

[rarebit]

I can't find anywhere that it say's session_destroy is depricated??

 

http://uk3.php.net/manual/en/ref.session.php

http://uk3.php.net/manual/en/function.session-destroy.php

 

It's just that I use it currently, therefore what use instead?

[darkfreaks]

no it says nothing on PHP.net about them being deappreciated. id still use them read up on your sessions and how to use them

 

 

http://us.php.net/manual/en/function.session-register.php

[forumnz]

What is wrong with this. I have made it set a session with the users id as the uid.

It displays "UID =" and thats it.

 

Thanks,

Sam.

 

<?php

include('connect.php');
mysql_select_db("bbmembers", $con);

if(count($_POST)>0)
{
           $username=$_POST["username"];
           $password=$_POST["password"];
	  
	   $password=md5($password);
           $sql="SELECT * FROM members
                    WHERE
                    username=\"$username\" 
                    AND 
                    password=\"$password\"";
            $rs=mysql_query($sql);               //execute the query
            if(mysql_num_rows($rs)==1) {
		 $uid = $row["id"];

                    session_start(); 
$_SESSION['user'] = $uid; // store session data
echo "UID = ". $_SESSION['user']; //retrieve data

            }else{

if(mysql_num_rows($rs)==0) {

//invalid username of password
                  //redirect to login page
                  header("Location: login.php"); }
    }
}
?>

[ted_chou12]

Hang on..... got it!!

 

Now i just need it to set a cookie.

 

I will try that myself.

 

Should I use cookies or sessions?

You can use both cookies and sessions, for cookies, the format is like:

setcookie("username", $_SESSION['username'], time()+60*60*24*30, "/");
setcookie("password", $_SESSION['password'], time()+60*60*24*30, "/");

for sessions:

$_SESSION["username"] = $username;
$_SESSION["password"] = $password;

Ted

[darkfreaks]

cookies is alot unsafer.

[rarebit]

Looks like you haven't used 'session_start()', even though this maybe dne automatically...

[darkfreaks]

you need session_start();

 

followed by $username=$_SESSION[username]; $password=$_SESSION[password];

 

 

then at the end of the code put session_destroy();

[forumnz]

Like this:

 

<?php
session_start(); 
$username=$_SESSION[username]; $password=$_SESSION[password]; $id=$_SESSION[uid];

include('connect.php');
mysql_select_db("bbmembers", $con);

if(count($_POST)>0)
{
           $username=$_POST["username"];
           $password=$_POST["password"];
	  
	   $password=md5($password);
           $sql="SELECT * FROM members
                    WHERE
                    username=\"$username\" 
                    AND 
                    password=\"$password\"";
            $rs=mysql_query($sql);               //execute the query
            if(mysql_num_rows($rs)==1) {
		 $uid = $row["id"];

                    session_start(); 
$_SESSION['user'] = $uid; // store session data
echo "UID = ". $_SESSION['user']; //retrieve data

            }else{

if(mysql_num_rows($rs)==0) {

//invalid username of password
                  //redirect to login page
                  header("Location: login.php"); }
    }
}
?>

[LiamProductions]

Where are you including the mysql connection?

[darkfreaks]

example

 

<?php

session_start();   if (isset($_SESSION['username'])){      echo "User : ".$_SESSION['username'];      unset($_SESSION['username']);   } else {      echo "Set the username";      $_SESSION['username'] = 'John';

?>

 

 

http://www.phpf1.com/tutorial/php-sessions.html

 

good session tutorial

[forumnz]

This is what I currently have... why is it not working?

 

<?php

session_start();
$_SESSION['uid'] = '$id';

include('connect.php');
mysql_select_db("bbmembers", $con);

if(count($_POST)>0)
{
           $username=$_POST["username"];
           $password=$_POST["password"];
	  
	   $password=md5($password);
           $sql="SELECT * FROM members
                    WHERE
                    username=\"$username\" 
                    AND 
                    password=\"$password\"";
            $rs=mysql_query($sql);               //execute the query
            if(mysql_num_rows($rs)==1) {

                    //Set Session

				session_start(); 

				$_SESSION['id'] = $id; // store session data
echo "UID = ". $_SESSION['id']; //retrieve data

            }else{

if(mysql_num_rows($rs)==0) {

//invalid username of password
                  //redirect to login page
                  header("Location: login.php"); }
    }
}
?>

 

The connect.php is connecting to the db.

 

Thanks,

Sam.

[rarebit]

Your using session start twice??

[forumnz]

I know I am stupid.... haha... what do i do?

[darkfreaks]

take out the second session_start?

[forumnz]

OK, it still just displays "UID="

[darkfreaks]

<?php


$_SESSION['uid'] = $id;

echo "UID=" $id;

?>

[forumnz]

in my db it is id not uid. Does that help?

[darkfreaks]

change it to the exact field then

 

 

<?php


$_SESSION['id'] = $id;

echo "UID=" $id;

?>

[rarebit]

Here's how I make sure the session is started and how to get the session_id:

//	START SESSION
try
{
	if ( !@ ( session_id() ) )
		throw new Exception ("oh no!");
}
catch (Exception $e)
{
	//print 'INCLUDE ERROR!!!<br>';
	//return -1;
	session_start();
}

//	GET CURRENT SESSION ID
try
{
	if ( !@ ( $sess['sess_id'] = session_id() ) )
		throw new Exception ("oh no!");
}
catch (Exception $e)
{
	session_destroy();
	session_start();

	$sess['sess_id'] = session_id();
}

 

Use whatever you want instead of $sess['sess_id']...