[SOLVED] my Session functions

[HuggieBear]

Change your SQL statement to this...

 

$sql = "SELECT `" . $select . "` FROM `cf_users` WHERE `id` = '" . $where . "' LIMIT 1";

 

Escaping out of the quoted string to insert your variables makes it a) easier to read and b) quicker to parse.

 

Regards

Huggie

[HuggieBear]

Also make sure you use something like mysql_escape_string() on your data before selecting it.

 

Regards

Huggie

[MasterACE14]

I've stuffed up my session functions bad. Their failing left, right and center  , I'm going to start over. Try a different approach. I've got session_start() function at the top of index.php which runs the show. I can destroy sessions easy enough, I can check if a session exists easy enough, but I need a better way for people to "log in", I need to create the session, but I also need to select their account from the database. So I dont have to use the $_SESSION["playerid"] variable that I have been using. Its too bloody complicated and just isnt working for me.

 

I need the person to be able to log in, and then I should be able to grab information for that person in the database by a query like this:

$sql = "SELECT `field` FROM `cf_table` WHERE `id`=`$userrow["id"]` LIMIT 1";

 

or something like that, its just creating the session and grabbing the right user from the database that isnt working for me.

[HuggieBear]

OK, think about this logically...

 

1. Present the user with a login form

2. Check the user against the database

3. If the user is verified then create a session variable with their unique User ID in it, if not then re-present the login form

4. Add a check to the top of each member page to make sure that the session variable exists.  If it doesn't redirect to login page, if it does then display content.

 

That's as simple as it gets for logging in.  Worry about making functions out of it afterwards, especially if you're struggling with the basic procedural approach.

 

Regards

Huggie

[MasterACE14]

Ok, Thank you 

[MasterACE14]

ok, I've started it all over again, and thinks are looking up this time. I have 1 error though, and thats with the header() function once again, besides that, everything is working fine! which is a relief. I've finally got it all working for me. Besides the header() function of course.

 

I am having problems with the header() function on my login.php and logout.php pages.

 

here is login.php:

<?php  // Login the Player

// Process the POST variables
$username = $_POST["username"];

// Setup the session variables
$_SESSION["username"] = $username;

// Connect to database ready to match the usernames, then switch over to match the ID
$rs = mysql_connect( "localhost", "ace_ACE", "******" );
$rs = mysql_select_db( "ace_cf" );

// SQL query for all entries in descending order
$sql = "SELECT `id` FROM `cf_users` WHERE `username`='" . $username . "' LIMIT 1";
$rs = mysql_query( $sql ) or die('Query:<br />' . $sql . '<br /><br />Error:<br />' . mysql_error());

// This gets the data from the result resource
$query = mysql_result($rs,0,0);

// Put the players ID into a variable
$player_id = $query;

// Put the players ID variable into a session variable
$_SESSION["playerid"] = $player_id;

// Start the output buffer so we dont create any errors with headers
ob_start();

// Automatically redirect the player to the base page
header("Location: index.php?page=base");

//Flush the buffer to screen
ob_end_flush();

?>

 

and the error on login.php:

Warning: Cannot modify header information - headers already sent by (output started at /home/ace/public_html/conflictingforces/index.php: in /home/ace/public_html/conflictingforces/lib/login.php on line 30

 

here's logout.php:

<?php // Logout Player - Destroy Session

// Destroy the session
session_destroy();

// Start the output buffer so we dont create any errors with headers
ob_start();

// Automatically redirect the player to the homepage
header("Location: index.php?page=home");

//Flush the buffer to screen
ob_end_flush();

?>

 

here's the logout.php page error:

Warning: Cannot modify header information - headers already sent by (output started at /home/ace/public_html/conflictingforces/index.php: in /home/ace/public_html/conflictingforces/lib/logout.php on line 10

 

 

[HuggieBear]

You can't just put ob_start() and ob_end_flush() around the header that you want to output, it doesn't work like that.  You have to put it around all the content ouput until that point.

 

I may have confused you with Output Buffering before you were ready for it.  Read this tutorial, it's short, aimed at beginners and should really help you.

 

Regards

Huggie

[MasterACE14]

I've read the guide and have tried various things with logout.php and login.php but I still keep getting the same error  :-\

[HuggieBear]

That's because your ob_start() is in the wrong place, it needs to be before anything gets output, not just before the header.  Line 8 of your index.php is outputting code before all this.  ob_start() needs to before that.

 

Regards

Huggie

[MasterACE14]

OH! im so Noobish! lol, I forgot completely about index.php, I'll give that a try now

 

[MasterACE14]

Its working Now!!! Thank you so much!

 

Now, I have a "Remember me" checkbox on my login page, and I want to set it up so, if the person ticks it, it creates a cookie that then will save what they put into the login form. But I have no Idea how to go about doing this, I do know how to setup cookies, but I don't know how to work the rest.

[HuggieBear]

OK, well mark this topic as solved by using the 'Topic Solved' button and start a new thread for that question.

 

Regards Huggie :-)

[MasterACE14]

ok, thanks again