NoSalt Posted October 1, 2007 Share Posted October 1, 2007 I am "attempting" to create a very simple admin login for a site I use but am having trouble with the sessions. It seems that I can log in correctly, the is a good session variable, and there is a session in my list of browser cookies. The only problem is that I cannot seem to stay logged in. Here is the trimmed down version of the page that I am using. Any idea what I am doing wrong here? Any help would be very much appreciated. Thanks <?php $login = ($_GET['login']) ? $_GET['login'] : null; $submittedLogin = ($_POST['loginName']) ? $_POST['loginName'] : null; $submittedPW = ($_POST['password']) ? $_POST['password'] : null; require('./includes/config.inc.php'); require('./includes/dbcx.inc.php'); if($submittedLogin && $submittedPW){ $sqlQuery = "select username,password from users where username='" . $submittedLogin . "'"; $sql = mysql_query($sqlQuery); while($row = mysql_fetch_array($sql)){ $loginName = $row['username']; $password = $row['password']; } if(md5($submittedPW) == $password && $submittedLogin == $loginName){ if(session_start()){; $_SESSION['loggedIn'] = 1; $_SESSION['dummy'] = "Dummy Variable"; } } } ?> <html> <head> <title> Admin Page </title> </head> <body> <div class="container"> <div> <h2>Admin Page</h2> </div> <?php if(!isset($login)){ if(isset($_SESSION['loggedIn'])){ ?> <div> <table border="1"> <tr><td colspan="2"><h4>Welcome Admin ...</h4></td></tr> <tr><th>The session var "loggedIn" is </th><td><?php echo $_SESSION['loggedIn']; ?></td></tr> <tr><th>The session var "dummy" is </th><td><?php echo $_SESSION['dummy']; ?></td></tr> <tr><th>The session id is </th><td><?php echo session_id(); ?><br /></td></tr> </table> </div> <?php } else{ ?> <div class="content"> <table border="1"> <tr><td colspan="2">Info Table</td></tr> <tr><th>The session var "loggedIn" is </th><td><?php echo $_SESSION['loggedIn']; ?></td></tr> <tr><th>The session var "dummy" is </th><td><?php echo $_SESSION['dummy']; ?></td></tr> <tr><th>The session id is </th><td><?php echo session_id(); ?><br /></td></tr> <tr><td colspan="2"><button onclick="window.location='<?php echo $_SERVER['PHP_SELF']; ?>?login=1';">Log In</button></td></tr> </table> </div> <?php } } else{ ?> <div class="loginDiv"> <table border="1"> <form name="theForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <tr><th>Login Name:</th><td><input type="text" name="loginName" id="TextBox_01" /></td></tr> <tr><th>Password:</th><td><input type="password" name="password" id="TextBox_02" /></td></tr> </form> </table> </div> <?php } ?> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
jaymc Posted October 1, 2007 Share Posted October 1, 2007 When you say you cant stay logged in, elaborate.. When you close the browser and revisit the page it wants you to login again? If you are not active on the page for over 5 minutes when clicking a link it prompts for login What? Quote Link to comment Share on other sites More sharing options...
shocker-z Posted October 1, 2007 Share Posted October 1, 2007 are you sure that you have session_start() at the top of every page? as if you miss it off 1 page then click a link your sessionm will be lost.. Liam Quote Link to comment Share on other sites More sharing options...
NoSalt Posted October 1, 2007 Author Share Posted October 1, 2007 Yes, it wants me to log in again. The very first page just has a "Log In" button. Click that and it takes you to a form that has a username and password field. Click the "submit" button and it takes you to the admin page with a table showing the sessionID and other information. If I go all the way back to the first page with the "Log In" button, the page doesn't recognize the session. However, when I "log in" again I get the same sessionID as before. Am I just completely overlooking something here? Thanks for reading Quote Link to comment Share on other sites More sharing options...
jaymc Posted October 1, 2007 Share Posted October 1, 2007 Are you calling session_start(); on every single page? You must do this for it to be able to pick uo the session Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted October 1, 2007 Share Posted October 1, 2007 are you sure that you have session_start() at the top of every page? You may also be caching the original login page. When you go back to the login page, try shift-refresh to see if your session is actually running. If so, you may need to address caching of that page. Quote Link to comment Share on other sites More sharing options...
NoSalt Posted October 1, 2007 Author Share Posted October 1, 2007 Nope ... just calling session_start() once. Here is a copy of the code that is fully self-contained: <?php $login = ($_GET['login']) ? $_GET['login'] : null; $submittedLogin = ($_POST['loginName']) ? $_POST['loginName'] : null; $submittedPW = ($_POST['password']) ? $_POST['password'] : null; $loginName = "admin"; $password = "5f4dcc3b5aa765d61d8327deb882cf99"; // the md5 hash for the word "password" if(md5($submittedPW) == $password && $submittedLogin == $loginName){ if(session_start()){ $_SESSION['loggedIn'] = 1; $_SESSION['dummy'] = "Dummy Variable"; } } ?> <html> <head> <title> Admin Page </title> </head> <body> <div class="container"> <div> <h2>Admin Page</h2> </div> <?php if(!isset($login)){ if(isset($_SESSION['loggedIn'])){ ?> <div> <table border="1"> <tr><td colspan="2"><h4>Welcome Admin ...</h4></td></tr> <tr><th>The session var "loggedIn" is </th><td><?php echo $_SESSION['loggedIn']; ?></td></tr> <tr><th>The session var "dummy" is </th><td><?php echo $_SESSION['dummy']; ?></td></tr> <tr><th>The session id is </th><td><?php echo session_id(); ?><br /></td></tr> </table> </div> <?php } else{ ?> <div class="content"> <table border="1"> <tr><td colspan="2">Info Table</td></tr> <tr><th>The session var "loggedIn" is </th><td><?php echo $_SESSION['loggedIn']; ?></td></tr> <tr><th>The session var "dummy" is </th><td><?php echo $_SESSION['dummy']; ?></td></tr> <tr><th>The session id is </th><td><?php echo session_id(); ?><br /></td></tr> <tr><td colspan="2"><button onclick="window.location='<?php echo $_SERVER['PHP_SELF']; ?>?login=1';">Log In</button></td></tr> </table> </div> <?php } } else{ ?> <div class="loginDiv"> <table border="1"> <form name="theForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <tr><th>Login Name:</th><td><input type="text" name="loginName" id="TextBox_01" /></td></tr> <tr><th>Password:</th><td><input type="password" name="password" id="TextBox_02" /></td></tr> <tr><td><button type="submit">Log-In</button><button type="reset">Reset</button></td></tr> </form> </table> </div> <?php } ?> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted October 1, 2007 Share Posted October 1, 2007 This must be AT THE TOP BEFORE ANY OTHER CODE: session_start() otherwise you are ONLY starting the session if the user submits a correct user name and password. else, there is no session. Quote Link to comment Share on other sites More sharing options...
jaymc Posted October 1, 2007 Share Posted October 1, 2007 Yes but on each page is session_start(); called Just once.. preferable right at the top of your script Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted October 1, 2007 Share Posted October 1, 2007 yes, session_start() does not "literally" start the entire session. It basically says "include this page in the session." if session_start() is not called, there is no session on that page. Quote Link to comment Share on other sites More sharing options...
NoSalt Posted October 1, 2007 Author Share Posted October 1, 2007 Well ... BlueSkyIS nailed it. I simply moved the session_start() to the top of the page and everything worked like a champ. Sometimes I need to be actually hit over the head with the <insert name of language> book before a simple concept sinks in. Thank you all for looking and replying. Have a great day! Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted October 1, 2007 Share Posted October 1, 2007 shocker-z was close first, except you CAN leave a page WITH session_start() and go to multiple pages WITHOUT session_start() and then return to a page WITH session_start() and continue the original session, something like this: login.php // session_start(), set session variables somepage1.php // session_start(), session variables still set from login.php somepage2.php // NO session_start(), session variables are not available in code somepage3.php // NO session_start(), session variables are not available in code somepage4.php // session_start(), session variables still set from login.php (except in case of session timeout, of course) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.