Jump to content

[SOLVED] Error with session

only one

By only one
in PHP Coding Help

 Share

Recommended Posts

only one Member

only one

Posted
Posted

Hi, im building a forum system, i was using cookies too log people in, but obviously some of them want too be able to be logged out when they close their browser, so i thought I'd integrate it with sessions, but on the second page of being logged in the session expires.

 

Do i need to redeclare the session?

Link to comment
https://forums.phpfreaks.com/topic/74198-solved-error-with-session/
Share on other sites
soycharliente Advanced Member

soycharliente

Posted
Posted

It's hard to diagnose the problem without looking at some of your code.

 

But generally, having something like session_start() should make sure to open a session on each page if one is not already opened so that the use of session variables can take place.

only one Member

only one

Posted
  • Author
Posted

I know that already i placed session_start(); ontop of each page, heres some code like you asked:

 

When they log in declare it:

if($row)
{
$time = date("D d F Y  H:i:s");
$ip = $_SERVER['REMOTE_ADDR'];

mysql_query("INSERT INTO `user_logs` (`userid`,`ip`,`time`) VALUES ('$row[id]','$ip','$time')");
mysql_query("DELETE FROM `guests` WHERE `ip` = '$_SERVER[REMOTE_ADDR]'");

if(!isset($_POST['staylogged']))
{
	$_SESSION["user"] = $row[username];

} else {

	setcookie("user", $row[username]);

}

 

I have this on the top of every page aswell:

	if($_SESSION['user'])
{
	$query = mysql_query("SELECT * FROM `users` WHERE `username` = '$_SESSION[user]'");
	$user = mysql_fetch_array($query);
	$logged = true;	
}

if($_COOKIE['user'])
{
	$query = mysql_query("SELECT * FROM `users` WHERE `username` = '$_COOKIE[user]'");
	$user = mysql_fetch_array($query);
	$logged = true;			
}

only one Member

only one

Posted
  • Author
Posted

No. Still not working. The session has the same id the whole way through but the weird thing is if i set $_SESSION['user'] again as the value of the array:

 

if($_SESSION['user'])
{
	$query = mysql_query("SELECT * FROM `users` WHERE `username` = '$_SESSION[user]'");
	$user = mysql_fetch_array($query);
	$_SESSION['user'] = $user[username];
	$logged = true;

}

 

The session stays, but it the value of the user variable is 0.

only one Member

only one

Posted
  • Author
Posted

And don't use $user[username] that's bad, use $user['username']

 

I was just showing a quick example.

 

What about this?

 

$_POST['staylogged']

 

If the user goes to the second page, this will not be set. Once you do the check, you should set a $_SESSION['staylogged']. Then, check that value.

 

I tried that but the i still need to put the $_SESSION['user'] in and its not keeping its data

only one Member

only one

Posted
  • Author
Posted 
	if($_GET['q'] == 'Login')
{
	if($logged)
	{
		$_GET['q'] = "Home";
	}
	 else
	{

		$title = "<a href=\"$_SERVER[php_SELF]?q=Login\">Login</a> ";

		$content = true;
		$contents = "
			<form action=\"$_SERVER[php_SELF]?q=Login\" method=\"post\" name=\"login\">
				<table class=\"board\">
					<tr>
						<td class=\"board_title\" colspan=\"2\">Login</td>
					</tr>
					<tr>
						<td>Username</td> <td><input type=\"text\" name=\"username\" value=\"$_POST[username]\" class=\"textbox2\" maxlength=\"20\" /></td>
					</tr>
					<tr>
						<td>Password</td> <td><input type=\"password\" name=\"password\" class=\"textbox2\" maxlength=\"32\" /></td>
					</tr>
					<tr>
						<td> Stay logged in: <input type=\"checkbox\" name=\"staylogged\" /> </td>
					</tr>
					<tr>
						<td colspan=\"2\"><input type=\"submit\" name=\"submit\" class=\"submit1\" value=\"Login\" /></td>
					</tr>
				</table>
			</form>
			";

		if(isset($_POST['submit']))
		{
			if($_POST['username'] == NULL)
			{
				$error = true;
				$errors .= "<li> Please fill in your Username. </li>";
			}

			if($_POST['password'] == NULL)
			{
				$error = true;
				$errors .= "<li> Please fill in your Password. </li>";
			}

			if(!$error)
			{
				$username = htmlentities("$_POST[username]");
				$password = md5("$_POST[password]");

				$query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
				$row = mysql_fetch_array($query);



				if($row)
				{
					$time = date("D d F Y  H:i:s");
					$ip = $_SERVER['REMOTE_ADDR'];

					mysql_query("INSERT INTO `user_logs` (`userid`,`ip`,`time`) VALUES ('$row[id]','$ip','$time')");
					mysql_query("DELETE FROM `guests` WHERE `ip` = '$_SERVER[REMOTE_ADDR]'");

					if(!isset($_POST['staylogged']))
					{
						$_SESSION['user'] = "$row[username]";

					} else {

						setcookie("user", $row[username]);

					}

					header("location: $_SERVER[php_SELF]");
					die("<meta http-equiv=\"refresh\" content=\"0;URL=$_SERVER[php_SELF]\" />");

					$content = false;
					$success = true;
					$successfully = "<li><font color=\"#00cc00\">Successfully</font>: Logged in... Welcome "$username".</li>";
				}

				else

				{								
					$error = true;
					$errors .= "<li><font color=\"#ff0000\">Error</font>: Incorrect Username and Password combination.</li> ";
				}
			}
		}
	}
}

only one Member

only one

Posted
  • Author
Posted

$_SESSION['user'] = "$row[username]";

 

should be

$_SESSION['user'] = $row['username'];

 

other than that, i dont know where the problem lies...

 

the only thing it can be is that session_start(); isnt at the head of each page

The page has 2000 lines of code, I don't want to paste it all.

 

Shouldn't this:

 

if(!isset($_POST['staylogged']))

 

be this:

 

if(isset($_POST['staylogged']))

 

No basically by placing a ! infront of the isset() function it asks if $_POST['staylogged'] isn't set.

only one Member

only one

Posted
  • Author
Posted

Right, but it isn't possible that that issue is the problem.  Because if it is not set, the session doesn't get set, but it should!

 

The session does get set, but it only gets set for 2 pages, on the second it begins too fade, and by the third you are logged out again.

kenrbnsn Regular Member

kenrbnsn

Posted
Posted

You probably should check whether "register_globals" is disabled. If it is enabled, you will have problems when there is a local variable that is named the same as a session variable. For example, with register_globals enabled

<?php
session_start();
$user = 'xyz';
$_SESSION['user'] = 'abc';
?>

 

You will find that the value of the $user variable will clobbered by the value of the $_SESSION['user'] variable.

 

Ken

MadTechie Regular Member

MadTechie

Posted
Posted

Few fixes

 

<?php

if($row)
{
$time = date("D d F Y  H:i:s");
$ip = $_SERVER['REMOTE_ADDR'];

mysql_query("INSERT INTO `user_logs` (`userid`,`ip`,`time`) VALUES ('{$row['id']}','$ip','$time')");
mysql_query("DELETE FROM `guests` WHERE `ip` = '$ip' ");

if(!isset($_POST['staylogged']))
{
	$_SESSION["user"] = $row['username'];							
} else {			
	setcookie("user", $row['username'], time()+(3600*24*1)); //1 day (change 1 to suite)
}

?>

 

 

<?php

if($_SESSION['user'])
{
	$query = mysql_query("SELECT * FROM `users` WHERE `username` = '{$_SESSION['user']}'");
	$user = mysql_fetch_array($query);
	$logged = true;	
}

if($_COOKIE['user'])
{
	$query = mysql_query("SELECT * FROM `users` WHERE `username` = '{$_COOKIE['user']}'");
	$user = mysql_fetch_array($query);
	$logged = true;			
}

?>

 

only one Member

only one

Posted
  • Author
Posted

You probably should check whether "register_globals" is disabled. If it is enabled, you will have problems when there is a local variable that is named the same as a session variable. For example, with register_globals enabled

<?php
session_start();
$user = 'xyz';
$_SESSION['user'] = 'abc';
?>

 

You will find that the value of the $user variable will clobbered by the value of the $_SESSION['user'] variable.

 

Ken

Thanks, they actually aren't globaled but that worked.  :D

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.