[SOLVED] Help! Problem creating session

[kjtocool]

Hi there, I am having a problem creating a session and holding it across pages.

 

I start with a simple form that requests username and password.  When the user clicks submit, it sends them to loginVal.php:

 

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Xtinct CMS</title>
<link href="main.css" rel="stylesheet" type="text/css">
<style type="text/css" >
<!--
.style1 {
font-family: Arial;
font-size: 16px;
color: #0F45FF;
font-weight: bold;
}
.style6 {
font-family: Arial;
font-size: 12px;
}
-->
</style></head>

<body>
<table width="670" border="0" align="center" cellpadding="0" cellspacing="0">
<form id="form1" name="form1" method="post" action="">
  <tr>
    <td background="images/top.jpg" height="50"> </td>
  </tr>
  <tr>
    <td background="images/middle.jpg" height="200" valign="top">
	<table width="670" border="0" cellspacing="0" cellpadding="0">
	  <tr>
		<td width="75"> </td>
		<td><p align="center"><span class="style1">Login</span></p>
		  <p align="left" class="style6">
			<?php
				$userName = $_POST["userName"];
				$_SESSION['userName'] = $userName;
				$passwordHash = md5($_POST["password"]);
				$_SESSION['passwordHash'] = $passwordHash;

				$databaseConnect = mysqli_connect("localhost", "username", "password", "database_name")
							Or die("Unable to connect to the database.");

				$query = "SELECT user_ID FROM Users WHERE username = '$userName' AND password = '$passwordHash' LIMIT 1";
				$result = mysqli_query($databaseConnect, $query);

				if (mysqli_num_rows($result) == 0)
					echo "Username or password is incorrect.";
				else
				{
					$row = mysqli_fetch_assoc($result);
					$_SESSION['userID'] = $row['user_ID'];
					echo "Successful Login";
					echo '<META HTTP-EQUIV="refresh" CONTENT="0.0; URL=http://www.thelink.com/options.php?' . SID . '">';
				}

				mysqli_free_result($result);
				mysqli_close($databaseConnect);
			?>
		  </p>
		  <br />
	    </td>
	    <td width="75"> </td>
	  </tr>
	</table>
</td>
  </tr>
  <tr>
    <td background="images/bottom.jpg" height="35"> </td>
  </tr>
  </form>
</table>
</body>
</html>

 

As you can see, I use session_start() to start the page.  I then get values for username and password, hash the password, and make sure the login is valid.  I pass values to a few $_SESSION variables, and if the login was valid, I redirect them to another page, options.php.

 

On options.php I run the following check:

 

<?php
session_start();

if (!isset($userID))
    {
        header("Location: http://www.thelink.com/index.php");
    }
?>

 

Even though I set the $_SESSION['userID'] variable, it always re-directs.

 

While troubleshooting, I tried echoing the SID in the loginVal.php file, and it came up as an empty string.  So for whatever reason, I am not generating a session ID.  I am new to sessions, can someone tell me what I am doing wrong?

 

KJ

[pocobueno1388]

In options.php when do you define $userID? I don't even see a session on your previous page thats called userID.

 

Change this

if (!isset($userID))

 

To

if (!isset($_SESSION['userName']))

[kjtocool]

I never define $userID.

 

I defene $_SESSION['userID'] in loginVal.php here:

 

if (mysqli_num_rows($result) == 0)

echo "Username or password is incorrect.";

else

{

$row = mysqli_fetch_assoc($result);

$_SESSION['userID'] = $row['user_ID'];

echo "Successful Login";

echo '<META HTTP-EQUIV="refresh" CONTENT="0.0; URL=http://www.thelink.com/options.php?' . SID . '">';

}

 

In any case, apparently my problem was that this:

if (!isset($userID))

 

should have been:

if (!isset($_SESSION['userID']))

 

So it works now.  Thanks a bunch!