[SOLVED] Session not being stored...

[gunner_uk2000]

I want to have users able to login, and when they do their name username is kept in a session vairable:

 

Here is my code to log in:

 

The check Login is a fucntions, which checks with a mysql database, the user logs in fine here and the username that I've put in the session array is echoed out fine:

 

<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<?php 
include 'DatabaseConnection.php';

if( CheckLogIn($_POST['txtUserID'], $_POST['txtPassword']) ){

	//echo " $logged

	$_SESSION['LoggedIn'] = true;
	$_SESSION['User'] = $_POST['txtUserID'];

	$log = $_SESSION['LoggedIn'];
	$u = $_SESSION['User'];	

}

include 'Header.php';

echo "Login good";

echo "<br> Logged in = $log  and userID = $u";
?>

 

I want to use the username on another pages to query the database, now on this page when I echo it for testing the session vairable containing the username is empty.

 

<?php session_start(); ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Update Account</title>
</head>

<body>

<?php
include "Header.php";

include "DatabaseConnection.php";

$u = $_SESSION['User'];

echo "<h1> $u </h1>";

$link = ConnectToDatabase();	

$query =  "SELECT * FROM user WHERE username = '$u'";

$result = mysql_query($query, $link);

 

There is a common header which is included in both of the above pages and makes use another session vairable, which doesn't lose it's value.

 

 

<div class="header" id="header">
  <p><img src="" alt="The Greenwich Freecycle Logo" width="300" height="100" id="FreeCycleLogo" style="background-color: #00CC00" /></p>
  <h1>Greenwich Freecycle</h1>
  <ul>
  	<?php
	if($_SESSION['LoggedIn']){
    		echo "<li><a href=\"EditAccountForm.php\">Edit Account</a></li>";
    		echo "<li><a href=\"Logout.php\">Log Out</a></li>";
    		echo "<li><a href=\"OfferItems.php\">Offer Items</a></li>";
	} else {
		echo "<li><a href=\"LoginForm.php\">Login</a></li>";
    		echo "<li><a href=\"RegisterForm.php\">Register</a></li>";		
	}
?>
    <li>Seearch for items </li>
  </ul>
</div>

 

Does anyone have any idea what I'm doing wrong?

[PFMaBiSmAd]

Check your web server log for errors to see if the session is getting created at all.

 

Your first page might appear to be working by operating on an array called $_SESSION without there actually being a real session.

[gunner_uk2000]

If I change the code:

 

$_SESSION['User'] = $_POST['txtUserID'];

 

to

 

$_SESSION['User'] = 'mi407'

 

Then my code works and 'mi407' comes out of the session vairable when I use it in the other pages.

 

So It looks like whats happening is when I do the assignment the session vairable is getting set to array referenece, and not copying the data accross. So it's not working because the post array doesn't exist when I go to the new page?

 

Anyone know how to get the value out of the array?

 

[revraz]

Where is your login code getting $_POST['txtUserID'] from?

[PFMaBiSmAd]

It's also possible that the CheckLogIn() function is overwriting the value.

[gunner_uk2000]

I've put some debug code in here, there result is that the post value is the same after the the checkLogIn function but the a == b condition fails. presumable because they're not the same vairable, but they both have 'mi407' in them.

 

	$a = $_POST['txtUserID'];

if( CheckLogIn($_POST['txtUserID'], $_POST['txtPassword']) ){

	//echo " $logged
	$b = $_POST['txtUserID'];

	if(a == b)
		echo "YAY!  A = $a and B = $b";
	else
		echo "Nay! A = $a and B = $b";

 

Here is the check Login Function which doesn't change the post value:

 

	function CheckLogIn($userID, $passwordEntered){
	$connection = ConnectToDatabase();

	$query = "SELECT password FROM user WHERE username = '$userID'";

	$result = mysql_query($query, $connection);

	//There is an error if the result is null, is not a resource and doesn't return
	//exactly one row	
	if($result != 0 && is_resource($result) && mysql_num_rows($result) == 1){
			//get the var no out of the database
			$row = mysql_fetch_array($result);
			extract($row);

			if($password == $passwordEntered){
				return true;
			}

			return false;		

	}

	return false;
}

 

 

The $_POST['txtUserID'] value is comming from this form:

 

<?php session_start(); ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Freecycle Login</title>
</head>

<body>
<?php
include 'Header.php'
?>

<form id="Login" method="post" action="Login.php">
  <p>
  Username
  <input name="txtUserID" type="text" id="txtUserID" tabindex="1" />
  </p>
  <p>
    Password
    <input name="txtPassword" type="password" id="txtPassword" tabindex="2" />    
  </p>
  <p>
    <input type="submit" name="Submit" tabindex="3" />
  </p>
</form>
</div>
</body>
</html>

[revraz]

Shouldn't it be

 

if($a == $b)

 

[gunner_uk2000]

Here is the full code:

 

<code>

<?php

include 'DatabaseConnection.php';

 

$p = $_POST['txtUserID'];

 

echo "<h1>Post = $p </h1>";

 

if( CheckLogIn($_POST['txtUserID'], $_POST['txtPassword']) ){

 

        $_SESSION['LoggedIn'] = true;

 

if (isset($_POST['txtUserID']))

{

echo "<h1>Post Set</h1>";

            $_SESSION['User'] = $_POST['txtUserID'];

               

}

else

{

echo "<h1>Post Not Set</h1>";

    $_SESSION['User'] = '';

}

 

</code>

 

which returns:

Post = mi407

Post Set

Session is mi407

 

Hence according to this the session is stored fine;

 

On another page this code:

 

<code> $u = $_SESSION['User'];

if(isset($_SESSION['User'])){

echo "<h1>Session is Set</h1>";

echo "<h1> $u </h1>";

} else {

echo "Bugger!";

}

</code>

 

returns: Session is set.

 

ie it's set but the data has disappeared.

 

 

On both occassions there is:

<code><?php session_start(); ?></code>

at the top of the page before the opening HTML and DocType Tags

[adam291086]

have you just tried echoing out the session without any other code?

 

edit

 

in your first bit of code change

 

$_SESSION['User'] = $_POST['txtUserID'];

 

to

 

$_SESSION['User'] = $p

 

You create the variable $p and dont use it. Bit pointless. This was we know $p have data in it

[PFMaBiSmAd]

Usually when variables get overwritten, when the code itself is not doing it, is because of register_globals being on and there being a same name program/post/get/session/cookie variable. Is there a chance you have another program or any array (post/get/session/cookie) variable named User?

 

Also, your code sets $_SESSION['User'] = ''; anytime the file is visited when $_POST['txtUserID'] is not set. Any chance you are doing url rewriting or any other redirecting that might cause that page to be fetched again before you go the second page where $_SESSION['User'] is set but does not contain the correct value. A '' empty string in $_SESSION['User'] will make the isset() true.

 

Also, I don't believe the code posted was full code, because some of the output "Session is mi407" is not produced by the posted code, and whatever that code is, might be overwriting the value.

 

Edit: Actually in reviewing this thread, it is not clear what you are actually doing and in what order. At one point you state that setting $_SESSION['User'] = 'mi407' works, which would lead me to believe that you are expecting $_POST['txtUserID'] to exist past the page the form submits to, which it won't.

[gunner_uk2000]

Changing the session variable name to 'UserBollocksZWX2345321' makes it work, so it seem that register_globals are on on my uni's webserver.

 

Thanks for all your help to everyone thats posted

 

Is there a php equivalent of a C #define?