graham23s Posted February 10, 2008 Share Posted February 10, 2008 Hi Guys, im in the middle of developing a basic e-commerce site, what i have done is add no session checking code to a lot of the pages so ANYONE can browse them, but when they go to add something to the shopping cart, i check if the sesiion_id of the user is set, if it isn't the items dont get added to mysql and they are prompted to goto the login page sessions.php <?php ob_start(); session_start(); header("Cache-control: private"); if($_SESSION['logged_in'] != 'yes') { header("Location: login.php"); } ## a variable for easier access $var_loggedinuserid = $_SESSION['id']; $var_loggedinuser = $_SESSION['username']; ?> login.php <?php // include the database connection // include("inc/dbconnection.php"); include("inc/functions.php"); include("inc/header.php"); include("inc/navigation.php"); ?> <?php // standard header // print("<div class=\"subheader\"><div id=\"title\">Home > <span class=\"blue\">Login to your account</span></div>You can update your personal details and view orders in here.</div>"); // catch the submission // if(isset($_POST['submitform'])) { // vars // $username = mysql_real_escape_string(trim($_POST['username'])); $password = mysql_real_escape_string(trim($_POST['password'])); // see if the details are in the database // $querylogin = "SELECT `id`,`username`,`password` FROM `fcp_customers` WHERE `username`='$username' AND `password`='$password' LIMIT 1"; $resultslogin = mysql_query($querylogin) or die (mysql_error()); $row = mysql_fetch_array($resultslogin); $num = mysql_num_rows($resultslogin); if($num != 1) { print("NO RESULTS!"); } else { // there was results so update the login timer and set a session // $querytimer = mysql_query("UPDATE `fcp_customers` SET `lastloggedin`=now() WHERE `username`='$username' AND `password`='$password'"); // set some sessions // session_start(); // make session vars // $_SESSION['id'] = $row['id']; $_SESSION['username'] = $row['username']; $_SESSION['logged_in'] == 'yes'; // redirect to members page // header("Location: account.php"); ob_clean(); } } // end isset // // login box // print("<form action=\"login.php\" method=\"post\">"); print("<table width=\"300\" border=\"1\" cellpadding=\"5\" cellspacing=\"0\">\n"); print("<tr>\n"); print("<td align=\"right\">Username:</td><td align=\"left\"><input type=\"text\" name=\"username\" size=\"40\"></td>\n"); print("</tr>\n"); print("<tr>\n"); print("<td align=\"right\">Password:</td><td align=\"left\"><input type=\"password\" name=\"password\" size=\"40\"></td>\n"); print("</tr>\n"); print("<tr>\n"); print("<td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submitform\" value=\"Login\"></td>\n"); print("</tr>\n"); print("</table></form>\n"); ?> <?php // include the footer // include("inc/footer.php"); ?> account.php <?php // include the database connection // include("inc/dbconnection.php"); include("inc/header.php"); include("inc/navigation.php"); ?> <?php ?> <?php // include the footer // include("inc/footer.php"); ?> my problem is really when i try to login, it doesn't seem to go to the account.php page any ideas on what i have done wrong? thanks guys Graham Quote Link to comment Share on other sites More sharing options...
Chris92 Posted February 10, 2008 Share Posted February 10, 2008 Erm, maybe set your form action to account.php replace "print("<form action=\"login.php\" method=\"post\">");" with "print("<form action=\"account.php\" method=\"post\">");" Quote Link to comment Share on other sites More sharing options...
graham23s Posted February 10, 2008 Author Share Posted February 10, 2008 Hi Mate, yeah but surely the: header("Location: account.php"); should eventually execute when the page is submitted to itself, as far as i can see all the code executes right up untill the update timer query im totally stupmed lol i have it this way on other sites aswell. Graham Quote Link to comment Share on other sites More sharing options...
Chris92 Posted February 10, 2008 Share Posted February 10, 2008 if($num > 0) { // there was results so update the login timer and set a session // $querytimer = mysql_query("UPDATE `fcp_customers` SET `lastloggedin`='".now()."' WHERE `username`='$username' AND `password`='$password'"); // set some sessions // session_start(); // make session vars // $_SESSION['id'] = $row['id']; $_SESSION['username'] = $row['username']; $_SESSION['logged_in'] = 'yes'; // redirect to members page // header("Location: account.php"); ob_clean(); } else { print("NO RESULTS!"); } Quote Link to comment Share on other sites More sharing options...
graham23s Posted February 10, 2008 Author Share Posted February 10, 2008 Hi Mate, just tried that to no joy either i am truely stumped lol the crazy thing is the update query executes fine it seems to be the session part, isn't headering on for some reason. Graham Quote Link to comment Share on other sites More sharing options...
Chris92 Posted February 10, 2008 Share Posted February 10, 2008 To be honest I can't see anything in your code which would stop the header from working. Just try echoing something after each step untill you find where it's stopping. Quote Link to comment Share on other sites More sharing options...
graham23s Posted February 10, 2008 Author Share Posted February 10, 2008 i'm the same mate ill keep debuggin lol cheers Graham Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.