View Full Version : session troubles

11-18-2007, 01:02 PM
Hello :)

I am making a small site for a project which requires me to allow users to login. I have made a very basic site which seems to work absolutely fine. I am just having a small problem with my $_SESSION variables.

my login script checks the username, then checks the md5() of the password, and if everything checks out then the user is logged in and the following script is executed...

if (trim($currentLineArray[1]) == trim(md5($password))){
$valid = 1;
$_SESSION['username'] = $username;

I was under the impression that $_SESSION variables were kind of global, and so if I were to reference this $_SESSION['username'] variable anywhere else it would have the $username value assigned to it, including on any other page.

For example this code is in a page called login.php. But when ever i try to echo the value of $_SESSION['username'] anywhere else on the same page, or on any other page where the session has been started, I just get a blank page until i delete the reference to the session variable Can anyone help me out?

the sites index page can be found at http://www.aatwo.com/programming/php/rsscw/index.php :)

11-18-2007, 02:46 PM
Have you included session_start(); in all of your required pages as the first line?

if (trim($currentLineArray[1]) == trim(md5($password))){
Why do you trim the md5() result?
And to compare two strings, you have to use strcmp() instead of ==

11-18-2007, 04:18 PM
ok I have converted to string compare.

Basically here is the chunk of code I am dealing with. This script is executed when the user clicks the logon button after entering their details.

$userfile = fopen("userFile.txt","r");
$username = $_POST['username'];
$password = $_POST['password'];
$valid = 0;
while (!feof($userfile)) {
$currentLine = fgets($userfile);
$currentLineArray = explode(',', $currentLine);
if ($currentLineArray[0] == $username){
// User exists so check the password
if (strcmp($currentLineArray[1],md5($password)) == 0){
$valid = 1;
$_SESSION['username'] = $username;
$echo "$_SESSION['username']";

Basically it takes the post data from the form on the previous page, compares the entered usernames and passwords with all of those stored in my flatfile, and then sets $valid to 1 and $_SESSION['username'] to the value of $username if matches were found.

notice the following line...

$echo "$_SESSION['username']";

The web page fails to load until I remove this echo statement and I have no idea why since I am assigning a value to this session variable in the line above it. WHyyyyyyy ? ? :(

EDIT: and yes I do have the session_start() function at the begining of the document (and all of my other pages as well) in the following format...


11-18-2007, 04:24 PM
you've set echo as a variable

$echo "$_SESSION['username']";
should be

echo $_SESSION['username'];

Also I don't recommend storing user-information in a flat-file. It's publicly viewable so anyone can check the MD5's and usernames and attempt to crack the accounts.

11-18-2007, 04:39 PM
Wow that totally worked. Thanks a lot! But I was under the impression that echo required the quotations.

Also it is for a project and one of the specifications is to have everything stored in flat files. If the choice were mine I would definitely use a different method :p

11-18-2007, 04:47 PM
The syntax of a php array variable containing braces [] and quotes '' inside of a double-quoted string is a syntax error. Checking your web server log for errors and/or turning on full php error reporting would have exposed the problem.

11-18-2007, 07:49 PM
Some quote mark quirks:
$hello = 'Hello World!';
echo '$hello'; //output: $hello
echo "$hello"; //output: Hello World!
$hello = array('Hello', 'World!');
echo '$hello[0]'; //output: $hello[0]
echo "$hello[0]"; //output: $hello[0]
echo "{$hello[0]}"; //output: Hello