...

View Full Version : PHP Session Help, Please



Stalingrad
07-28-2008, 07:47 PM
Hello. I'm having some major trouble with a login script that I've written. It's not registering the sessions or something, because when I go to the index page; (after I've logged in); it doesn't display the content that it should when somebody is logged in. May somebody please tell me why it isn't working? Please and Thank You in advance. Below I've included both the Login code, and the index code.

login.php:


<?php
session_start();

include("config.php");
if($_SESSION['username'] != "") {
echo "<div id=\"b\">$b</div><div id=\"n\">$nav</div><div id=\"c\"><img src=images/layout/login.jpg><br><br>Error! You are already Logged In.</div><div id=\"i\">$info</div>";
}

if($_SESSION['username'] == "") {
$submit = $_POST['submit'];
$lusername = $_POST['username'];
$lpassword = $_POST['password'];

echo "<div id=\"b\">$b</div><div id=\"n\">$nav1</div></div><div id=\"i\">$info</div><div id=\"c\"><img src=images/layout/login.jpg><br><br>";
if(!isset($submit)) { ?><html><form action="<?php echo "$PHP_SELF" ?>" method="POST">Username: <input type="text" name="username" maxlength="16"><br><br>Password: <input type="password" name="password" maxlength="16"><br><br><br><input type="submit" name="submit" value="Login"></form></html><?php
}
if(isset($submit)) {
$cq = mysql_query("SELECT * username FROM users WHERE username='$lusername' AND password='$lpassword'");
$c = @mysql_num_rows($cq);
if($c == "0") { ?>
<html><font color=red>Error! Invalid Username/Password Combination.</font><br><br><form action="<?php echo "$PHP_SELF" ?>" method="POST">Username: <input type="text" name="username" maxlength="16"><br><br>Password: <input type="password" name="password" maxlength="16"><br><br><br><input type="submit" name="submit" value="Login"></form></html><?php
}
if($c == "1") {
session_register("username");
session_register("password");
echo "You are now Logged in.<br><br>Click <a href=index.php>Here</a> to Continue.";
}
}
}

?>




index.php:


<?php
session_start();

include("config.php");
if($_SESSION['username'] != "") {
echo "<div id=\"b\">$b</div><div id=\"n\">$nav1</div><div id=\"c\">Welcome to Rock Land.</div><div id=\"i\"></div>";
}

if($_SESSION['username'] == "") {
echo "<div id=\"b\">$b</div><div id=\"n\">$nav</div><div id=\"c\">Welcome to Rock Land.</div><div id=\"i\">$info</div>";
}

?>



Thanks again! =]

djm0219
07-28-2008, 08:09 PM
You're retrieving the form data using the variable names $lusername and $lpassword but using username and password in session_register. Try changing:



session_register("username");
session_register("password");


to:



session_register("lusername");
session_register("lpassword");


in login.php. I'd also suggest NOT storing the password in the session especially unencrypted.

Fou-Lu
07-28-2008, 09:55 PM
session_register is deprecated and relies on the existence of register_globals directive to work properly. They are not compatible with $_SESSION superglobals.
Replace:


session_register("username");
session_register("password");

with


$_SESSION['username'] = $lusername;
$_SESSION['password'] = $lpassword;

Since the result set is not actually fetched from the query, you're stuck with using the $lusername and $lpassword variables. I'd recommend sanitizing the query where it uses the $lusername and $lpassword with mysql_real_escape_string first to help protect you're query from an SQL injection.

infinivert
07-29-2008, 06:08 AM
session_register is deprecated and relies on the existence of register_globals directive to work properly. They are not compatible with $_SESSION superglobals.

Oh wow... Hadn't caught that yet. I guess I have some updating to do tomorrow.

Thanks!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum