...

View Full Version : $_SESSION wont set on login



calebandchels
11-18-2011, 05:23 PM
I have checked over multiple times and I'm sure it's something stupid. I am new to debugging code I never used the
or die(mysqli_error()) till this try by myself. If you can point me into the right direction I would appreciate it.


<?php
require_once('../php_scripts/appvar.php');
//if the user isn't logged, try to log in
if(!isset($_SESSION['id']))
{
if(isset($_POST['login_submit']))
{
//connect to database
$dbc = mysqli_connect($DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME)
or die(mysqli_error());

//grab the user input data
$user_login = mysqli_real_escape_string($dbc, trim($_POST['login']));
$user_password = mysqli_real_escape_string($dbc, trim($_POST['login_password']));

if(!empty($user_login) && !empty($user_password))
{
//look up the input data and confirm it exists in database
$query = "SELECT id, alias FROM gig_user WHERE alias = '$user_login' AND password = SHA('$user_password')";
$data = mysqli_query($dbc, $query)
or die(mysqli_error());
if(mysqli_num_rows($data) == 1)
{
//login is confirmed set the sessions
$row = mysqli_fetch_array($data);
$_SESSION['id'] = $row['id'];
$_SESSION['alias'] = $row['alias'];
//redirect to profile page
$profile_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/profile.php';
header('Location: ' . $profile_url);
}
else
{
//login was not found set an error msg
$err_msg = 'Sorry, you must enter a valid username and password to log in.';
echo $err_msg;
}
}
}
}
?>



<form method = "post" action = "php_scripts/login.php">
<fieldset>
<label>Login</label>
<input type = "text" id = "login" name = "login" /><br />
<label>Password</label>
<input type = "password" id = "login_password" name = "login_password" /><br />
<input type = "submit" name = "login_submit" id = "login_submit" />
</fieldset>
</form>

mlseim
11-18-2011, 06:37 PM
All scripts that use $_SESSION in it, must start out like this:

<?php
session_start();

I'm not sure if your "included" scripts already have it or not,
but you can try adding "session_start();" at the top and if it's already
defined, you'll just get an error "session already started".

calebandchels
11-18-2011, 06:40 PM
All scripts that use $_SESSION in it, must start out like this:

<?php
session_start();

I'm not sure if your "included" scripts already have it or not,
but you can try adding "session_start();" at the top and if it's already
defined, you'll just get an error "session already started".

I have session start on the top. I am going to try and echo the input data to make sure im collecting that correctly.

calebandchels
11-18-2011, 07:42 PM
I think it has something to do with the query and using
SHA('$user_password') does that query look correct?

Ahlahn
11-18-2011, 08:45 PM
This query is incorrect:


$query = "SELECT id, alias
FROM gig_user
WHERE alias = '$user_login'
AND password = SHA('$user_password')";



First, it should be sha1, not sha. Second, somebody correct me if I'm wrong- but I don't think you can simply call sha1 in a query like that. I think you have to generate the hash first, then store it in a variable. Here's the updated version.



$password = sha1($user_password);
$query = "SELECT id, alias
FROM gig_user
WHERE alias = '$user_login'
AND password = '$password' ";

bdl
11-18-2011, 09:42 PM
This query is incorrect:

...

First, it should be sha1, not sha. Second, somebody correct me if I'm wrong- but I don't think you can simply call sha1 in a query like that. I think you have to generate the hash first, then store it in a variable. Here's the updated version.


Not true. You're confusing a PHP function and a MySQL function. SHA (or the alias SHA1) is a MySQL function run within the context of the query itself. So it's perfectly legal to have SHA('text'), or in the case of a double quoted string, SHA('$var').

tangoforce
11-18-2011, 10:29 PM
Yes mysql does have its own functions that you can call from within the SQL but admittedly I never use them myself. One reason for that is that even mysql admit the functions can change with different releases. I don't know about the rest of you but I'd rather stick to tracking php changes rather than tracking mysql too.

calebandchels
11-21-2011, 07:45 PM
So the SHA is fine does anyone see anything else that could be preventing this session from setting?

Adee
11-21-2011, 08:01 PM
edited



before setting the session after if mysql num rows etc echo out "success" to see if you're even getting the right result, then you'll know it isnt your query.

tangoforce
11-21-2011, 08:43 PM
So the SHA is fine does anyone see anything else that could be preventing this session from setting?

Well if it works on your system yes. If its code for a commercial product then scrap it now for the reasons I've mentioned above. Mysql internal functions can change from one version to another so you'll find yourself having to support numerous versions of mysql as well as php.

calebandchels
11-21-2011, 09:38 PM
Well if it works on your system yes. If its code for a commercial product then scrap it now for the reasons I've mentioned above. Mysql internal functions can change from one version to another so you'll find yourself having to support numerous versions of mysql as well as php.

Not a commercial product just trying to get better. So I need to not use SHA because mySQL changes the support for it? I am not familiar with any other way to do it. Could you point me to an article? I will also google it to see what I get.

calebandchels
11-21-2011, 09:44 PM
when I removed SHA it set the SESSIONS

tangoforce
11-21-2011, 10:21 PM
when I removed SHA it set the SESSIONS

Someone did point out to you above that you should be using sha-1 yet you replied saying that your use of sha was ok then.

Also instead of using the mysql functions use the PHP sha-1() function instead. Assign its output to a variable and put THAT into your SQL.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum