...

View Full Version : sessions



webguy23
01-12-2012, 12:37 AM
Hey everyone,

I have a login script that when you log in..it redirects you to a page called the members.php which has a statement the says your logged in..please click here to continue..and then when that link is clicked, it sends you to a page that displays what is supposed to be a "Welcome, 'what ever the user logged in as'" but instead of displaying the username..it displays an integer..I have nothing in my code that I am aware of that would display an integer...here is the logincheck.php for the log in process

<?php

session_start();

$username = isset($_POST['username']);
$password = isset($_POST['password']);

if($username&&$password)

{

$connect = mysql_connect("*******", "*****", "*******") or die("Could not connect!");
mysql_select_db("*******") or die("couldn't find db!");

$query = mysql_query("SELECT * FROM users WHERE username='$_POST[username]'") or die(mysql_error());

$numrows = mysql_num_rows($query);

if($numrows!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}

if ($username==$dbusername&&$password==$dbpassword)
{
echo "You're in! Click <a href='member.php'>here</a> to enter the member page!";
$_SESSION['username'] = $username;
}
else
echo "Incorrect Password!";
}
else
die("That user doesn't exist!");


}
else
die("Please enter a username and password!");

?>

and here is the member.php

<?php

session_start();

if ($_SESSION['username']){
echo "Welcome, ".$_SESSION['username']."!<br><a href='logout.php'>";
}else die ("You must be logged in!");
?> why does it display an inter such as "Welcome, 1!"

Spookster
01-12-2012, 12:59 AM
I would suspect your problem is here:



while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}

if ($username==$dbusername&&$password==$dbpassword)
{
echo "You're in! Click <a href='member.php'>here</a> to enter the member page!";
$_SESSION['username'] = $username;
}




You grab the username from the db as $dbusername and then assign it to the session as $username

webguy23
01-12-2012, 01:43 AM
@Spookster, how would I go about fixing this? sorry for the lack of knowledge..

webguy23
01-12-2012, 02:20 AM
never mind, I solved it! thanks for the help anyway! :D

_Aerospace_Eng_
01-12-2012, 05:09 AM
If your login script is in a production environment you have a lot more to worry about that a nice welcome message to the user. I suggest you look into preventing mysql injection. Tizag.com has a decent turorial. Also what did you end up using as a solution?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum