Why are Sessions Working?

//Data File
//© 2004 DNI Web Design
//http://www.dniwebdesign.ca.tt

<?php
session_start();
include 'home/sites/site58/users/dnidesign/web/clientarea/config.php';
$result=mysql_query("SELECT * from dnidesign_clients where username='".$_SESSION['account']."' and password='".$_SESSION['password']."'",$connection) or print mysql_error();
if(mysql_num_rows($result))
{
while($row=mysql_fetch_array($result))
{
$account=$row["account"];
$password=$row["password"];
$firstname=$row["firstname"];
$lastname=$row["lastname"];
$company=$row["company"];
$address1=$row["address1"];
$address2=$row["address2"];
$town=$row["town"];
$province=$row["province"];
$postalcode=$row["postalcode"];
$country=$row["country"];
$phone=$row["phone"];
$fax=$row["fax"];
$email=$row["email"];
$website=$row["website"];
$paid=$row["paid"];
$balance=$row["balance"];

$_SESSION["account"] = $account;
$_SESSION["password"] = $password; // Register session key with the value
$_SESSION["firstname"] = $firstname; // Register session key with the value
$_SESSION["lastname"] = $lastname; // Register session key with the value
$_SESSION["company"] = $company; // Register session key with the value
$_SESSION["address1"] = $address1; // Register session key with the value
$_SESSION["address2"] = $address2; // Register session key with the value
$_SESSION["town"] = $town; // Register session key with the value
$_SESSION["province"] = $province; // Register session key with the value
$_SESSION["postalcode"] = $postalcode; // Register session key with the value
$_SESSION["country"] = $country; // Register session key with the value
$_SESSION["phone"] = $phone; // Register session key with the value
$_SESSION["fax"] = $fax; // Register session key with the value
$_SESSION["email"] = $email; // Register session key with the value
$_SESSION["website"] = $website; // Register session key with the value
$_SESSION["paid"] = $paid; // Register session key with the value
$_SESSION["balance"] = $balance; // Register session key with the value
}
}
?>

<?php include "data.php"; ?>
...
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="100%">
<tr>
<td valign="top" bgcolor="#CCCCCC"><table width="26%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="3"><b><i>Mailing Information</i></b></font></td>
</tr>
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="2"><? echo $_SESSION['company'] ?></font></td>
</tr>
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="2">c/o <? echo $_SESSION['firstname'] ?> <? echo $_SESSION['lastname'] ?></font></td>
</tr>
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="2"><? echo $_SESSION['address1'] ?> <? echo $_SESSION['address2'] ?></font></td>
</tr>
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="2"><? echo $_SESSION['town'] ?>, <? echo $_SESSION['province'] ?></font></td>
</tr>
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="2"><? echo $_SESSION['postalcode'] ?> <? echo $_SESSION['country'] ?></font></td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
</table></td>
</tr>
</table>


Okay for some strange reason this doesn't work. Why I don't know, however it registeres the account and password (from the form to login) and it registers the firstname and last name. Even if I remove the $_SESSION["firstname"]= $firstname; (both this and lastname) it still prints the info. However the other info doesn't print. Can anyone notice what I am doing wrong. I know I am connecting right, or else I wouldn't be able to get into the page.

My page is on a SSL server (https://) and are located in frames. Does any of these play a role in the problem?

Well. This is a toughie. For starters, I'd change the your display code to this:


<?php include "data.php"; ?>
...
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="100%">
<tr>
<td valign="top" bgcolor="#CCCCCC"><table width="26%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="3"><b><i>Mailing Information</i></b></font></td>
</tr>
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="2"><?php echo $_SESSION['company']; ?></font></td>
</tr>
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="2">c/o <?php echo $_SESSION['firstname']; ?> <?php echo $_SESSION['lastname']; ?></font></td>
</tr>
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="2"><?php echo $_SESSION['address1']; ?> <?php echo $_SESSION['address2']; ?></font></td>
</tr>
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="2"><?php echo $_SESSION['town']; ?>, <?php echo $_SESSION['province']; ?></font></td>
</tr>
<tr>
<td><font face="Arial, Helvetica, sans-serif" size="2"><?php echo $_SESSION['postalcode']; ?> <?php echo $_SESSION['country']; ?></font></td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
</table></td>
</tr>
</table>


Next, You may with to do something like this (for performance & read-spiffy issues ;)):

//Data File
//© 2004 DNI Web Design
//http://www.dniwebdesign.ca.tt

<?php
session_start(); // start the session
include 'home/sites/site58/users/dnidesign/web/clientarea/config.php'; // database config file

$result=mysql_query("SELECT * from dnidesign_clients where username='".$_SESSION['account']."' and password='".$_SESSION['password']."'",$connection) or print mysql_error();
if(mysql_num_rows($result))
{
while($row=mysql_fetch_array($result))
{

/* Register Database results in the session */
$_SESSION["account"] = $row["account"];
$_SESSION["password"] = $row["password"];
$_SESSION["firstname"] = $row["firstname"];
$_SESSION["lastname"] = $row["lastname"];
$_SESSION["company"] = $row["company"];
$_SESSION["address1"] = $row["address1"];
$_SESSION["address2"] = $row["address2"];
$_SESSION["town"] = $row["town"];
$_SESSION["province"] = $row["province"];
$_SESSION["postalcode"] = $row["postalcode"];
$_SESSION["country"] = $row["country"];
$_SESSION["phone"] = $row["phone"];
$_SESSION["fax"] = $row["fax"];
$_SESSION["email"] = $row["email"];
$_SESSION["website"] = $row["website"];
$_SESSION["paid"] = $row["paid"];
$_SESSION["balance"] = $row["balance"];

}
} else {
print "No results returned.<br/>\n";
}
?>

but I'm not sure if you use those variables later on or not. You could continue using your code, which I've placed below, formatted for readability & added a few comments ;)


//Data File
//© 2004 DNI Web Design
//http://www.dniwebdesign.ca.tt

<?php
session_start(); // start the session
include 'home/sites/site58/users/dnidesign/web/clientarea/config.php'; // database config file

$result=mysql_query("SELECT * from dnidesign_clients where username='".$_SESSION['account']."' and password='".$_SESSION['password']."'",$connection) or print mysql_error();
if(mysql_num_rows($result))
{
while($row=mysql_fetch_array($result))
{

/* Setting values returned from the database */
$account = $row["account"];
$password = $row["password"];
$firstname = $row["firstname"];
$lastname = $row["lastname"];
$company = $row["company"];
$address1 = $row["address1"];
$address2 = $row["address2"];
$town = $row["town"];
$province = $row["province"];
$postalcode = $row["postalcode"];
$country = $row["country"];
$phone = $row["phone"];
$fax = $row["fax"];
$email = $row["email"];
$website = $row["website"];
$paid = $row["paid"];
$balance = $row["balance"];

/* Register session key with the value */
$_SESSION["account"] = $account;
$_SESSION["password"] = $password;
$_SESSION["firstname"] = $firstname;
$_SESSION["lastname"] = $lastname;
$_SESSION["company"] = $company;
$_SESSION["address1"] = $address1;
$_SESSION["address2"] = $address2;
$_SESSION["town"] = $town;
$_SESSION["province"] = $province;
$_SESSION["postalcode"] = $postalcode;
$_SESSION["country"] = $country;
$_SESSION["phone"] = $phone;
$_SESSION["fax"] = $fax;
$_SESSION["email"] = $email;
$_SESSION["website"] = $website;
$_SESSION["paid"] = $paid;
$_SESSION["balance"] = $balance;
}
}
?>


Anyway, I don't know if the https part is messing it up or not. You should validate your queries like you did with your authentication script. Try the same debugging techniques as well. print $_SESSION["whatever"] all over the place would be a great start ;).

ps, the frames shouldn't have any effect on it.

Okay I switched my code to the fast and organized one... of yours. The extra else statement you added in there is what it is going to "No results returned.".

not sure about your problem reallt, but i'd do this for the variable assignment:


foreach($row as $key=>$val) {
${$key} = $val;
$_SESSION[$key] = $val;
}


this should create the same variables, but with only 4 lines instead of about 30.

if(mysql_num_rows($result))

is wrong.

http://www.codingforums.com/showthread.php?s=&threadid=31301

I'm seriously doubting if you even read our posts (or mine anyway). If you don't understand our feedback, please ask us to clarify it, instead of just staring new threads about the same problems, with the same mistakes in and with code that obviously isn't set straight based on our previous feedback.

You are realy starting to annoy me (which doesn't happen easely) because you don't seem to do anything with the info your getting and i (and possibly others) will be ignoring you if you don't get up with things.


I also doubt if you realy need to store all these values in sessionvariables. If you just store a primary key in one sessionvariable, then you can select the data you need, using that PK in your WHERE-clause.

Hey raf,

If you look at this topics start date and your last post on the other thread there is a three hour difference. Give me a break if all I want to do is get my code owrking. The same code worked just fine in another script so I am getting really annoyed at this. Sorry if I am posting the same errors, yes I do read, but when they don't work it doesn't help.

Anyway, this is a help forum, not a "Hammer cause their stupid in PHP" forum.

Originally posted by ReadMe.txt


foreach($row as $key=>$val) {
${$key} = $val;
$_SESSION[$key] = $val;
}


this should create the same variables, but with only 4 lines instead of about 30. [/B]

How does this work. I understand for loops in Java but this PHP one looks way different. Also how does it know what value I'm storing. I've never seen these before.

It's not a for loop, it's foreach loop. The difference is that you get the key and value of an array's field as separate variables, and that foreach loops only iterate over arrays. If you think about Java, compare this to the way how you iterate over a collection with the help of an iterator.

But you don't the loop anyway, because you just merge the contents of the result row into the session. This should work as well:


$_SESSION = array_merge($_SESSION, $row);


Concerning your original questions: I think it is hard to answer them, because we don't know what is happening with your session. Let's look at your first post. You say that you took at the variable assignment from the loop, but that the $firstname and $lastname were still printed. But that's expected behaviour; unless you explicitly delete part of the content of the session, the content remains in the session.

At your second post, you report that "no results" were returned. But was the query ok, did you print it and did you make sure that $_SESSION['account'] actually contained something? Because if you just ran the code in a new page, the session is empty, and the query fails. That's what it makes it hard to answer: We don't know what's left in your session when you try out our suggestions.

So why could some session variables not have been set, as you said in the first post? Here comes raf's remark into the game: If you have accidentally two results in your SQL result set (maybe duplicate records in your db?), and the second row has not values set for each column, you erase them from the session. Checking against '== 1' makes sure that only the data from one, exactly one record is used. Selecting 2 records results in a failure, which is good. There shouldn't be 2 records in a set that's a result of authenticating against a db with username/password.

I would advice you employ these debugging techniques:

1. Add var_dump($_SESSION) right after session_start(), so you can see what's left in your session while testing the script.

2. Print out the SQL query. Check if it looks ok.

3. Run the query in phpMyAdmin. Check that only one or zero rows are returned. If no row is ever returned even for seemingly valid authentication data, check the content of your table.

Okay I just changed some things around. Instead of having it get the info from the data.php file there were sessions being registered in the checkuser.php file I had before, which had your foreach loop. It had 2 sessions, firstname and lastname, hence why they seemed to be working. I added the rest there and it seems to be working fine now. Thanks for all your help.

And some of you maybe get some patients.

Readme, good call. I've used that same snippet of code dozens of time! I dunno why I didn't just post that...good work.

glad we could help, dni.

raf, deep breaths, bro. I understand why you'd be upset. I was wondering why your msyql-check code wasn't posted here, but ya might want to try and be a little more tactful with your responses. (sorry if I sound mod-like....it's an old habit ;))


Dni, I think that's what raf was getting at. If someone gives ya some awesome code (like in the Authenticate code) to help troubleshoot problems, start using it all over the place! I know I will!

Yea. Old habits die hard... I am a Admin of two boards.... Thanks again, and if you want to help me again, check the MySQL board for a SQL Syntax error.