Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Nov 2006
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts

    session troubles

    Hello

    I am making a small site for a project which requires me to allow users to login. I have made a very basic site which seems to work absolutely fine. I am just having a small problem with my $_SESSION variables.

    my login script checks the username, then checks the md5() of the password, and if everything checks out then the user is logged in and the following script is executed...


    Code:
    if (trim($currentLineArray[1]) == trim(md5($password))){
    	session_start();
    	$valid = 1;
    	$_SESSION['username'] = $username;
    }

    I was under the impression that $_SESSION variables were kind of global, and so if I were to reference this $_SESSION['username'] variable anywhere else it would have the $username value assigned to it, including on any other page.

    For example this code is in a page called login.php. But when ever i try to echo the value of $_SESSION['username'] anywhere else on the same page, or on any other page where the session has been started, I just get a blank page until i delete the reference to the session variable Can anyone help me out?

    the sites index page can be found at http://www.aatwo.com/programming/php/rsscw/index.php

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,801
    Thanks
    160
    Thanked 2,216 Times in 2,203 Posts
    Blog Entries
    1
    Have you included session_start(); in all of your required pages as the first line?
    if (trim($currentLineArray[1]) == trim(md5($password))){
    Why do you trim the md5() result?
    And to compare two strings, you have to use strcmp() instead of ==
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    New Coder
    Join Date
    Nov 2006
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ok I have converted to string compare.

    Basically here is the chunk of code I am dealing with. This script is executed when the user clicks the logon button after entering their details.

    Code:
    $userfile = fopen("userFile.txt","r");
    rewind($userfile);
    $username = $_POST['username'];
    $password = $_POST['password'];
    $valid = 0;
    while (!feof($userfile)) {
    	$currentLine = fgets($userfile);
    	$currentLineArray = explode(',', $currentLine);
    	if ($currentLineArray[0] == $username){
    		// User exists so check the password
    		if (strcmp($currentLineArray[1],md5($password)) == 0){
    			$valid = 1;
    			$_SESSION['username'] = $username;
    			$echo "$_SESSION['username']";
    		}
    		break;
    	}
    }
    Basically it takes the post data from the form on the previous page, compares the entered usernames and passwords with all of those stored in my flatfile, and then sets $valid to 1 and $_SESSION['username'] to the value of $username if matches were found.

    notice the following line...

    Code:
    $echo "$_SESSION['username']";
    The web page fails to load until I remove this echo statement and I have no idea why since I am assigning a value to this session variable in the line above it. WHyyyyyyy ? ?


    EDIT: and yes I do have the session_start() function at the begining of the document (and all of my other pages as well) in the following format...

    Code:
    <?php
    	require_once('functions.php');
    	session_start();
    ?>
    <html>
    <head>
    ...
    ...
    ...

  • #4
    Regular Coder
    Join Date
    Mar 2007
    Location
    Quebec
    Posts
    261
    Thanks
    6
    Thanked 7 Times in 7 Posts
    you've set echo as a variable
    PHP Code:
    $echo "$_SESSION['username']"
    should be
    PHP Code:
    echo $_SESSION['username']; 
    Also I don't recommend storing user-information in a flat-file. It's publicly viewable so anyone can check the MD5's and usernames and attempt to crack the accounts.

  • #5
    New Coder
    Join Date
    Nov 2006
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Wow that totally worked. Thanks a lot! But I was under the impression that echo required the quotations.

    Also it is for a project and one of the specifications is to have everything stored in flat files. If the choice were mine I would definitely use a different method

  • #6
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    2,960
    Thanks
    2
    Thanked 304 Times in 296 Posts
    The syntax of a php array variable containing braces [] and quotes '' inside of a double-quoted string is a syntax error. Checking your web server log for errors and/or turning on full php error reporting would have exposed the problem.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #7
    Regular Coder
    Join Date
    Mar 2005
    Location
    D0u$h!t3 k4?
    Posts
    512
    Thanks
    2
    Thanked 5 Times in 5 Posts
    Some quote mark quirks:
    PHP Code:
    $hello 'Hello World!';
    echo 
    '$hello'//output: $hello
    echo "$hello"//output: Hello World!
    $hello = array('Hello''World!');
    echo 
    '$hello[0]'//output: $hello[0]
    echo "$hello[0]"//output: $hello[0]
    echo "{$hello[0]}"//output: Hello 
    PHP Code:
    $hello file_get_contents('hello.txt'); echo $hello
    hello


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •