Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Jul 2008
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    PHP Session Help, Please

    Hello. I'm having some major trouble with a login script that I've written. It's not registering the sessions or something, because when I go to the index page; (after I've logged in); it doesn't display the content that it should when somebody is logged in. May somebody please tell me why it isn't working? Please and Thank You in advance. Below I've included both the Login code, and the index code.

    login.php:

    Code:
    <?php
    session_start();
    
    include("config.php");
    if($_SESSION['username'] != "") {
    echo "<div id=\"b\">$b</div><div id=\"n\">$nav</div><div id=\"c\"><img src=images/layout/login.jpg><br><br>Error! You are already Logged In.</div><div id=\"i\">$info</div>";
    }
    
    if($_SESSION['username'] == "") {
    $submit = $_POST['submit'];
    $lusername = $_POST['username'];
    $lpassword = $_POST['password'];
    
    echo "<div id=\"b\">$b</div><div id=\"n\">$nav1</div></div><div id=\"i\">$info</div><div id=\"c\"><img src=images/layout/login.jpg><br><br>";
    if(!isset($submit)) { ?><html><form action="<?php echo "$PHP_SELF" ?>" method="POST">Username: <input type="text" name="username" maxlength="16"><br><br>Password: <input type="password" name="password" maxlength="16"><br><br><br><input type="submit" name="submit" value="Login"></form></html><?php
    }
    if(isset($submit)) {
    $cq = mysql_query("SELECT * username FROM users WHERE username='$lusername' AND password='$lpassword'");
    $c = @mysql_num_rows($cq);
    if($c == "0") { ?>
    <html><font color=red>Error! Invalid Username/Password Combination.</font><br><br><form action="<?php echo "$PHP_SELF" ?>" method="POST">Username: <input type="text" name="username" maxlength="16"><br><br>Password: <input type="password" name="password" maxlength="16"><br><br><br><input type="submit" name="submit" value="Login"></form></html><?php
    }
    if($c == "1") {
    session_register("username");
    session_register("password");
    echo "You are now Logged in.<br><br>Click <a href=index.php>Here</a> to Continue.";
    }
    }
    }
    
    ?>



    index.php:

    Code:
    <?php
    session_start();
    
    include("config.php");
    if($_SESSION['username'] != "") {
    echo "<div id=\"b\">$b</div><div id=\"n\">$nav1</div><div id=\"c\">Welcome to Rock Land.</div><div id=\"i\"></div>";
    }
    
    if($_SESSION['username'] == "") {
    echo "<div id=\"b\">$b</div><div id=\"n\">$nav</div><div id=\"c\">Welcome to Rock Land.</div><div id=\"i\">$info</div>";
    }
    
    ?>


    Thanks again! =]

  • #2
    Senior Coder djm0219's Avatar
    Join Date
    Aug 2003
    Location
    Wake Forest, North Carolina
    Posts
    1,301
    Thanks
    4
    Thanked 204 Times in 201 Posts
    You're retrieving the form data using the variable names $lusername and $lpassword but using username and password in session_register. Try changing:

    Code:
    session_register("username");
    session_register("password");
    to:

    Code:
    session_register("lusername");
    session_register("lpassword");
    in login.php. I'd also suggest NOT storing the password in the session especially unencrypted.
    Dave .... HostMonster for all of your hosting needs

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    session_register is deprecated and relies on the existence of register_globals directive to work properly. They are not compatible with $_SESSION superglobals.
    Replace:
    PHP Code:
    session_register("username");
    session_register("password"); 
    with
    PHP Code:
    $_SESSION['username'] = $lusername;
    $_SESSION['password'] = $lpassword
    Since the result set is not actually fetched from the query, you're stuck with using the $lusername and $lpassword variables. I'd recommend sanitizing the query where it uses the $lusername and $lpassword with mysql_real_escape_string first to help protect you're query from an SQL injection.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    infinivert (07-29-2008)

  • #4
    New Coder
    Join Date
    Apr 2006
    Posts
    20
    Thanks
    2
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Fou-Lu View Post
    session_register is deprecated and relies on the existence of register_globals directive to work properly. They are not compatible with $_SESSION superglobals.
    Oh wow... Hadn't caught that yet. I guess I have some updating to do tomorrow.

    Thanks!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •