Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Regular Coder
    Join Date
    May 2008
    Posts
    135
    Thanks
    13
    Thanked 10 Times in 10 Posts

    problem with sessions

    hi there i have a problem with php sessions. I am coming from an asp background, and i was understanding that sessions worked the same.

    PHP Code:
    <?php
    if($_GET["action"] == "login"){

        if(
    $_POST["username"] == $username && $_POST["password"] == $password){
            
    $_SESSION["loggedin"] = 1;                                            
        }
        else {
            
    $_SESSION["formError"] = 1;
        }
        
        
    header("location: login.php");
    }

    ?>
    <form name="login" action="?action=login" method="post">
    <label for="username">Username:</label>
    <input type="text" name="username" id="username"/>
    <label for="password">Password:</label>
    <input type="password" name="password" id="password"/>
    <input type="submit" value="Login" id="submit" />
    </form>
    <?php 
    if($_SESSION["formError"]  == 1){ 
        echo 
    "<p id='login-error'>ERROR.</p>";
        unset(
    $_SESSION['formError']);
    }
     
    ?>
    so on the intial run of the page $_SESSION["formError"] is not set at all.

    when the user submits the login form, and the details are incorrect, $_SESSION["formError"] should be set to 1

    if $_SESSION["formError"] is set to 1 the error should show.

    if $_SESSION["formError"] is set to 1 then $_SESSION["formError"] is unset, so if the page is refreshed, $_SESSION["formError"] should not be set.

    but for some reason the session does not get set at all even if there is an error. is there a reason for this? this is how i would of done it in asp.
    Last edited by mike182uk; 02-27-2010 at 03:50 PM.

  • #2
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    Here is one version of using a session.

    PHP Code:
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'" or die(mysql_error());
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $myusername and $mypassword, table row must be 1 row

    if($count==1){
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    $user mysql_fetch_assoc($result);
     
    $_SESSION['user_id'] = $user['id'];
    header("location:admin.php");
    }
    else {
    echo 
    "Wrong Username or Password<br><br>Return to <a href=\"login.html\">login</a>";

    Rowsdower! has accused me of having mental problems, and the administrator allowed it. What a great forum huh?

  • #3
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Are you calling session_start()?

  • #4
    Regular Coder
    Join Date
    May 2008
    Posts
    135
    Thanks
    13
    Thanked 10 Times in 10 Posts
    hi there thanks for the quick reply.

    yes i am using session_start().

    i am posting to the same page to check login credentials. the user posts to login.php?action=login, if there is a problem they are redirected back to login.php where the session var should now be set and the error message should show. immediately after ,the session var should be cleared, so if the user refreshes the page they dont get the error again.

  • #5
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    You're setting error, and not formError.

    Code:
    $_SESSION["error"] = 1;
    should be:

    Code:
    $_SESSION["formError"] = 1;
    if I've understood you correctly?

  • #6
    Regular Coder
    Join Date
    May 2008
    Posts
    135
    Thanks
    13
    Thanked 10 Times in 10 Posts
    PHP Code:
    <?php 
    if($_SESSION["formError"]  == 1){ 
        echo 
    "<p id='login-error'>ERROR.</p>";
        unset(
    $_SESSION['formError']);
    }
     
    ?>
    it is formError i am trying to set and clear

    sorry it was a mistake in my original post, i have amended it now

  • #7
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    This version should check the username and password when submitted and redirect to the index page if successful, and if unsuccessful continue onto the form and display the error message.

    Code:
    <?php
    
    if ($_GET["action"] == "login")
    {
            if ((isset($_POST["username"]) && trim($_POST["username"]) == $username) && (isset($_POST["password"]) && trim($_POST["password"]) == $password))
            {
                    if (isset($_SESSION['formError']))
                    {
                            unset($_SESSION['formError']);
                    }
                    $_SESSION["loggedin"] = 1;
                    header("location: index.php");
                    exit(0);
            }
            else
            {
                    $_SESSION["formError"] = 1;
            }
    }
    
    ?>
    <form name="login" action="?action=login" method="post">
    <label for="username">Username:</label>
    <input type="text" name="username" id="username"/>
    <label for="password">Password:</label>
    <input type="password" name="password" id="password"/>
    <input type="submit" value="Login" id="submit" />
    </form>
    <?php
    
    if ($_SESSION["formError"] == 1)
    {
            echo "<p id='login-error'>ERROR.</p>";
            unset($_SESSION['formError']);
    }
    
    ?>

  • #8
    Regular Coder
    Join Date
    May 2008
    Posts
    135
    Thanks
    13
    Thanked 10 Times in 10 Posts
    i see what you have done there, but what i am trying to achieve is keeping the page url: login.php and not login.php?action=login.

    so on first run

    login.php

    user submits form

    login.php?action=login

    if users data is incorrect

    $_SESSION['formError'] = 1
    redirect back to login.php

    user redirected

    login.php
    because $_SESSION['formError'] == 1, show error
    unset($_SESSION['formError'])

    if user refreshes page now (login.php)

    because we unset($_SESSION['formError']) error should not show.



    the problem im getting is if i put the unset in, i never get the error to show (this is the part i dont get).

    if i take the unset out, once i get the error, if i refresh i still get the error (which is what i would expect as it is in the session).



    i no theres no point in me doing this or what not, i just want to understand why i cant do this. i thought scripts where read from top to bottom. in this case the show error comes before the clear error. so why is the error not showing at all?

  • #9
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Mind's running a bit slow today. Can't quite seem to grasp your method. When you're using the header to redirect in your original incarnation, the script continues to execute even though the user has been redirected. Add an exit() call after the header() and see if that sorts it.

  • Users who have thanked MattF for this post:

    mike182uk (02-27-2010)

  • #10
    Regular Coder
    Join Date
    May 2008
    Posts
    135
    Thanks
    13
    Thanked 10 Times in 10 Posts
    thats the kiddy right there.

    i didnt realise even though i had said redirect the page that it still executed the rest of the page. in asp, when you do a redirect, it stops execution of the rest of the page. I was under the impression php did the same.

    so yeh exit(0); worked a treat!

    thanks for your help

  • #11
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by mike182uk View Post
    thats the kiddy right there.

    i didnt realise even though i had said redirect the page that it still executed the rest of the page. in asp, when you do a redirect, it stops execution of the rest of the page. I was under the impression php did the same.

    so yeh exit(0); worked a treat!

    thanks for your help
    You're welcome. You're not the first to get caught out by the fact that a header redirect doesn't kill further script processing.

    It's worthwhile just making a little redirect function which incorporates header and exit and then call that to redirect instead of a bare header call. It'll save you grief from forgetting to include an exit call at some point in the future. Something like the following is all that's needed:

    Code:
    function redirect($uri)
    {
        header('Location: '.$uri);
        exit(0);
    }


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •