Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 3 123 LastLast
Results 1 to 15 of 33
  1. #1
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts

    PHP login / SESSIONS

    I have recently followed a tutorial for a login system but it seems to me that it's not working. I don't think it is storing the session. The codes from the tutorial are below.

    Include
    PHP Code:
    <?php

    session_start
    ();


    $host "localhost";

    $username "USERNAME";

    $password "PASSWORD";

    $db "test";

    @
    mysql_connect($host,$username,$password) or die ("error");

    @
    mysql_select_db($db) or die("error");

    ?>
    Login
    PHP Code:
    <?php

    require_once('include.php');

    $error '';

    $form $_POST['submit'];

    $username $_POST['username'];

    $password $_POST['password'];

    if( isset(
    $form) ) {

    if( isset(
    $username) && isset($password) && $username !== '' && $password !== '' ) {


    $sql mysql_query("SELECT * FROM `users` WHERE username='$username' and
    password='$password';"
    );

    if( 
    mysql_num_rows($sql) != ) { //success

    $_SESSION['logged-in'] = true;

    header('Location: members.php');

    exit;

    } else { 
    $error "Incorrect login info"; }

    } else { 
    $error 'All information is not filled out correctly';}

    }

    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml">

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

    <title>Login</title>

    </head>

    <body>

    <form action="<?php $PHP_SELF?>" method="post" >

    Username<br />

    <input name="username" type="text" value="<?php echo "$username";?>" /><br /><br />

    Password<br />

    <input name="password" type="password" /><br />

    <input name="submit" type="submit" value="Log In" />

    </form>

    <?php

    echo "<br /><span style=\"color:red\">$error</span>";

    ?>

    </body>

    </html>
    Member area
    PHP Code:
    <?php

    require_once('include.php');

    // is the one accessing this page logged in or not?

    if ( !isset($_SESSION['logged-in']) || $_SESSION['logged-in'] !== true) {

    // not logged in, move to login page

    header('Location: login.php');

    exit;

    }

    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml">

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

    <title>Freak's Blog</title>

    </head>

    <body>

    Sweet you logged in.

    <a href="logout.php">logout</a>

    </body>
    Thanks in advance for any help.

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,090
    Thanks
    51
    Thanked 506 Times in 493 Posts
    In *ANY* script that uses sessions, you MUST call session_start().

    The session_start() function does not JUST start a session, it also resumes (reopens) an existing saved session and then populates the global $_SESSION array with the values.

    In your member and login codes, you do not use session_start() and it needs to be there in order to reopen your session file.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #3
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    The session start is in the includes file. Does it also need to be in the files themselves?

  • #4
    Senior Coder
    Join Date
    Sep 2010
    Posts
    1,899
    Thanks
    15
    Thanked 226 Times in 226 Posts
    This will not fly, unless.
    PHP Code:
    <form action="<?php $PHP_SELF?>" method="post" >
    Unless $PHP_SELF is predefined. Otherwise use.
    PHP Code:
    <form action="<?php echo $SERVER['PHP_SELF']; ?>" method="post" >
    Welcome to http://www.myphotowizard.net

    where you can edit images, make a photo calendar, add text to images, and do much more.


    When you know what you're doing it's called Engineering, when you don't know, it's called Research and Development. And you can always charge more for Research and Development.

  • #5
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,090
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by Foster View Post
    The session start is in the includes file. Does it also need to be in the files themselves?
    Ignore my previous post. For some reason I had it in my head the first code you showed was something else - didn't realise it was the included file.

    What is happening when you try to login? - You say it doesn't seem to work but don't elaborate on whats happening.

    Also you're doing this in your code:
    PHP Code:

    $form 
    $_POST['submit'];

    if( isset(
    $form) ) 
    Which is pretty much the same as in my signature - that I tell people NOT TO USE!

    If you're testing your code using internet explorer, typing in your user / pass and hitting the enter button instead of clicking it with the mouse, that will be the root of your problem. IE does not send the value of the submit button and thus your php script won't execute the piece of code relying on it (which sets your sessions logged in value).
    Last edited by tangoforce; 10-02-2013 at 04:02 PM.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #6
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    I'm using firefox so that isn't the problem. When I click submit it simply refreshes the page, I assume it loads the members area and then redirects to the login page.

  • #7
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,090
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by Foster View Post
    I assume
    Thats the bug in your code right there

    Never assume. If you have an idea / theory about whats happening, find a way to test it.

    In your case, you need to var_dump($_SESSION); in your member page to see if there is anything saved in the session. Comment out your header and do the dump there.

    That will let you test to see whats in the session. If you're right, the session logged-in value will not be set and you'll have an empty array. If your assumption is wrong, it will be there and thats your assumption shot down.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #8
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    I have done as you said and this is the result.

    array(0) { }

  • #9
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,090
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Ok so in your login code, directly after this line:

    $_SESSION['logged-in'] = true;

    dump the session again please.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • #10
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Result is below.

    array(1) { ["logged-in"]=> bool(true) }

  • #11
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Gots cookies?
    Verify by changing this:
    PHP Code:
    header('Location: members.php'); 
    to
    PHP Code:
    if (!defined('SID'))
    {
        
    define('SID''');
    }
    header("Location: members.php?" SID); 
    See if that passes through. Trans_sid isn't enabled by default, and even with it I'm pretty sure that won't apply to headers.

    Edit:
    BTW, what you're looking for is a querystring on the url similar to PHPSESSID=123 where the 123 will be a 24 (or 32 mehbe?) hex character randomness. If you see that, cookies are not in use.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #12
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Only addition in the URL is a ? that wasn't there before.

  • #13
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Yep, which is fine since I added it in manually. There is no impact of the ? being in the url without (or even with if ignored) a querystring, so that's no loss. Although you can clean it up and assemble with the http_build_query, its up to you really. I would if I used php sessions (which I don't, but that means I have to do this all manually anyway :P), so that I don't enforce cookies on a machine. Secure domains would be a different story of course.

    Without seeing the ?PHPSESSID that indicates that you do indeed have cookies enabled and would appear to have them associated. The other possibility is that the session is not established (and you can still stuff data into $_SESSION as it would be created at runtime).

    In your include.php file, just above your session_start() (ensure its above), add:
    PHP Code:
    ini_set('display_errors'1);
    error_reporting(E_ALL); 
    And where you have the header('Location:') in both of the scripts, simply comment out the line using // and manually move to the members.php after.

    Do you see errors in login.php or members.php?
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #14
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Do I see errors?

    The first 2 are when the page is loaded. login.php and the same one on members.php
    Warning: session_start(): open(/var/php_sessions/sess_76c43c5a78ead5314f9ac68b32c559cd, O_RDWR) failed: No such file or directory (2) in /hermes/bosoraweb097/b1297/ipg.imperialarchivecom/include.php on line 6 Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /hermes/bosoraweb097/b1297/ipg.imperialarchivecom/include.php:6) in /hermes/bosoraweb097/b1297/ipg.imperialarchivecom/include.php on line 6 Notice: Undefined index: submit in /hermes/bosoraweb097/b1297/ipg.imperialarchivecom/login2.php on line 7 Notice: Undefined index: username in /hermes/bosoraweb097/b1297/ipg.imperialarchivecom/login2.php on line 9 Notice: Undefined index: password in /hermes/bosoraweb097/b1297/ipg.imperialarchivecom/login2.php on line 11
    Warning: Unknown: open(/var/php_sessions/sess_76c43c5a78ead5314f9ac68b32c559cd, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/php_sessions) in Unknown on line 0
    This one I get when I press submit on login.php
    Warning: session_start(): open(/var/php_sessions/sess_76c43c5a78ead5314f9ac68b32c559cd, O_RDWR) failed: No such file or directory (2) in /hermes/bosoraweb097/b1297/ipg.imperialarchivecom/include.php on line 6 Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /hermes/bosoraweb097/b1297/ipg.imperialarchivecom/include.php:6) in /hermes/bosoraweb097/b1297/ipg.imperialarchivecom/include.php on line 6 Warning: Unknown: open(/var/php_sessions/sess_76c43c5a78ead5314f9ac68b32c559cd, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/php_sessions) in Unknown on line 0

  • #15
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    There's your problem
    You don't have a valid or read/write directory available for sessions, so you cannot create the persistent files required.
    If your hosted, contact your host and give them the path /var/php_sessions is not valid, and ask them if they will enable it.
    Alternatively, if you have a fcgi build, you can create your own php.ini file and add to it:
    PHP Code:
    session.save_path='/path/to/a/local/directory/for/your/site' 
    To save them, or use .htaccess if you have that available:
    PHP Code:
    php_value session.save_path '/path/to/a/local/directory/for/your/site' 
    Or, save path is also configurable at runtime, so you'd want to make sure you only do this in a global file used everywhere to prevent extra typing:
    PHP Code:
    <?php
    session_save_path
    ('/path/to/files/'); // either absolute or relative will work
    session_start();
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 


  •  
    Page 1 of 3 123 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •