FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Session issue. Please Help.





fxuup
Alright well im fairly new with html, php and mysql. My issue is i have a login and it works fine i have two seperate pages members and header. So when a member logs in they get redirected to members section and thats the same for admin aswell. I have made sure the member cannot veiw the admins section. but not in my header i have Login/Register but i want it to disappear when a user logs in and to display Welcome, (than the username). But i have somthing going for it not but its not working. Its like the session is being found.

Heres the login page for the form action of login
Login.php (action)
Quote:
Code:
<?php
include_once 'Connect/db.php';
$table = "users";
 
$username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT * FROM $table WHERE username='$username' and password='$password' and level='student'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);

$admin = "SELECT * FROM $table WHERE username='$username' and password='$password' and level='teacher' and admin='1'";
$result2 = mysql_query($admin);
$count2 = mysql_num_rows($result2);

if($count==1) {

   SESSION_REGISTER("username");
   SESSION_REGISTER("password");
   SESSION_REGISTER("level");
   header("location:members.php");
   }
elseif($count2) {

   SESSION_REGISTER("username");
   SESSION_REGISTER("password");
   SESSION_REGISTER("level");
   SESSION_REGISTER("admin");
   header("location:admin.php");
   }


else
{
      echo "Username or Password dont match";
}

?>



header
Quote:
Code:
<?php
session_start();
?>

<table border="0" align="right">
<tr>
<td>
<? if(!session_is_registered("username")){
echo "<a href='http://projectinformation.comuf.com/login.html'>Login</a>/<a href='http://projectinformation.comuf.com/Register.html'>Register</a>";
}elseif($_session['username']){
echo "Welcome,". $_SESSION['username'];
}?>
</td>
</tr>
</table>

<script language="javascript">




if (document.images) {
rollon = new Image();
rollon.src = "http://projectinformation.comuf.com/MP/menuus2.GIF";




rolloff = new Image();
rolloff.src = "http://projectinformation.comuf.com/MP/menuus.GIF";




roll2on = new Image();
roll2on.src = "http://projectinformation.comuf.com/MP/menuwh2.GIF";




roll2off = new Image();
roll2off.src = "http://projectinformation.comuf.com/MP/menuwh.GIF";
}




function imgOn(imgName) {




if (document.images) {
document[imgName].src = eval(imgName + "on.src");
}
}








function imgOff(imgName) {
if (document.images) {
document[imgName].src = eval(imgName + "off.src");
}
}




</script>
</head>




<div align="center">
<img src="http://projectinformation.comuf.com/projectinformation.GIF">
</div>
<hr width="100% size="3" noshade/>

<table border="1" align="center" bordercolor="#000000" cellpadding="2" cellspacing="2" width="5%" height="5">
<tr>
<td><a href="http://projectinformation.comuf.com/ushistory/ushistory.html" onMouseOver="imgOn('roll')" onMouseOut="imgOff('roll')"><img src="http://projectinformation.comuf.com/MP/menuus2.GIF" border="0" name="roll"></a><br></td>
<td><a href="World History/world history.html" onMouseover="imgOn('roll2')" onmouseOut="imgOff('roll2')"><img src="http://projectinformation.comuf.com/MP/menuwh.GIF" border="0" name="roll2"></a></td>
</tr>
</table>
<hr width="100% size="3" noshade/>



Members Page
Quote:
Code:
<?php
session_start();
$_SESSION['username'];
if(!session_is_registered(username)){
header("location:login.html");
}
include_once'Connect/db.php';


?>

<html>
<head>
<title>Project Information - Login</title>

</head>

<body bgcolor="808080">

<?php
$a = file_get_contents("http://projectinformation.comuf.com/include/header.php");
echo ($a);
?>


<table border="1" align="center" cellspacing="2" cellpadding="2">
<tr>
<td>Welcome to Project Information,  <a href="logout.php"> Logout</a> </td>
</tr>


<table border="0" align="center">
<?php
$b = file_get_contents("http://projectinformation.comuf.com/include/copy.php");
echo ($b);
?>
</table>

</body>
</html>
jmraker
1. For logins it's usually important to sanitize the input going into the sql statements to stop any SQL injection attacks.

Code:
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);


2. You don't have ($count2 == 1) You might want to do either ($count2 > 0) or add a "LIMIT 1" to the queries in case they accidently have a duplicate record.
Code:
if($count==1) {
...
}
elseif($count2) {
...
}


3. After a header('Location: ...'); the program might as well exit there because the browser will not show or use the page. I usually do a session_write_close() before a location change.
Code:
session_write_close();
header('Location: ...');
exit();


4. You might want to avoid the session_register and session_is_registered because they are depreciated because it's much safer to use $_SESSION['admin']=true, and then if(isset($_SESSION['user'])){}. I don't think you should be storing the password in the session. The session is a temporary text file that any program can read. If the machine is hacked everything in the session could be taken.
sonam
I am not going deeply in your code but I see one wrong detail. You are using one function what is deprecated.

SESSION_REGISTER("username");

You can read on php.u net

Quote:
This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.


and

Quote:
If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.


If you are find this script somewhere on Internet then is better to try find something more recent.

Sonam
fxuup
Thanks for explaining my errors guys Smile. But other than that can anyone give me an example on how sessions really worked correctly. Im having a confusion. Id really apperciate the time.
Fire Boar
It's quite straightforward really. Simply call session_start() in your PHP script. After that, the $_SESSION array becomes a persistent variable in which you can store session data. That's all there is to it really, but for more information, see session_start() on php.net.
sonam
Yeah, when you are calling session_start(); you are activate sessions and from this point they are work like all other arrays or variables. The best of session is simple use for transfer data from one page to another without $_GET or $_POST. Actually I always have one custom.php where in first line I call session start and some other important things and include this on the top of each page. In that case I don't need to think is it session started or not.

Sonam
Related topics
simple php problem, please help...
A good website idea.........Please help PPL
Please help Me
phpBB2 ERROR PLEASE HELP
Please help. I have a problem with installing FreeBSD
problems with my comp....something strange, please help me
please help me, i don't know anything here...
Please help me!!!! HTML/Flash help needed!
Problem with MySQL Server Please Help!!
Please Help me to configure Outlook Through Proxy
mysql base error please help
please help quick
please help i just need people to visit a page
Help! This small script has logical problems. Please help
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.