9 Replies - 515 Views - Last Post: 24 November 2011 - 09:10 AM Rate Topic: -----

#1 Jezzabeanz  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 35
  • Joined: 19-September 11

Session not starting

Posted 24 November 2011 - 07:02 AM

Hi,

I'm not too sure if I need to come back and look at this with fresh eyes or not. However, I cannot see why the session is refusing to start.

Structure:
Login -> authenticate.php -> if details are correct, set session and redirect to index.php

<?php 

$username = $_POST['email'];
$password = $_POST['pword'];

$result = mysql_query("SELECT Email, Password FROM employee") or die (mysql_error());

	while($record = mysql_fetch_array($result)){
		$DBusername = $record['Email'];
		$DBpassword = $record['Password'];
		
		if(($username == $DBusername)&&($password == $DBpassword)){
			$FieldMatch = true;
			$_SESSION['email'] = $DBusername;
			break;
		}
		else{
			$FieldMatch = false;
		}
	}
	
	if($FieldMatch == true){
		echo('Login Success!');
		session_start();
		$_SESSION['Active'] = true;
		header("Location: index.php");
		
	}else{
		echo('Login failure! <br /> Incorrect username/password');
		header("location: login.php");

	}

?>


Is This A Good Question/Topic? 0
  • +

Replies To: Session not starting

#2 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3100
  • View blog
  • Posts: 10,889
  • Joined: 08-August 08

Re: Session not starting

Posted 24 November 2011 - 07:24 AM

You're setting $_SESSION['email'] before you call session_start().
Was This Post Helpful? 2
  • +
  • -

#3 Jezzabeanz  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 35
  • Joined: 19-September 11

Re: Session not starting

Posted 24 November 2011 - 07:37 AM

Hi,

Thank you for your reply.

I've rearranged my code to start the session first before I declare its variables. The problem still isn't fixed.

In retrospect maybe it's the method I'm using:

What I'm trying to do is just have a different greeting depending on whether the user is logged in. Obviously so that a status box in the top right can either say "Login" or "Welcome, [User]." "Logout".

<div class="greeting">
			<?php if(isset($_SESSION['Active'])){
				echo("Welcome");
			}else{
				echo("Session is not set");
			} ?>
		</div>



I haven't implemented the desired messages but I just tried with some basic echo statements.

This code is within the file "header.php"

<?php include('header.php'); ?>




I am currently still getting the statement "Session is not set".
Was This Post Helpful? 0
  • +
  • -

#4 RyanRobinson  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 39
  • View blog
  • Posts: 227
  • Joined: 31-March 10

Re: Session not starting

Posted 24 November 2011 - 07:47 AM

You also need to use the session_start() function in the header.php file for it to check if it's set.
Was This Post Helpful? 2
  • +
  • -

#5 Jezzabeanz  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 35
  • Joined: 19-September 11

Re: Session not starting

Posted 24 November 2011 - 08:11 AM

Can I have an example?

If I'm including the session_start() function within the header which is included on every page. It fires up an undeclared variable (removed with the '@' of course). I'm confused at how you would implement it?
Was This Post Helpful? 0
  • +
  • -

#6 Jezzabeanz  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 35
  • Joined: 19-September 11

Re: Session not starting

Posted 24 November 2011 - 08:26 AM

I have even taken the header.php file out of the equation in case it was a problem with the sending of data to an include or whatever.

On the index.php:

<h1><?php if(isset($_SESSION['Active'])){echo("Sesh is active"); }else{ echo("Sesh isn't active"); } ?></h1>



Still no session_start().
Was This Post Helpful? 0
  • +
  • -

#7 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3100
  • View blog
  • Posts: 10,889
  • Joined: 08-August 08

Re: Session not starting

Posted 24 November 2011 - 08:51 AM

index.php should start like this:
<?php
session_start();


Does it?
Was This Post Helpful? 1
  • +
  • -

#8 RyanRobinson  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 39
  • View blog
  • Posts: 227
  • Joined: 31-March 10

Re: Session not starting

Posted 24 November 2011 - 08:53 AM

You use session_start() when you want to set a session variable.

In your case:

If login info matches:

session_start();
$_SESSION['Active'] = '1';



Then, if you want to check that session exists to allow a user access to a page. Do this:

session_start();
if(!isset($_SESSION['Active']))
{
 redirect to login page
}


This post has been edited by RyanRobinson: 24 November 2011 - 09:09 AM

Was This Post Helpful? 1
  • +
  • -

#9 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3730
  • View blog
  • Posts: 6,017
  • Joined: 08-June 10

Re: Session not starting

Posted 24 November 2011 - 08:56 AM

Hey.

There are two things you must do to use session variables in your code:

  • Call the session_start() function before you attempt to use the $_SESSION array.

  • Make sure the call to session_start() is made before ANY output. Any echo calls, text, HTML, or even a single white-space before the <?php block the call is made from within will cause it to fail.

Given that, the session variables should be available. Of course, if you attempt to use an unset session variable, you will get an "Undefined index" warning.

This is assuming the PHP configuration is set up correctly. To verify this, just put this in a page and execute it repeatedly. If it counts up, the session is working.
<?php
session_start();
if (!isset($_SESSION['count']))
    $_SESSION['count'] = 1;
else
    $_SESSION['count'] += 1;

echo $_SESSION['count'];
?>




About the code in your first post, there are three things that I would point out.

First, you are using echo in your code before both the session_start and the header function. This, like I mentioned above, will not work. You must call all functions that manipulate the headers of the response (session_start, header, and setcookie, among others) before ANYTHING is added to the body of the response.

Second, you are retrieving all the data from your database, just to check to see if one row exists. You could (and should) be using the SQL query itself to do this. Pretty much all relational databases have a COUNT() function, which coupled with the WHERE clause can be used to count rows that match certain conditions.

Like:
<?php
// Check if the email and password were actually sent
// before you try to use them.
if (isset($_POST["email"], $_POST["pword"]))
{
    // Make them safe to put into a SQL query
    $email = mysql_real_escape_string($_POST["email"]);
    $pword = mysql_real_escape_string($_POST["pword"]);
    
    // Create a query that counts the number of employees
    // that use that email and password.
    $sql = "SELECT COUNT(*) FROM employee
            WHERE Email = ? AND Password = ?";
            
    // Add the email and password into the query.
    $sql = sprintf($sql, $email, $pword);
    
    // Execute the query and check the returned count value
    // to see if any rows matched.
    $result = mysql_query($sql) or die(mysql_error());
    $row = mysql_fetch_row($result);
    
    if ($row[0] == 1)
    {
        // Login success!
        session_start();
        $_SESSION["Active"] = true;
        $_SESSION["email"] = $email;
        header("Location: index.php");
    }
    else
    {
        // Login failure.
        header("Location: login.php");
    }
}
?>


Note that I don't echo anything. It's pointless, seeing as you are immediately redirecting the client away from the page.

And third, you seem to be storing the passwords in plain-text format in your database. This is generally not a good idea. As a simple security measure, you should Hash the passwords, to protect them both from potential attackers as well as from the database admins themselves. (Not even you should be able to read your user's passwords!)
Was This Post Helpful? 2
  • +
  • -

#10 Jezzabeanz  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 35
  • Joined: 19-September 11

Re: Session not starting

Posted 24 November 2011 - 09:10 AM

Hi,

Thank you for all of your replies. My login system is now working and I've +repped all of you.
I feel a bit idiotic, I've just found my past work and understand the session_start() function. Thanks for all of your time.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1