9 Replies - 999 Views - Last Post: 08 March 2012 - 01:19 PM Rate Topic: -----

#1 hathead1990  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 25-November 11

Need help declaring sessions! :(

Posted 07 March 2012 - 04:49 PM

Hi all I am trying to create a login script which uses sessions so that I may block access to pages unless the user is logged in. My code all works however when I try stopping access to other pages even if the user is logged in it still thinks there not! Maybe I haven't declared the sessions right etc Code below. Thanks in advance




<? session_start();
?>

<?php
ob_start();
$host="localhost";
$username="root";
$password="";
$db_name="members";
$tbl_name="login";

// Connect to server and select database db config.
require_once 'include/db_config.php';

// Username and Password are sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql num rows is counting table row
$count=mysql_num_rows($result);

// If result matched myusername and mypassword table row must be 1 row
if($count==1){
	
// Register myusername and mypassword and redirect to home.php
session_start(); 
  session_register('username'); 

header("location:home.php"); // Redirects to home.php once logged in 
}
else {
echo "Wrong Username or Password &nbsp"; // If Username or Password wrong prompt user

echo "<a href='index.php'>Click here to try again</a>";
}
ob_end_flush();
?>




I need something like this on the page I want to protect. Obviously this wont work if I haven't set my sessions correctly.


if (SESSION = ['myusername'])
{
//then your page that you want only users to see
}
{
//You are not logged in click here etc
}



Attached File(s)



Is This A Good Question/Topic? 0
  • +

Replies To: Need help declaring sessions! :(

#2 RudiVisser  Icon User is offline

  • .. does not guess solutions
  • member icon

Reputation: 1003
  • View blog
  • Posts: 3,562
  • Joined: 05-June 09

Re: Need help declaring sessions! :(

Posted 07 March 2012 - 04:53 PM

session_register is deprecated, don't use it.

if (SESSION = ['myusername'])

Does this actually look like valid PHP code? When have you ever seen something like this?

I refer you to the PHP Basics and Sessions Basics manuals.
Was This Post Helpful? 0
  • +
  • -

#3 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2984
  • Posts: 10,319
  • Joined: 08-August 08

Re: Need help declaring sessions! :(

Posted 07 March 2012 - 05:13 PM

What Rudi said, plus:

Don't use short tags, they're not worth the trouble. They may work on your development server but be turned off on the production server.

You are absolutely BEGGING to be hacked. Learn to use prepared statements.
Was This Post Helpful? 0
  • +
  • -

#4 hathead1990  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 25-November 11

Re: Need help declaring sessions! :(

Posted 08 March 2012 - 12:21 AM

Im not worried about security at the moment I will implement this later! And as for the username part. That was just an example as to what I need.
Was This Post Helpful? 0
  • +
  • -

#5 E_Geek  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 45
  • View blog
  • Posts: 236
  • Joined: 20-February 11

Re: Need help declaring sessions! :(

Posted 08 March 2012 - 03:18 AM

Maybe you should read this and this, they should be helpful :)
Was This Post Helpful? 0
  • +
  • -

#6 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6063
  • View blog
  • Posts: 23,515
  • Joined: 23-August 08

Re: Need help declaring sessions! :(

Posted 08 March 2012 - 03:49 AM

Betting this is the result of yet another shitty PHP tutorial. Code looks very familiar.
Was This Post Helpful? 0
  • +
  • -

#7 Slice  Icon User is offline

  • sudo pacman -S moneyz


Reputation: 244
  • View blog
  • Posts: 715
  • Joined: 24-November 08

Re: Need help declaring sessions! :(

Posted 08 March 2012 - 05:40 AM

You don't need to re-declare session_start() on line 29.


As Rudi said, it should be if($_SESSION['myusername']) , which is best if your working with a boolean value, setting it to either true or false. If you are storing their username in it, then use if(isset($_SESSION['myusername'])).

Your example is not the best way to approach it in my opinion. I believe it is better to set a session variable as bool $_SESSION['loggedin'] = true; then use:

if(!$_SESSION['loggedin']){
   header("location: login.php");
   exit();
}

/* rest of the page for users only here */



If you put this at the top of the page, you don't need to remember to close your parenthesis at the end of every page where you only want a logged in user.

This post has been edited by Slice: 08 March 2012 - 05:41 AM

Was This Post Helpful? 0
  • +
  • -

#8 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2984
  • Posts: 10,319
  • Joined: 08-August 08

Re: Need help declaring sessions! :(

Posted 08 March 2012 - 08:51 AM

View Posthathead1990, on 08 March 2012 - 03:21 AM, said:

Im not worried about security at the moment I will implement this later!

Famous last words. Here's hoping you don't have any sensitive information on your site.

Why do I think you don't have a backup? :whistling:
Was This Post Helpful? 1
  • +
  • -

#9 hathead1990  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 25-November 11

Re: Need help declaring sessions! :(

Posted 08 March 2012 - 12:30 PM

I tried the above but still had problems.I have simplified my code and now have the following. However now when I click login from the form the page stays blank on the check login page. Any suggestions? :helpsmilie:

<?php
session_start();

$username=$_POST['username'];
$password=$_POST['password'];

include('include/db_config.php');
$sql='SELECT * FROM login';
$result=mysql_query($sql);

while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
	if($user==$row['username']&&$pass==$row['password'])
	
		{
			$_SESSION['username']=$row['id'];
			header ('Location: home.php');
		}
}





?>

Was This Post Helpful? 0
  • +
  • -

#10 hathead1990  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 27
  • Joined: 25-November 11

Re: Need help declaring sessions! :(

Posted 08 March 2012 - 01:19 PM

THANK YOU GUYS for all your help managed to get it all working thank god..........
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1