Russia Posted March 15, 2011 Share Posted March 15, 2011 Im trying to make sessions work with my script, its finding the user/pass in the database and redirects me to the homepage after but the parts that are supposed to show when the session is set are not showing. My code: <?php // Login Logic $username = ""; $err = ""; $err_style = ""; $err_style2= ""; //Checks if there is a login cookie if(isset($_SESSION['username'])) { //if there is, it logs you in and directes you to the members page $_SESSION['username'] = $username; $_SESSION['password'] = $password; //$username = $_COOKIE['user_id']; //$pass = $_COOKIE['pass_id']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());$quer++; while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: index.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // SANITISE $username = sanitize($_POST['username']); $pass = sanitize($_POST['password']); $red = sanitize($_POST['red']); // makes sure they filled it in if(!$_POST['username']) { $err = 'You did not fill in a required section'; $err_style = "style='border: 1px solid #CC0000'"; $show_login = 1; } if(!$_POST['password']) { $err = 'You did not fill in a required section'; $err_style2 = "style='border: 1px solid #CC0000'"; $show_login = 1; } // checks it against the database if (!$err) { $check = mysql_query("SELECT * FROM users WHERE username = '".$username."'")or die(mysql_error());$quer++; //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { $err = 'User not found - please try again!'; $err_style = "style='border: 1px solid #CC0000'"; $show_login = 1; } while($info = mysql_fetch_array( $check )) { $info['password'] = stripslashes($info['password']); $pass = $pass; //gives error if the password is wrong if ($pass != $info['password']) { $err = 'Incorrect password, please try again.'; $err_style2= "style='border: 1px solid #B02B2C;'"; $show_login = 1; } else { session_start(); $_SESSION['username'] = $username; $_SESSION['password'] = $password; // if login is ok then we add a cookie //$hour = time() + 3600; //setcookie("user_id", $username, $hour); //setcookie("pass_id", $pass, $hour); //then redirect them to the members area if (!$red) { header("Location: index.php"); } else { header("Location: $red.php"); } exit; } } } } ?> And: <?php session_start(); //checks cookies to make sure they are logged in if(isset($_SESSION['username'])) { $_SESSION['username'] = $username; $_SESSION['password'] = $password; //$username = $_COOKIE['user_id']; //$pass = $_COOKIE['pass_id']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); $quer++; while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login.php"); } //otherwise they are shown the admin area else { // Update some info session_start(); $_SESSION['username'] = $username; $_SESSION['password'] = $password; //setcookie ("user_id", $_COOKIE['user_id'], time() + 3600 ); //setcookie ("pass_id", $_COOKIE['pass_id'], time() + 3600 ); // Get some basic user details, so we can use these later! $uname = $info['username']; $uID = $info['user_id']; $email = $info['email']; $loggedin = 1; $admin_user = $info['admin']; } } } ?> Quote Link to comment Share on other sites More sharing options...
JohnOP Posted March 15, 2011 Share Posted March 15, 2011 lol Quote Link to comment Share on other sites More sharing options...
Russia Posted March 15, 2011 Author Share Posted March 15, 2011 Whats the lol for? Quote Link to comment Share on other sites More sharing options...
Russia Posted March 15, 2011 Author Share Posted March 15, 2011 Okay, I think changed a few things on the first file but it still doesnt work. <?php // Login Logic //$username = ""; //$err = ""; //$err_style = ""; //$err_style2= ""; session_start(); //Checks if there is a login cookie if(isset($_SESSION['username'])) { //if there is, it logs you in and directes you to the members page $_POST['username'] = $_SESSION['username']; $_POST['password'] = $_SESSION['password']; $_SESSION['username'] = $username; $_SESSION['password'] = $password; //$username = $_COOKIE['user_id']; //$pass = $_COOKIE['pass_id']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());$quer++; while($info = mysql_fetch_array( $check )) { if ($password != $info['password']) { } else { header("Location: index.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // SANITISE $username = sanitize($_POST['username']); $password = sanitize($_POST['password']); $red = sanitize($_POST['red']); // makes sure they filled it in if(!$_POST['username']) { $err = 'You did not fill in a required section'; $err_style = "style='border: 1px solid #CC0000'"; $show_login = 1; } if(!$_POST['password']) { $err = 'You did not fill in a required section'; $err_style2 = "style='border: 1px solid #CC0000'"; $show_login = 1; } // checks it against the database if (!$err) { $check = mysql_query("SELECT * FROM users WHERE username = '".$username."'")or die(mysql_error());$quer++; //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { $err = 'User not found - please try again!'; $err_style = "style='border: 1px solid #CC0000'"; $show_login = 1; } while($info = mysql_fetch_array( $check )) { $info['password'] = stripslashes($info['password']); $password = $password; //gives error if the password is wrong if ($password != $info['password']) { $err = 'Incorrect password, please try again.'; $err_style2= "style='border: 1px solid #B02B2C;'"; $show_login = 1; } else { session_start(); $_POST['username'] = $_SESSION['username']; $_POST['password'] = $_SESSION['password']; $_SESSION['username'] = $username; $_SESSION['password'] = $password; // if login is ok then we add a cookie //$hour = time() + 3600; //setcookie("user_id", $username, $hour); //setcookie("pass_id", $pass, $hour); //then redirect them to the members area if (!$red) { header("Location: index.php"); } else { header("Location: $red.php"); } exit; } } } } ?> Quote Link to comment Share on other sites More sharing options...
trinaryoc Posted March 15, 2011 Share Posted March 15, 2011 //if there is, it logs you in and directes you to the members page $_POST['username'] = $_SESSION['username']; $_POST['password'] = $_SESSION['password']; $_SESSION['username'] = $username; $_SESSION['password'] = $password; I'm not following your logic here (top of your script)... after checking ISSET $_SESSION variable you set you $_POST variables to the $_SESSION variables.... ok, weird but ok... then you clear them by equating the $_SESSION to the undefined variables $password and $username? This right here might be your problem, your script would allow the user through to index.php but would have cleared out your $_SESSION variables. Looks like you have the same issue later on in your script as well. Also you only need the one session_start(); at the beginning... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.