Session Issue Setting

I am in the learning phase of PHP/Mysql thus my question :)

I have a login.php page that passes the following values.. $myusername
$mypassword. on submit it sends that data to a checklogin.php file.

Here is that checklogin.php code.
[php]<?php
include("db.php");
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$que = mysql_query("SELECT * FROM `instructors` WHERE `username`='$myusername' AND `password`='$mypassword'");
if (mysql_num_rows($que)==0) $err = "";
else
$id = $row['id'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM instructors WHERE username='$myusername' and `password`='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1)
{
session_register("myusername");
session_register("mypassword");
session_register("id");
header("location: index.php");
}
else {
include("navtop.php");
include("nav.php");
echo "
<td width=80% valign=top>
<p class='bodyHeading'>Login Error</p></span>
<p>
<table border=0 width=600 class='pbox11'>
<td>
<b>Wrong Username or Password - Please wait</b><br>
<META HTTP-EQUIV='Refresh' CONTENT='2;URL=index.php'>
</td></table>
<br><Br><br><Br>
</span></td></table></span></td></table>";
include("navbot.php");
}
?>[/php]

I am just trying to set the ID to the header as well as the username.. and that is where I get lost.
after the checklogin.php is done it moves to the index.php page. there i am doing a mysql querty to find the user my the ID number.. but the ID isnt getting passed to this page.

Thanks for any help.

Nathan

re: Session Issue Setting

Use of session_register() is deprecated.
Use
[php]
session_start(); # always at the beggining
$_SESSION['sesh_name'] = "sesh info";
[/php]
[php]
session_start(); # as always!
echo $_SESSION['sesh_name'];
[/php]

When posting code, you need to use code tags (refer to the posting guidelines to do so).

regards.

re: Session Issue Setting

Welcome to The Scripts!

Please enclose your posted code in [code] tags (See How to Ask a Question).

This makes it easier for our Experts to read and understand it. Failing to do so creates extra work for the moderators, thus wasting resources, otherwise available to answer the members' questions.

Please use [code] tags in future.

MODERATOR

re: Session Issue Setting

You ndon't shgow us how what the login form looks like. We need to see that in order to check if the form itself and all form fields are correcly defined.

So show it and enclose any code within the appropriate code tags!!

Ronald

re: Session Issue Setting

[php]<? include("navtop.php") ?>
<? include("nav.php") ?>
<td width=80% valign=top>
<p class="bodyHeading"><b>TAC Instructor Access</b></p></span>
<p>You are required to login in order to access your TAC Instructor area. If you need assistance with
your login or this is your first time login in an require a username and password for your account, please
feel free to contact TAC to receive this required information.</p>
<P>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#ffffff">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="50%" border="0" cellpadding="3" cellspacing="1" >
<tr>
<td width="78">Email</td>
<td width="6"></td>
<td width="294"><input name="myusername" size=40 type="text" id="myusername" class='input'></td>
</tr>
<tr>
<td>Password</td>
<td></td>
<td><input name="mypassword" type="password" id="mypassword" class='input'></td>
</tr><tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login" class='input'></td>
</tr>
</table>
</td>
</form>
</tr>
</table></p>
</span></td></table></span></td></table>[/php]

re: Session Issue Setting

This is the second warning about adhering to the Posting Guidelines on using code tags!

Please enclose your posted code in [code] tags (See How to Ask a Question).

This makes it easier for our Experts to read and understand it. Failing to do so creates extra work for the moderators, thus wasting resources, otherwise available to answer the members' questions.

Please use [code] tags in future.

MODERATOR

re: Session Issue Setting

Sorry, I will use the settings ..

re: Session Issue Setting

For PHP it is advisable to use the [code=php] or [php] settings. That way the php functions 'stick out' on the screen so it is easier to read.

For other languages and statement, the following list of [code=xxx] is applicable, where xxx can be:
actionscript
apache
asp
c
cfm
cpp
css
html
java
javascript
mysql
oracle
perl
php
python
rails
ruby
sql
vb
vbnet
xml

moderator

re: Session Issue Setting

Here is the updated checklogin.php file.

code [php]
<?php
include("db.php");
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$que = mysql_query("SELECT * FROM `instructors` WHERE `username`='$myusername' AND `password`='$mypassword'");
if (mysql_num_rows($que)==0)
{
$user_id = $row['id'];
$xusrid = $user_id;
$myID = $row['id'];
$_SESSION['xusrid'] = $user_id;
$_SESSION['myID'] = $myID;
session_register($myID);
session_register($xusrid);
header("location: index.php");
}
else
{
include("navtop.php");
include("nav.php");
echo "
<td width=80% valign=top>
<p class='bodyHeading'>Login Error</p></span>

<p>
<table border=0 width=600 class='pbox11'>
<td>

<b>Wrong Username or Password - Please wait</b><br>
<META HTTP-EQUIV='Refresh' CONTENT='3;URL=index.php'>
</td></table>
<br><Br><br><Br>
</span></td></table></span></td></table>";

include("navbot.php");
}

?>
[/php]


And here is the login.php file..
[php]
<?
include("navtop.php");
include("nav.php");
?>


<td width=80% valign=top>

<p class="bodyHeading"><b>TAC Instructor Access</b></p></span>

<p>You are required to login in order to access your TAC Instructor area. If you need assistance with
your login or this is your first time login in an require a username and password for your account, please
feel free to contact TAC to receive this required information.</p>

<P>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#ffffff">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="50%" border="0" cellpadding="3" cellspacing="1" >
<tr>
<td width="78">Email</td>
<td width="6"></td>
<td width="294"><input name="myusername" size=40 type="text" id="myusername" class='input'></td>
</tr>
<tr>
<td>Password</td>
<td></td>
<td><input name="mypassword" type="password" id="mypassword" class='input'></td>
</tr><tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login" class='input'></td>
</tr>
</table>
</td>
</form>
</tr>
</table></p>
</span></td></table></span></td></table>
<? include("navbot.php") ?>
[/php]

re: Session Issue Setting

What is the purpose of this statement checklogon.php line 9:[php]$user_id = $row['id'];[/php]I see no $row anywhere in the code, so where does $row come from so suddenly?

Ronald

re: Session Issue Setting

This is the id in the instructors table of the actual instructor.. that was my unleared attemtd if you will, but yeah I see what you mean..

I only added or tried to add this because the other wasnt working..
sorry im stupid..

This is how its suppose to look

[php]
<?php
include("db.php");
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$que = mysql_query("SELECT * FROM `instructors` WHERE `username`='$myusername' AND `password`='$mypassword'");
if (mysql_num_rows($que)==0)
{
$xusrid = $user_id;
$_SESSION['xusrid'] = $user_id;
session_register($xusrid);
header("location: index.php");
}
else
{
include("navtop.php");
include("nav.php");
echo "
<td width=80% valign=top>
<p class='bodyHeading'>Login Error</p></span>

<p>
<table border=0 width=600 class='pbox11'>
<td>

<b>Wrong Username or Password - Please wait</b><br>
<META HTTP-EQUIV='Refresh' CONTENT='3;URL=index.php'>
</td></table>
<br><Br><br><Br>
</span></td></table></span></td></table>";

include("navbot.php");
}

?>
[/php]

re: Session Issue Setting

Also this is the db.php file

[php]
<?
define('HOST','localhost');
define('USER','');
define('PASS','');
define('DB','');

mysql_connect(HOST,USER,PASS) or die("Could not connect: " . mysql_error());;
mysql_select_db(DB) or die("Could not select: " . mysql_error());;
$myID = 0;
if (isset($_SESSION['xusrid'])) $myID = intval($_SESSION['xusrid']);
session_start();

?>
[/php]

re: Session Issue Setting

I am completely lost now! You have a login.php, a logincheck.php and an index.php. You showed the first 2 and changed the 2nd one. What else did you change? In order to help you you must not change the code on the fly, that way we are aiming at a moving target.

So please: show all those 3 scripts where you have that problem with (and let's assume your original problem is still the problem) or otherwise restate the problem.

Ronald

re: Session Issue Setting

Sorry Ronald. That was totaly my fault,

The problem is.. getting this to login with the supplied username and password that are in the table. "I duoble checked that" and the fields names are correct.

So getting this to login, setting the id in the session and passing the id to the index page, is the issue.


Here is the login.php file.

[php]<?
include("navtop.php");
include("nav.php");
?>


<td width=80% valign=top>

<p class="bodyHeading"><b>TAC Instructor Access</b></p></span>

<p>You are required to login in order to access your TAC Instructor area. If you need assistance with
your login or this is your first time login in an require a username and password for your account, please
feel free to contact TAC to receive this required information.</p>

<P>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#ffffff">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="50%" border="0" cellpadding="3" cellspacing="1" >
<tr>
<td width="78">Email</td>
<td width="6"></td>
<td width="294"><input name="myusername" size=40 type="text" id="myusername" class='input'></td>
</tr>
<tr>
<td>Password</td>
<td></td>
<td><input name="mypassword" type="password" id="mypassword" class='input'></td>
</tr><tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login" class='input'></td>
</tr>
</table>
</td>
</form>
</tr>
</table></p>
</span></td></table></span></td></table>
<? include("navbot.php") ?>
[/php]


And here is the checklogin.php file

[php]
<?php
include("db.php");
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$que = mysql_query("SELECT * FROM `instructors` WHERE `username`='$myusername' AND `password`='$mypassword'");
if (mysql_num_rows($que)==0)
{
$xusrid = $user_id;
$myID = $user_id;
$_SESSION['xusrid'] = $user_id;
session_register($xusrid);
header("location: index.php");
}
else
{
include("navtop.php");
include("nav.php");
echo "
<td width=80% valign=top>
<p class='bodyHeading'>Login Error</p></span>

<p>
<table border=0 width=600 class='pbox11'>
<td>

<b>Wrong Username or Password - Please wait</b><br>
<META HTTP-EQUIV='Refresh' CONTENT='3;URL=index.php'>
</td></table>
<br><Br><br><Br>
</span></td></table></span></td></table>";

include("navbot.php");
}

?>
[/php]

Here is the index.php page
[php]
<?
include('db.php');
if ($myID == 0) header("location:login.php");

include("navtop.php");
include("nav.php");

$qa = mysql_query("SELECT * FROM `instructors` WHERE id='$myID'");
$row=mysql_fetch_assoc($qa);
$name = $row['first_name'] . " " . $row['last_name'];
$first = $row['first_name'];
echo "

<td width=80% valign=top>
<p class=\"bodyHeading\">Welcome $name</p></span>

<p>
<table border=0 width=600 class=\"pbox11\">
<td>
Welcome $first to your secure TAC Instructor account area. If you have any questions about using this site please
contact our support services at any time.<br>
</td></table>

</td></table>

</span></td></table></span></td></table>";

include("navbot.php");
?>
[/php]



and the db.php file

[php]
<?
define('HOST','localhost');
define('USER','');
define('PASS','');
define('DB','');

mysql_connect(HOST,USER,PASS) or die("Could not connect: " . mysql_error());;
mysql_select_db(DB) or die("Could not select: " . mysql_error());;
$myID = 0;
if (isset($_SESSION['xusrid'])) $myID = intval($_SESSION['xusrid']);
session_start();

?>

[/php]

re: Session Issue Setting

I haven't looked at all scripts closely, but the first error that sprang up is the last statement in the db.php. When you use the $_SESSION array, you must start your script with[php]session_start();[/php]Not at the end as you can see in db.php, so that script must be[php]<?
session_start();

define('HOST','localhost');
define('USER','');
define('PASS','');
define('DB','');

mysql_connect(HOST,USER,PASS)
or die("Could not connect: " . mysql_error());;
mysql_select_db(DB)
or die("Could not select: " . mysql_error());;
$myID = 0;
if (isset($_SESSION['xusrid']))
$myID = intval($_SESSION['xusrid']);
?>[/php]So let's start there and see if this makes the rest run ok.

addendum: you can only use the $_SESSION array after you have done the session_start();. Otherwise it just does not exist for the script.

Ronald

re: Session Issue Setting

I did add that to the first of the db.php file, and when I tried to login it gave the invalid username and password error.

I did double check the username and password I am trying to use and it is in the instructors table.

re: Session Issue Setting

Something to note.. and could be another issue..

When i type in a username and password that is not in the database, it dosnt show the login error, just shows the login.php page again..

re: Session Issue Setting

We will get there!
What about this in logincheck.php? When the user/password is NOT found in the database you do all these assignments. If the user is in the database you tell him 'Login error'. That does not sound logical to me[php]$que = mysql_query("SELECT * FROM `instructors` WHERE `username`='$myusername' AND `password`='$mypassword'");
if (mysql_num_rows($que)==0)
{
[/php]Ronald

re: Session Issue Setting

So I have that backwards...

re: Session Issue Setting

Yessir. mysql_num_rows(xx)==0 means: do this block of code only when there is no result from the database (number of rows equals zero).

Ronald

re: Session Issue Setting

Ok, so if I set it to ==1 would that do the trick?

re: Session Issue Setting

I personally would test it at > 0 (just in case you have more than 1 result).

Ronald

re: Session Issue Setting

Ok this is were I just jump off the rocky cliff.... :)

This might be the forest for the trees kinda incident, and I dont want to use this site for a "ok code it for me" kind of site, but what the heck should I change?

re: Session Issue Setting

You have to change the[php]if (mysql_num_rows($que)==0)[/php]statement in checklogin.php into[php]if (mysql_num_rows($que) > 0)[/php]Then at least that script is okay (until you run into another problem) :-)

Ronald

re: Session Issue Setting

Ok I made that change, and now I dont get the login error, but upo submit from the login.php page it goes right back to login.php, so I guess there is an issue with the session thing?

re: Session Issue Setting

See index.php this statement [php]if ($myID == 0) header("location:login.php");[/php]. This ends you back to the login.php when $myID is zero.

So you must have set or changed $myID to 0 (which is what you do in db.php!)

What is this then[php] $xusrid = $user_id;
$myID = $user_id;
$_SESSION['xusrid'] = $user_id;[/php]What is $user_id and where does it come from? Remember: when $User_id does not exist, the value of $myID is also in jeopardy.

Ronald

re: Session Issue Setting

ok well I thought that in this code is were it get the instructor id...

[php]
$que = mysql_query("SELECT * FROM `instructors` WHERE `username`='$myusername' AND `password`='$mypassword'");
if (mysql_num_rows($que) > 0)
{
$xusrid = $user_id;
$_SESSION['xusrid'] = $user_id;
session_register($xusrid);
header("location:index.php");
[/php]

re: Session Issue Setting

What I need to do is when the checklogin.php code is ran and it does the query from the data base to see if it can find the username and password, when it does find them have it grab that id number and set it.. that is what $myID needs to be set as...

re: Session Issue Setting

No way! You must first fetch the row and then assign the value of the instructor id in that row to $user_id! I don't know what the column name for instructor id in your table is, so I call it instrID in the next sample. So the above code should be something like[php]$que = mysql_query("SELECT * FROM `instructors` WHERE `username`='$myusername' AND `password`='$mypassword'");
if (mysql_num_rows($que) > 0)
{
$myRow=mysql_fetch_assoc($que); // this is added to your code
$user_id=$myRow['instrID']; // this is added to your code
$xusrid = $user_id;
$_SESSION['xusrid'] = $user_id;
session_register($xusrid);
header("location:index.php");[/php]Do not forget to change the $myRow['instrID'] to the name of the colum that contains that instructor ID.

Ronald

re: Session Issue Setting

Ok I'm buying you a beer... :)

that did the trick.. and also I found out that I am a complete idiot..

Thanks

re: Session Issue Setting

We all started learning by example. I am glad it's done. See you next time.

Ronald