enableing session variables in php

316 100+

hi all
i seem to be having a problem with session variables, and registering sessions. i am runing wamp5 and i think that i need to change something in the php.ini file cause i basicaly coppied the code from a login script that works on my server(php v4.somthing) so i think the problem is v5. following is the code from login.php.

[PHP]
<?
$host="localhost"; // Host name.
$db_user="eric"; // MySQL username.
$db_password="dal4120"; // MySQL password.
$database="wytrkcms"; // Database name.
$cms = mysql_pconnect($host, $db_user, $db_password) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database, $cms);
if(isset($_POST[uname]))
$user=$_POST[uname];
if(isset($_POST[pass]))
$pass=$_POST[pass];
//session_start();
//session_destroy();
$result=mysql_query("SELECT user, pass FROM users WHERE pass = '$pass' AND user='$user'");
$row=mysql_fetch_row($result);
if($row[0] == $user && $row[1] == $pass)
{
//session_register("user");
//header("location:index.php");
thisisapain(1);
}
else
{
//header("location:login.htm");
thisisapain(2);
}

function thisisapain($ahah)
{
if ($ahah == 1)
{
session_start();
session_destroy();
//session_register("user");
$_SESSION[user]='registered';
header("location:index.php");
}else if($ahah == 2)
{
echo "frig";
//header("location:login.htm");
}

}

?>

[/PHP]

if i log in correctly it displays the incorrect login message(frig) but if it is correct it redirects me to index.php. and index.php then processes this code at the very top of the file
[PHP]
<?
session_start();
if($_SESSION[user]!='registered')
{
header("location:login.htm");
}
?>
[/PHP]

and this redirects me back to login.htm

any advice would be greatly appreciated

eric

Mar 23 '07 #1

Subscribe Post Reply

1395

ronverdonk

4,258

Expert 4TB

I am (almost) sure that your select did not return a result. Maybe because of misspelling, maube because the password is stored in the db using the PASSWORD() or SHA1() or another encryption method.
You also check the userid and password twice. You only have to check the returned number of rows to be certain that the row exists.

So I suggest that you check the number of rows returned and, when that is not equal to 1, you are sure that the data is not in your db.

Also, check any errors from mysql_* commands, enclose array keys within quotes (in future PHP releases that will become mandatory) and sanitize the posted input variables.

Change insert this code starting after the mysql_select_db comand:
[php]
// ........ your code .....
if (!isset($_POST['uname']) OR !isset($_POST['pass']))
die ("Invalid username / password");
$user=trim(strip_tags($_POST['uname']));
$pass=trim(strip_tags($_POST['pass']));
$result=mysql_query("SELECT userid, passwd FROM users WHERE pass = '$pass' AND user='$user'")
or die("Invalid select: ".mysql_error());
if (mysql_num_rows($result) == 1) {
//session_register("user");
//header("location:index.php");
thisisapain(1);
}
// .... etc.
[/php]

Ronald :cool:

Mar 25 '07 #2

Similar topics

session variable - malfunction??

by: Al Jones | last post by:

This is a repost form the vbscript newgroup - if this isn't the appropriate group would you point me toward one that is. Basically, I seem to be losing session data part way though preparing an...

ASP / Active Server Pages

Enableing InnoDB Tables

by: Eurisko | last post by:

Hi I am running SuSE 9.0. I have installed, MySql 4.0.15. Apparantly versions 4.0 and above are supposed to come with InnoDB tables already enabled, this is not the case with mine, the...

MySQL Database

Session variables

by: Lina Manjarres | last post by:

Hello, I have a session variable in a login page. Then I go to a form page where I uses the ProfileID and the UserID. Then I go to a result page where I would like to use the UserID as a filter,...

ASP / Active Server Pages

Some session variables disappear between postbacks

by: PJ | last post by:

A particular page seems to be having issues with correctly setting Session variables. I am setting a couple of session variables on the Page_Unload event. While stepping through code, the...

ASP.NET

Session Variables - Good or Bad

by: Harry Simpson | last post by:

I've come from the old ASP camp where session variables were not used. When i started using ASP.NET in 2001, I started using them again because it was ok from what I'd read. I've been merrily...

ASP.NET

Session State stateserver or Sql Server

by: tshad | last post by:

I have been using the default session state (InProc) and have found that I have been loosing my information after a period of time (normally 20 minutes). Is there anyway to find out how much...

ASP.NET

Keep track of Session value

by: Alan Wang | last post by:

Hi there, Once my application gets complicated and complicated. I found it's really hard to keep track of Session value I am using in my asp.net application. I am just wondering if anyone have...

ASP.NET

Session Variables - why aren't novice developers warned?

by: BillE | last post by:

When a user opens a new IE browser window using File-New-Window the integrity of an application which relies on session state is COMPLETELY undermined. Anyone who overlooks the fact that...

ASP.NET

Warning - AVOID SESSION VARIABLES

by: BillE | last post by:

Some ASP.NET applications use Session Variables extensively to maintain state. These should be re-written to use viewstate, hidden fields, querystring, etc. instead. This is because if a user...

ASP.NET

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...

Windows Server

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

General

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...

Career Advice