473,385 Members | 1,486 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > session problems

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Session Problems

Basicly we're at a navigation page with a lot of different links.

Clicking one of the links will lead you to a new index, but you would only be able to view the index if you are already logged in.

I tried to check that by using this code:
(i put this code on top of the index file's code)

Expand|Select|Wrap|Line Numbers
  1. <?
  2. //check that the user is calling the page from the login form and not accessing it directly
  3. //and redirect back to the login form if necessary
  4. if (!isset($username) || !isset($password)) {
  5. header( "Location: login.php" );
  6. }
  7. //check that the form fields are not empty, and redirect back to the login page if they are
  8. elseif (empty($username) || empty($password)) {
  9. header( "Location: login.php" );
  10. }
  11. else{
  12. ?>
It doesnt work at all and I go straight to index, instead of redirecting us to the login.php.

How do I make this work properly so that the site cannot be viewed directly unless already logged in and stored in a session.

My session code is:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. // start the session
  3. session_start();
  4. //if the session is registered to a valid user then show content
  5. if (session_is_registered("$username")) {
  6.  
  7. echo "Access granted.";
  8. }
  9. //not registered session
  10. else {
  11. header( "Location: login.php" );
  12. }
  13. ?>
Which doesn't seem to be working either..

=(

Thank you for answers
Jul 18 '09 #1
4 1745
hoopy
88
Hi,

First off, session_is_registered, is deprecated, so should not really be used.

You can use the $_SESSION variables to store if the user has authenticated. Consider this very basic example:

login.php
Expand|Select|Wrap|Line Numbers
  1. <form action="auth.php" method="post">
  2. U: <input type="text" name="username"><br />
  3. P: <input type="password" name="password"><br />
  4. <input type="submit" name="submit">
  5. </form>
auth.php
Expand|Select|Wrap|Line Numbers
  1. <?
  2. session_start();
  3. if( $_POST['username'] == "test" && $_POST['password'] == "test" )
  4. {
  5.   $_SESSION['authenticated'] = 1;
  6.   header("Location: menu.php");
  7. } else {
  8.   header("Location: login.php");
  9. }
  10. ?>
menu.php
Expand|Select|Wrap|Line Numbers
  1. <?
  2. session_start();
  3. if(!isset($_SESSION['authenticated']))
  4. {
  5.   // not authenticated redirect
  6.   header("location: login.php");
  7.   exit();
  8. }
  9. // get here we OK.
  10. // display menu, etc. 
  11. echo ("Hello, you are authenticated..");
  12. ?>
So login.php is pretty much just a form which points to auth.php. auth.php starts a session and then checks if the username and pass match that of "test". If not then it redirects back to login.php. If a match occurs it sets the session variable $_SESSION['authenticated'] to 1 and then redirects to what would be your menu page. On menu.php the session is started and a check is made to ensure the session variable $_SESSION['authenticated'] has been set. If not then the user has not authenticated so it redirects back to login.php. If it does exist you are good to display your menu.

This is a very basic example but playing around with it should point you in the right direction.

Best of luck.
Jul 18 '09 #2
Thanks a lot for your answer, I will look more into it this way now that you pointed me in the right direction.

- -
Jul 18 '09 #3
[sorry for double posting]

I tried to get my own login script that logs in the user via MySQL to link to the auth.php, but I was wondering how I could implement it into the mysql login script?

logincheck.php

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. ob_start();
  3. $host="localhost";         // Host name
  4. $username="--------";     // Mysql username
  5. $password="---------";     // Mysql password
  6. $db_name="-------------";     // Database name
  7. $tbl_name="-----------";         // Table name
  8.  
  9. // Connect to server and select databse.
  10. mysql_connect("$host", "$username", "$password")or die("cannot connect");
  11. mysql_select_db("$db_name")or die("cannot select DB");
  12.  
  13. // Define $username and $password
  14. $username=$_POST['username'];
  15. $password=$_POST['password'];
  16.  
  17. // To protect MySQL injection (more detail about MySQL injection)
  18. $username = stripslashes($username);
  19. $password = stripslashes($password);
  20. $username = mysql_real_escape_string($username);
  21. $password = mysql_real_escape_string($password);
  22.  
  23. $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
  24. $result=mysql_query($sql);
  25.  
  26. // Mysql_num_row is counting table row
  27. $count=mysql_num_rows($result);
  28. // If result matched $username and $password, table row must be 1 row
  29.  
  30. if($count==1){
  31. // Register $username, $password and redirect to file "menu.php"
  32. session_register("username");
  33. session_register("password");
  34. header("location: menu.php");
  35. }
  36. else {
  37. header( "Location: login.php" );
  38. }
  39.  
  40. ob_end_flush();
  41. ?>
  42.  
Now I tried to implement it where i marked the text in italics as:
Expand|Select|Wrap|Line Numbers
  1. if($count==1){
  2. // Register $username, $password and redirect to file "boelogin=yes.html"
  3. session_register("username");
  4. session_register("password");
  5. session_start();
  6. $_SESSION['authenticated'] = 1;
  7. header("location: boelogin=yes.html");
  8. }
  9. else {
  10. header( "Location: badlogin=user.html" );
  11. }
  12.  
  13. and also:
  14.  
  15. if($count==1){
  16. // Register $username, $password and redirect to file "menu.php"
  17. session_start();
  18. session_register("username");
  19. session_register("password");
  20. $_SESSION['authenticated'] = 1;
  21. header("location: menu.php");
  22. }
  23. else {
  24. header( "Location: login.php" );
  25. }
  26.  
But nothing prevailed :/
So any ideas to this?
Jul 18 '09 #4
Dormilich
8,658 Expert Mod 8TB
first, session_register() is also deprecated. you just need to implement the authentication as used in post #2 only that you have this time a slightly different if condition. everything else stays the same.
Jul 18 '09 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

27
Reality Check: Session Hijacking
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...
PHP
7
Another ASP Session problem with IIS6, somebody must have a definative answer!
by: Adam Short | last post by:
I'm having all sorts of problems with Sessions, I've been using them for years with out a hitch, all of a sudden the last 6 - 12 months since getting our new Win2003 server it's all gone shakey!!!...
ASP / Active Server Pages
3
Session cookies, deep mystery. Sherlock Holmes, please Help!
by: Nicolae Fieraru | last post by:
Hi All, I have a lot of problems with the web site www.ggsurf.com.au I host on www.gnxonline.com and I want to find out if it is my own problem or theirs. I try to use session cookies and it...
ASP / Active Server Pages
3
Session Problems with Desktop Shortcuts in IE
by: headware | last post by:
I have an issue that I've been encountering in an ASP application I'm working on. Most of the application is written in ASP, but there is one page written in ASP.NET. The ASP.NET page needs to have...
ASP / Active Server Pages
3
session timeout suggestions wanted
by: Craig Storey | last post by:
I have a form where users logged in using sessions can edit articles in a WYSIWYG editor. Some of them take their time and don't like to save their work very often and occassionally the sessions...
PHP
3
Cookieless session problems
by: Scott | last post by:
Hello, we are having problems displaying non-aspx files (images, style sheets) since we have upgraded to the 1.1 framework when using a cookieless session (sessionID in the url). Check out...
ASP.NET
9
Session and Application Variables dissappearing
by: William LaMartin | last post by:
I have a problem, mentioned here before, of Session and Application variables disappearing at one site but not at others or on my development computer. The problem is illustrated by an example...
ASP.NET
13
session empty
by: Alexander Widera | last post by:
hi, who has seen the follow problem or could help please? i visit a page .... i read a sesssion-var . ... everythink works...... i visit the page again..... error ... the sessionvar is null .... i...
ASP.NET
18
Session Variables - why aren't novice developers warned?
by: BillE | last post by:
When a user opens a new IE browser window using File-New-Window the integrity of an application which relies on session state is COMPLETELY undermined. Anyone who overlooks the fact that...
ASP.NET
1
Losing session variables between pages
by: KidQuin | last post by:
I am having problems with session value between pages. Happening in both firefox and IE7. I go between page by links so I know it's not header changes. I use session_start as the first line on the...
PHP
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!