superglobals failure?

[biloxi01]

Hi,
I've written a little login script. I want to load my index.php dynamically this way:

index.php

Code: Select all

<?php
session_start();
if(!isset($_SESSION['username'])) {
$_SESSION['username'] = "";
}
print('username: '. $_SESSION['username']);
if($_SESSION['username'] == "") {
include('./welcome.php');
include('./loginform.php');
} else {
include('./subject.php');
}
?>


Where welcome.php looks like:

Code: Select all

<?php
print(
'<h1>Welcome!</h1>
<p>You have to login to browse subject.</p>'
);


...and loginform.php like this:

Code: Select all

<?php
   print(
   '<form id="loginform" action="./login.php" method="post">
   <div class="main">
      <div class="caption">
         Username:
      </div>
      <div class="field">
         <input class="login" id="username" type="text">
      </div>
      <div class="caption">
         Password:
      </div>
      <div class="field">
         <input class="login" id="passwd" type="password">
      </div>
   <input class="logincontrol" type="submit" value="Login">
   </div>
   </form>'
   );
?>


This php uses login.php:

Code: Select all

<?php
$link=mysql_connect('myserver', 'myadmin', 'mypass')
      or die(mysql_error());
mysql_select_db('mydb', $link);
$username = $_POST['username'];
$passwd = $_POST['passwd'];
$query = 'select login, name, passwd, email from users
      where login='.$username.' and passwd=md5('.$passwd.');';
$result = mysql_query($query, MYSQL_ASSOC);
if(count($result) == 0) {
   $_SESSION['username'] = "";
} else {
   $_SESSION['username'] = $result['login'];
}
mysql_free_result($result);
mysql_close($link);
header('Location: ./index.php');
?>

subject.php contains "subject" only.

Result always is

Code: Select all

$_SESSION['username'] ==""

Does anybody know the mistake?

Thank You in anticipation,
b

[johnj]

If $_SESSION['username'] =="", that tells that your query returned '0' results. You need to check whether the user name and password that was submitted through the form is indeed picked by the sql query.

[biloxi01]

If $_SESSION['username'] =="", that tells that your query returned '0' results. You need to check whether the user name and password that was submitted through the form is indeed picked by the sql query.

I don't understand You. Can you write it exactly?

[freshnet]

Here's the problem code. Firstly you shouldn't be using mysql_query as its well outdated, but leaving that aside. You are executing a query that will return either FALSE or a resource. Neither of those are countable, so the count will always be zero.

Code: Select all

$result = mysql_query($query, MYSQL_ASSOC);
if(count($result) == 0) {
   $_SESSION['username'] = "";
} else {
   $_SESSION['username'] = $result['login'];
}

What you probably wanted to do was something like this...

Code: Select all

$queryResult = mysql_query($query, MYSQL_ASSOC);
$result = mysql_fetch_row($queryResult );
if($result == FALSE) //no rows are returned
{
   $_SESSION['username'] = "";
} else {
   $_SESSION['username'] = $result['login'];
}

[biloxi01]

Here's the problem code. Firstly you shouldn't be using mysql_query as its well outdated, but leaving that aside. You are executing a query that will return either FALSE or a resource. Neither of those are countable, so the count will always be zero.

Code: Select all

$result = mysql_query($query, MYSQL_ASSOC);
if(count($result) == 0) {
   $_SESSION['username'] = "";
} else {
   $_SESSION['username'] = $result['login'];
}

What you probably wanted to do was something like this...

Code: Select all

$queryResult = mysql_query($query, MYSQL_ASSOC);
$result = mysql_fetch_row($queryResult );
if($result == FALSE) //no rows are returned
{
   $_SESSION['username'] = "";
} else {
   $_SESSION['username'] = $result['login'];
}

OK. I tried before something else than mysql_query, but I'm using a free server and cannot install or set anything.
This works perfectly the same way.
I'm trying something to change in code.

[biloxi01]

I added a print to login.php like this:

Code: Select all

print($_POST['username'].'<br>'.$_POST['passwd']);

...and these superglobals were empty.
I still don't know, where my mistake is.

[freshnet]

$_POST variables are mapped by the field name, not id. You need to use name='username' etc., not the id.