session problem

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

webtekie
New php-forum User
New php-forum User
Posts: 9
Joined: Thu Apr 10, 2003 10:33 am
Location: brooklyn, ny
Contact:

session problem

Postby webtekie » Wed Apr 16, 2003 6:47 am

Hello,

I have a login page where I get username/password and then login user. After username/password is verified against database I redirect user to next page after login. There, I check that session exists, and if does I display welcome message, otherwise tell them that they are not login. I do this so that if someone just comes to the site and types http://www.mysite.com/welcome.php they will not gain access if they are not logged in.
The problem is that sometimes after entering correct username/password combination and being redirected to welcome page I still get unsuccessful login message. After I go back to login page and login again, everything seems ok. This behavior is somewhat random. Does anyone have any suggestions on this or may be can hint on a different approach to session logging.

here is the code:
-----------------
checUser.php
============
<?
/* Check User Script */
session_start(); // Start Session
// connect to db

// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];

if((!$username) || (!$password)){
echo "Please enter ALL of the information! <br />";
include 'login_form.html';
exit();
}

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('special_user');
$_SESSION['user_level'] = $user_level;
session_register('userName');
$_SESSION['userName'] = $username;
session_register('password');
$_SESSION['password'] = $password;
session_register('userid');
$_SESSION['userid'] = $userid;
$ip_address = $REMOTE_ADDR;

mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
mysql_query("UPDATE users SET user_logged_in=1 WHERE userid='$userid'");
mysql_query("INSERT INTO users (ip_address) VALUES('$ip_address')");
header("Location: login_success.php");
}
} else {
echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
Please try again!<br />";
include 'login_form.html';
}
?>

welcome page:
==============
<?session_start();?>
<html>
<head><title>Welcome</title>
<script>
function ou(){
window.open('close.php','logout','toolbar=no,directories=no,location=no,status=no,menubar=no,scrollbars=no,resizable=no,copyhistory=no,width=480,height=320');
}
</script>
</head>
<body ONUNLOAD=ou()>
<?
//if (!isset($_SESSION['userid'])) {
if (!session_is_registered('userid')) {
echo "you are not logged in...";
echo " userid: " . $_SESSION['userid'];
}
else{
$conn = @mysql_connect('128.242.76.156','hconsu','111879') or die(header("Location: index.php?dbError=1"));
mysql_select_db('hconsu');
$sql = mysql_query("SELECT user_logged_in FROM users WHERE activated='1'");
while($res = mysql_fetch_row($sql)){
$count = $count + $res[0];
}
?>
Users logged in<?=$count;?><br>
Welcome <?=$_SESSION['first_name'];?>&<?=$SESSION['last_name'];?>!
<br>
echo "<br /><a href=logout.php>Logout</a>";
echo "<br /><a href=test.php>test</a>";
<?}?>

thanks a lot,
webtekie

Osaou
New php-forum User
New php-forum User
Posts: 7
Joined: Tue Apr 15, 2003 4:52 pm
Location: Stockholm, Sweden
Contact:

Postby Osaou » Wed Apr 16, 2003 3:00 pm

Well, after hastily skimming through your code i found atleast one error; though it really shouldn't solve your primary problem... :(
You've forgotten to add the starting underline-character when you last call the "last_name" session...

And I recommend you take a look at the sticked post about sessions in this forum... the author thouroghly explains common problems regarding sessions...

/Osaou

User avatar
Redcircle
Moderator
Moderator
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Postby Redcircle » Thu Apr 17, 2003 11:08 am

if you are using the super global $_SESSION['first_name'] = $first_name; DO NOT USE!! session_register()

$ip_address = $REMOTE_ADDR;

should be

$ip_address = $_SERVER['REMOTE_ADDR'];

also.. I have seen problems arise by having <? and session_start(); on the same line.

also ALWAYS use <?php and not the short tag. don't ask just do it.

so

<?php
session_start();
?>


//if (!isset($_SESSION['userid'])) {
if (!session_is_registered('userid')) {


you are confusing PHP.. you are trying to use both methods.. use the later of the two. session_is_registered is being depricated(not goign to be used anymore). $_SESSION[''] is much easier to use and understand.


And no mater what a stripper tells you.. there is no sex in the champagne room


Return to “PHP coding => General”

Who is online

Users browsing this forum: No registered users and 0 guests