session problem

Ask about general coding issues or problems here.

Moderators: egami, macek, gesf

Post Reply
New php-forum User
New php-forum User
Posts: 9
Joined: Thu Apr 10, 2003 10:33 am
Location: brooklyn, ny

Wed Apr 16, 2003 6:47 am


I have a login page where I get username/password and then login user. After username/password is verified against database I redirect user to next page after login. There, I check that session exists, and if does I display welcome message, otherwise tell them that they are not login. I do this so that if someone just comes to the site and types they will not gain access if they are not logged in.
The problem is that sometimes after entering correct username/password combination and being redirected to welcome page I still get unsuccessful login message. After I go back to login page and login again, everything seems ok. This behavior is somewhat random. Does anyone have any suggestions on this or may be can hint on a different approach to session logging.

here is the code:
/* Check User Script */
session_start(); // Start Session
// connect to db

// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];

if((!$username) || (!$password)){
echo "Please enter ALL of the information! <br />";
include 'login_form.html';

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
// Register some session variables!
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email_address'] = $email_address;
$_SESSION['user_level'] = $user_level;
$_SESSION['userName'] = $username;
$_SESSION['password'] = $password;
$_SESSION['userid'] = $userid;
$ip_address = $REMOTE_ADDR;

mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
mysql_query("UPDATE users SET user_logged_in=1 WHERE userid='$userid'");
mysql_query("INSERT INTO users (ip_address) VALUES('$ip_address')");
header("Location: login_success.php");
} else {
echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
Please try again!<br />";
include 'login_form.html';

welcome page:
function ou(){'close.php','logout','toolbar=no,directories=no,location=no,status=no,menubar=no,scrollbars=no,resizable=no,copyhistory=no,width=480,height=320');
<body ONUNLOAD=ou()>
//if (!isset($_SESSION['userid'])) {
if (!session_is_registered('userid')) {
echo "you are not logged in...";
echo " userid: " . $_SESSION['userid'];
$conn = @mysql_connect('','hconsu','111879') or die(header("Location: index.php?dbError=1"));
$sql = mysql_query("SELECT user_logged_in FROM users WHERE activated='1'");
while($res = mysql_fetch_row($sql)){
$count = $count + $res[0];
Users logged in<?=$count;?><br>
Welcome <?=$_SESSION['first_name'];?>&<?=$SESSION['last_name'];?>!
echo "<br /><a href=logout.php>Logout</a>";
echo "<br /><a href=test.php>test</a>";

thanks a lot,

New php-forum User
New php-forum User
Posts: 7
Joined: Tue Apr 15, 2003 4:52 pm
Location: Stockholm, Sweden

Wed Apr 16, 2003 3:00 pm

Well, after hastily skimming through your code i found atleast one error; though it really shouldn't solve your primary problem... :(
You've forgotten to add the starting underline-character when you last call the "last_name" session...

And I recommend you take a look at the sticked post about sessions in this forum... the author thouroghly explains common problems regarding sessions...


User avatar
Posts: 826
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA

Thu Apr 17, 2003 11:08 am

if you are using the super global $_SESSION['first_name'] = $first_name; DO NOT USE!! session_register()

$ip_address = $REMOTE_ADDR;

should be

$ip_address = $_SERVER['REMOTE_ADDR'];

also.. I have seen problems arise by having <? and session_start(); on the same line.

also ALWAYS use <?php and not the short tag. don't ask just do it.



//if (!isset($_SESSION['userid'])) {
if (!session_is_registered('userid')) {

you are confusing PHP.. you are trying to use both methods.. use the later of the two. session_is_registered is being depricated(not goign to be used anymore). $_SESSION[''] is much easier to use and understand.

And no mater what a stripper tells you.. there is no sex in the champagne room

Post Reply