Session Problems..
I've been trying to create a login script and I've managed to get the database side of things up and running. I cant seem to get the sessions to work. I've tried multiple combinations of conditional statements but no matter what I try I cant seem to get my head around it. As you can see it's a total mess..
Here is what I have at the moment..
<?php
session_start();
function footer() {
include(\"/home/silonet/public_html/includes/footer.php\");
}
include(\"/home/silonet/public_html/includes/header.php\");
if(!$submit) {
if (!session_is_registered(\"username\")) {
<form action=\"=$PHP_SELFif($QUERY_STRING){ echo\"?\". $QUERY_STRING;}\" method=\"POST\">
<p align=\"center\">Members only. Please login to access this document.</p>
<table align=\"center\" border=\"0\">
<tr>
<th>
Username:
</th>
<th>
<input type=\"text\" name=\"username\">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type=\"password\" name=\"password\">
</th>
</tr>
<tr>
<th colspan=\"2\" align=\"right\">
<input type=\"submit\" name=\"submit\" value=\"Login\">
</form>
</th>
</tr>
</table>
</body>
</html>
footer();
exit();
}}
else {
$_SESSION['username'] = '$username';
$db = mysql_connect(\"*************\");
if (!$db)
echo \"A conection to the database could not be established. Please try again later or contact the website administrator.\";
mysql_select_db(\"******\");
$password2 = md5($password);
$sql = mysql_query(\"SELECT password FROM member WHERE username = '$username'\");
$fetch_em = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);
if($numrows != \"0\" & $password2 == $fetch_em[\"password\"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
}
if (!$valid_user)
{
session_unset(); // Unset session variables.
session_destroy(); // End Session we created earlier.
<form action=\"=$PHP_SELFif($QUERY_STRING){ echo\"?\". $QUERY_STRING;}\" method=\"POST\">
<p align=\"center\">Incorrect login information, please try again. You must login to access this document.</p>
<table align=\"center\" border=\"0\">
<tr>
<th>
Username:
</th>
<th>
<input type=\"text\" name=\"username\">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type=\"password\" name=\"password\">
</th>
</tr>
<tr>
<th colspan=\"2\" align=\"right\">
<input type=\"submit\" name=\"submit\" value=\"Login\">
</form>
</th>
</tr>
</table>
</body>
</html>
footer();
exit();
}
if ($id = logoff) {
session_unregister('username');
session_unregister('password');
session_destroy();
}
<a href=\"http://www.silonetwork.com/member/login.php?id=logoff\">Log Off</a>
include(\"/home/silonet/public_html/includes/footer.php\");
?>
Mark Hensler posted this at 17:08 — 17th May 2003.
He has: 4,048 posts
Joined: Aug 2000
<?php
session_start();
function footer()
{
include(\"/home/silonet/public_html/includes/footer.php\");
}
include(\"/home/silonet/public_html/includes/header.php\");
if ($id == 'logoff') {
session_unregister('username');
session_unregister('password');
session_destroy();
die(\"you're logged out\");
}
if ($submit) {
$db = mysql_connect(\"*************\");
if (!$db)
echo \"A conection to the database could not be established. Please try again later or contact the website administrator.\";
mysql_select_db(\"******\");
$sql = mysql_query(\"SELECT id FROM member WHERE username='$username' AND password='\".md5($password).\"'\");
$numrows = mysql_num_rows($sql);
if($numrows == 1) {
$_SESSION['username'] = $username;
// stick the user id in the session data as well
list($_SESSION['uid']) = mysql_fetch_row($result);
// this should most likely be a redirect:
// header(\"Location: index.php\");
die(\"your logged in\");
}
elseif($numrows > 1) {
// you should have `username` and `password` both under the same
// UNIQUE key in mysql so that this never happens
$prompt = 'More than one account was found with the same login information.';
$prompt .= ' This system cannot proceed. Please contact the administrator.';
die($prompt);
}
else {
$prompt = 'Incorrect login information, please try again. You must login to access this document.';
}
}
else {
$prompt = 'Members only. Please login to access this document.';
}
<form action=\"=$PHP_SELFif($QUERY_STRING){ echo\"?\". $QUERY_STRING;}\" method=\"POST\">
<p align=\"center\">$prompt</p>
<table align=\"center\" border=\"0\">
<tr>
<th>
Username:
</th>
<th>
<input type=\"text\" name=\"username\">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type=\"password\" name=\"password\">
</th>
</tr>
<tr>
<th colspan=\"2\" align=\"right\">
<input type=\"submit\" name=\"submit\" value=\"Login\">
</form>
</th>
</tr>
</table>
</body>
</html>
<a href=\"http://www.silonetwork.com/member/login.php?id=logoff\">Log Off</a>
include(\"/home/silonet/public_html/includes/footer.php\");
?>
Mark Hensler
If there is no answer on Google, then there is no question.
nuk3 posted this at 02:01 — 18th May 2003.
They have: 238 posts
Joined: May 2002
The script didn't work. I found a couple of mistakes:
$prompt // Should've been <?=$prompt?>
And the the column is userid not id. // My error
I'm getting the following error:
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/silonet/public_html/member/login.php on line 38
Your logged in
--
Try a login with 'hey' and 'hey'.
http://www.silonetwork.com/member/login.php
Mark Hensler posted this at 19:42 — 18th May 2003.
He has: 4,048 posts
Joined: Aug 2000
mysql_fetch_row() should be using $sql. or, change $sql to $result above.
nuk3 posted this at 06:33 — 19th May 2003.
They have: 238 posts
Joined: May 2002
What can I do about the header errors I'm getting with the Header Location uncommented?
Warning: Cannot modify header information - headers already sent by (output started at /home/silonet/public_html/includes/header.php:14) in /home/silonet/public_html/member/login.php on line 40
Your logged in
Mark Hensler posted this at 11:22 — 20th May 2003.
He has: 4,048 posts
Joined: Aug 2000
Move the include(header.php) after the header() call.
nuk3 posted this at 08:09 — 21st May 2003.
They have: 238 posts
Joined: May 2002
Ok then
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.