enableing session variables in php

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • tolkienarda
    Contributor
    • Dec 2006
    • 316
    #1

    enableing session variables in php

    hi all
    i seem to be having a problem with session variables, and registering sessions. i am runing wamp5 and i think that i need to change something in the php.ini file cause i basicaly coppied the code from a login script that works on my server(php v4.somthing) so i think the problem is v5. following is the code from login.php.

    [PHP]
    <?
    $host="localhos t"; // Host name.
    $db_user="eric" ; // MySQL username.
    $db_password="d al4120"; // MySQL password.
    $database="wytr kcms"; // Database name.
    $cms = mysql_pconnect( $host, $db_user, $db_password) or trigger_error(m ysql_error(),E_ USER_ERROR);
    mysql_select_db ($database, $cms);
    if(isset($_POST[uname]))
    $user=$_POST[uname];
    if(isset($_POST[pass]))
    $pass=$_POST[pass];
    //session_start() ;
    //session_destroy ();
    $result=mysql_q uery("SELECT user, pass FROM users WHERE pass = '$pass' AND user='$user'");
    $row=mysql_fetc h_row($result);
    if($row[0] == $user && $row[1] == $pass)
    {
    //session_registe r("user");
    //header("locatio n:index.php");
    thisisapain(1);
    }
    else
    {
    //header("locatio n:login.htm");
    thisisapain(2);
    }

    function thisisapain($ah ah)
    {
    if ($ahah == 1)
    {
    session_start() ;
    session_destroy ();
    //session_registe r("user");
    $_SESSION[user]='registered';
    header("locatio n:index.php");
    }else if($ahah == 2)
    {
    echo "frig";
    //header("locatio n:login.htm");
    }


    }

    ?>

    [/PHP]

    if i log in correctly it displays the incorrect login message(frig) but if it is correct it redirects me to index.php. and index.php then processes this code at the very top of the file
    [PHP]
    <?
    session_start() ;
    if($_SESSION[user]!='registered')
    {
    header("locatio n:login.htm");
    }
    ?>
    [/PHP]

    and this redirects me back to login.htm


    any advice would be greatly appreciated

    eric
    Tags: None
    • ronverdonk
      Recognized Expert Specialist
      • Jul 2006
      • 4259
      #2
      I am (almost) sure that your select did not return a result. Maybe because of misspelling, maube because the password is stored in the db using the PASSWORD() or SHA1() or another encryption method.
      You also check the userid and password twice. You only have to check the returned number of rows to be certain that the row exists.

      So I suggest that you check the number of rows returned and, when that is not equal to 1, you are sure that the data is not in your db.

      Also, check any errors from mysql_* commands, enclose array keys within quotes (in future PHP releases that will become mandatory) and sanitize the posted input variables.

      Change insert this code starting after the mysql_select_db comand:
      [php]
      // ........ your code .....
      if (!isset($_POST['uname']) OR !isset($_POST['pass']))
      die ("Invalid username / password");
      $user=trim(stri p_tags($_POST['uname']));
      $pass=trim(stri p_tags($_POST['pass']));
      $result=mysql_q uery("SELECT userid, passwd FROM users WHERE pass = '$pass' AND user='$user'")
      or die("Invalid select: ".mysql_error() );
      if (mysql_num_rows ($result) == 1) {
      //session_registe r("user");
      //header("locatio n:index.php");
      thisisapain(1);
      }
      // .... etc.
      [/php]

      Ronald :cool:

        Comment

        Previous template Next
        Working...