login session not behaving

**Dormilich** · Jan 6 '10, 03:08 PM

obviously $_SESSION[$userdetails["Username"]] does not exist or is empty. try var_dump($_SESS ION); to see what’s going on.

**macdalor** · Jan 6 '10, 03:11 PM

thx Dormilich. Sorry I'm really no expert in php, shall I put this instead of my query or after?

**macdalor** · Jan 6 '10, 03:14 PM

I've added it within the query and it brings NULL back. Does it mean username isn't what I should be using then?

**Dormilich** · Jan 6 '10, 03:41 PM

what query? it doesn’t matter where you put this, as long as it is executed.

if var_dump($_SESS ION); brings up NULL, there is something wrong with the session.

**macdalor** · Jan 6 '10, 03:43 PM

ok...what can I do to find out what's wrong with it?

**Dormilich** · Jan 6 '10, 03:48 PM

check out, where you set $_SESSION to NULL.

**macdalor** · Jan 6 '10, 03:55 PM

ok, I've checked this out and this is the "config.php " file, where the $_SESSION is set to NULL if not logged in and to $_SESSION["userCakeUs er"] if logged in (see code below)

Am I not using this properly?

Code:

<?php
	include("settings.php");
	
	//Dbal Support - Thanks phpBB ; )
	include("classes/db/".$dbtype.".php");
	
	//Construct a db instance
	$db = new $sql_db();
	if(!$db->sql_connect($db_host, $db_user, $db_pass, $db_name, $db_port, false, false)) die("Unable to connect to the database");

	//Include classes
	include("classes/class_newuser.php");
	include("classes/class_newmail.php");
	include("classes/class_loggedinuser.php");
	
	//Include Functions
	include("functions/user-funcs.php");
	include("functions/general-funcs.php");


	session_start();
	
	//Global User Object Var
	//loggedInUser can be used globally if constructed
	if(isset($_SESSION["userCakeUser"]) && is_object($_SESSION["userCakeUser"])) $loggedInUser = $_SESSION["userCakeUser"]; else $loggedInUser = NULL;	
?>

**Dormilich** · Jan 6 '10, 04:09 PM

where do you set userCakeUser?

**macdalor** · Jan 6 '10, 04:18 PM

userCakeUser is set in the mysql db table

**macdalor** · Jan 6 '10, 04:32 PM

sorry I'm getting confused now ;-)

you might mean this here in the "login.php" page...

Code:

<?php
	require_once("models/config.php");
	require_once('html_head.php');
	
	//Prevent the user visiting the logged in page if he/she is already logged in
	if(isUserLoggedIn()) { header("Location: account.php"); die; }
?>
<?php
	/* 
		Below is a very simple example of how to process a login request.
		Some simple validation (ideally more is needed).
	*/

//Forms posted
if(!empty($_POST))
{
		$errors = array();
		$username = trim($_POST["username"]);
		$password = trim($_POST["password"]);
	
		//Perform some validation
		//Feel free to edit / change as required
		if($username == "")
		{
			$errors[] = "Username is required.";
		}
		if($password == "")
		{
			$errors[] = "Password is required";
		}
		
		//End data validation
		if(count($errors) == 0)
		{
			//A security note here, never tell the user which credential was incorrect
			if(!usernameExists($username))
			{
				$errors[] = "Username or password is invalid";
			}
			else
			{
				$userdetails = fetchUserDetails($username);
			
				//See if the user's account is activation
				if($userdetails['Active']==0)
				{
					$errors[] = "Your account is not active. Check your emails / spam folder to find your account activation instructions.";
				}
				else
				{
					//Hash the password and use the salt from the database to compare the password.
					$entered_pass = generateHash($password,$userdetails['Password']);

					if($entered_pass != $userdetails['Password'])
					{
						//Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
						$errors[] = "Username or password is invalid";
					}
					else
					{
						//Passwords match! we're good to go'
						
						//Construct a new logged in user object
						//Transfer some db data to the session
						$loggedInUser = new loggedInUser();
						$loggedInUser->email = $userdetails['Email'];
						$loggedInUser->user_id = $userdetails['User_ID'];
						$loggedInUser->hash_pw = $userdetails['Password'];
						$loggedInUser->display_username = $userdetails['Username'];
						$loggedInUser->clean_username = $userdetails['Username_Clean'];
						
						//Update last sign in
						$loggedInUser->updateLastSignIn();
		
						$_SESSION['userCakeUser'] = $loggedInUser;
						
						//Redirect to user account page
						header('Location: account.php');
						die;
					}
				}
			}
		}
	}
?>
<?php
if(!empty($_POST) && count($errors) > 0)
{
	$list="";  
	   foreach($errors as $issue) $list.="<li>".$issue."</li>";
?> 
 
<div id="errors">
    <ol> 
    <?php echo $list; ?>
    </ol>
</div>
 
<?php } ?>
<fieldset style="width:50%">
<legend>Complete to Login</legend>
<div id="txtover">
<div align="center">
<br>
<br>
<br>
<br>

    <fieldset>
    <legend>Resend password</legend>
    <a href="forgot-password.php">Forgot Password</a>
    </fieldset>
    <br>
	<br>
    <form name="newUser" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
    
        <fieldset>
    <legend>Username</legend>
        <label for="user"></label> <input type="text" name="username" /><br />
    </fieldset>
    <br>
    <br>
        <fieldset>
    <legend>Password</legend>
        <label for="pass"></label> <input type="password" name="password" /><br />
	</fieldset>
	<br>
	<br>
	      <fieldset>
    <legend>Submit</legend>
        <input type="submit" value="Login" class="submit" />
        </fieldset>
        
    </form>
   
</div>
</div>
</fiedset>
<?php 
require_once('html_tail.php');
include("models/clean_up.php"); 
?>

**Dormilich** · Jan 6 '10, 04:51 PM

do you start the session anywhere?

**macdalor** · Jan 6 '10, 04:57 PM

yes in the "config.php " file (attached earlier on in the post)

**Dormilich** · Jan 6 '10, 05:14 PM

I doubt var_dump($_SESS ION); prints NULL …

**macdalor** · Jan 6 '10, 05:22 PM

I wish it didn't but unfortunately it does...see attached file

Attached Files

Picture 1.jpg (6.7 KB, 171 views)

login session not behaving

login session not behaving

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment