Help me with this sessions problem

Archbob

if(!session_register("Admin"))
   {
print "not logged in ";
   }
else
{
print "logged in";
}

Now there is no session and it doesn't print "not logged in" and keeps printing "logged in".

What am I doing wrong? Help!!

thewonderfulone

Mm, hsouldn't you register the session somewhere else, and then use something like

if($_SESSION['admin'] == "" || !$_SESSION['admin'])
   {
print "not logged in ";
   }
else
{
print "logged in";
}

to check for the session variable?

suntra

Did you write session_start() in your code before checking if a certain session variable is registered ??

Cagez

Originally posted by suntra
Did you write session_start() in your code before checking if a certain session variable is registered ??

But even if he didn't, it should still evaluate to false, shouldn't it? If it hasn't been started, the variables' not there...

suntra

if(!session_register("Admin"))
   {
print "not logged in ";
   }
else
{
print "logged in";
}

If you use session_register, it will register a variable, it won't check if a variable is registered... you should use session_is_registered()...

lobobr

This is totally wrong. You are checking for the ability of registering a session var.

Since the script is able to register it, it will ALWAYS evaluate to true.

First of all, you must put this in the first line of your script:

session_start();

then, you could use isset to detect if the session var exists:

if (isset($_SESSION['Admin']))
{
echo "logged in";
}
else
{
echo "not logged in";
}

You can even check for the value of a session var, e.g.:

if ($_SESSION['Admin'] == "logged in")
{
echo "logged in";
}
else
{
echo "not logged in";
}

Best regards,

Archbob

Thanks guys.

Archbob

Okay, fiddling with this long enough(several hours) and I still don't know how to check if a user is logged in, My authentications script is like this and it works fine.

<?

include "common.php";

if (isset($submit)) // name of submit button
{
    $query = "select * from cl_logintable where username='$username' and password='$password'"; 
    $result = mysql_query($query) ;

$isAuth = false; //set to false originally

while($row = mysql_fetch_array($result))
{
    if($row['username'] === $username) 
    {
        $isAuth = true;
         session_start();
          session_register($username);
    }  
}  

if($isAuth)
{
            print "logged in successfully";
}
else
{
print "Wrong username or password";
}
}

?>

Now when I go to other pages, how do I check if the user is logged in or not?

This code didn't work:

<?
include "common.php";
session_start();
$SQL="select username FROM cl_logintable";

$result = mysql_query($SQL) ;


while($a=mysql_fetch_array($result))
{
if(!session_is_registered($a['username']))
   {

  print "not logged in ";
   }
else
   {

 print "Logged in";

  break;
   }

}





?>

Help!!

lobobr

Ok, let's do this. First of all, a little tip: instead of checking if the form was submitted by verifying the $submit var, I personally prefer this:

if (count($POST) > 0) // If you use GET just change to $GET
{
echo "form submitted";
}

Note: Take a good look at PHP's predefined variables at http://www.php.net/manual/en/language.variables.predefined.php since you will use it a lot, and not only for sessions.

Ok, now to the real problem:

Once the user logs in, you register a $username var as a session var, so it's quite simple. In the next pages all you have to do is to check if this session var exists, like this:

session start(); // This must be ALWAYS the first line of code

if (isset($_SESSION['username']))
{
echo "User is logged in";
}
else
{
echo "Hey you're not logged in yet, man!";
}

Notice that if you already registered a session var (and you did, in this case) there is no need at all to check against the database.

Now a nice tip: If you want you can use this piece of code with $POST (for each form field) or $SESSION (for each session var) to use these vars like if they were previously setted in your code. Take a look:

foreach ($_SESSION as $key => $val)
{
$$key = $val; //this is a cool thing: a variable variable
}

So, if you have like dozens of session vars you can call them directly, e.g.:

Instead of $_SESSION['username']
you can use $username!

Take a good reading. I hope I don't get misunderstood, you're going in the right way, but you should really brush up with some PHP book or on-line reference, since you're doing some simple mistakes in your code.

Hope it helps you. Good luck!😉

suntra

I think

session_register($username)

should be

session_register("username")

Also, as I said it before in this post, DON'T mix session_register() with $SESSION. If you use $SESSION, you must not use session_register(). Personnally, I did it and nothing was inserted in the session variables, they were empty !

Also, you can check in the temporary session directory. Open the most recent file (after you've tested your script), check in it, and look if variables are present, and if yes, are their values there ?

I hope it'll help.

Archbob

I'll try these, thanks. This stuff is confusing me.

lobobr

I think you're right at one point, but wrong in the other.

session_register should be without the dollar sign, since it requires a string and not a variable.

About session_register and $_SESSION, here's what I do:

My login.php script starts doing this:

<?php
session_start();
session_register("userid","username","usertype");

global $userid;
global $username;
global $usertype;

...

Then, I make a select in the database to verify the username and password provided in the form.

If they're correct, I call a function that "populates" the session vars with values coming from the database. I use a little trick to make sure that the session vars will be registered correctly:

Inside this function I put this:

if (!isset($SESSION['username']))
{
$SESSION['username'] = $db_username;// value from the db
$username = $_SESSION['username'];
}

and later on, on each page I do the following:

session_start();

if (!isset($SESSION['userid'], $SESSION['username'], $_SESSION['usertype']))
{
session_destroy();
Lock();// function that reprints the login page
}

I've never had any problems with this.

regards,

Archbob

It works, I love you all!!!