Seriously frustrated. =(

Sotonin

I have recently gotten into PHP and MySQL, reading a lot and going through tutorials. I am working on my user authentication system.

It works fine as far as detecting a proper user and directing them to the right places. But for some reason my variables aren't being carried over properly. like if i click a link to another page (uses same template for sessions) the $uid variable and others arent found. and on account.php if i log in there it shows me logged in on the login panel, but if i run a variable check on the main page it thinks im not.

If you want to try it and see what i mean, it's located at http://www.pakao.com

Dont even bother clicking the Login or Logout text link at top. Just use the block on the side of the page.

Here is the code for all related files. (Bear with me, lots of different files).


<?php // [SIZE=2]db.php[/SIZE]

$dbhost = "myhost"; 
$dbuser = "myuser"; 
$dbpass = "mypw"; 

function dbconnect($db="") { 
   global $dbhost, $dbuser, $dbpass; 

   $dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass) 
       or die("The site database appears to be down."); 

   if ($db!="" and !@mysql_select_db($db)) 
       die("The site database is unavailable."); 

   return $dbcnx; 
}

include("check_login.php");

?>


<?php // [SIZE=2]check_login.php[/SIZE]

session_start();

if(!isset($uid)) {
	$_SESSION["logged_in"] = 0;
	return;
}

dbconnect("mydb");

$pass = mysql_query("SELECT Password FROM Users WHERE Userid = '$uid'");

if (!$pass) {
  error("A database error occurred while checking your ".
        "login details.\\nIf this error persists, please ".
        "contact [email]webmaster@pakao.net[/email].");
} else {

if ($pass != Password) {
	unset($_SESSION["uid"]);
	return;
} else {
	$_SESSION["logged_in"] = 1;
}
}
?>


<?php   // [SIZE=2]index.php[/SIZE]

include("../phpinc/db.php");
include("check_login.php");
include("../phpinc/common.php");
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Pakao.net</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body bgcolor="#993333">
<?php 
include("../phpinc/top.inc");
include("home.inc");
?>

<?php 
dbconnect('pakaocom');

$newssql = "SELECT News.ID, NewsTitle, NewsText, NewsDate, Userid, Email
             FROM News, Users
             WHERE UID=Users.ID";


$news = @mysql_query($newssql);
if (!$news) {
  echo("</tr></table></td>");
  echo("<p>Error retrieving data from database!<br />".
       "Error: " . mysql_error() . "</p>");
  exit();
}

while ($ndata = mysql_fetch_array($news)) {

  $id = $ndata["ID"];
  $newstitle = $ndata["NewsTitle"];
  $newstext = $ndata["NewsText"];

  // Finally, make it safe to display in an HTML document


  $userid = htmlspecialchars($ndata["Userid"]) ;
  $email = $ndata["Email"];
  $newsdate = $ndata["NewsDate"];

  echo("<p><table width=\"95%\" border=\"1\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" bordercolor=\"#993333\"><tr><td>");
  echo("<table width=\"100%\" height=\"100%\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\"><tr><td height=\"34\" colspan=\"4\">");
  echo("<table width=\"97%\" border=\"0\" align=\"center\" cellpadding=\"3\" cellspacing=\"3\"><tr>");
  echo("<td><div align=\"left\"><font color=\"#000000\" size=\"4\" face=\"Tahoma\"><strong>$newstitle</strong></font>");
  echo("<br \><font color=\"#000000\" size=\"1\" face=\"Tahoma\">Posted by $userid on $newsdate PST</font></div></td></tr></table></td></tr>");
  echo("<tr><td colspan=\"4\"><table width=\"97%\" border=\"0\" cellpadding=\"3\" cellspacing=\"0\"><tr><td><div align=\"left\"><font size=\"3\" face=\"Tahoma\">$newstext");
  echo("</font></div></p></td></tr></table></td></tr></table></td></tr></table></p>");
}
?>

  <td height="34" valign=top><img src="images/block-ph.gif" width="200" height="2">

<?php

if($_SESSION["logged_in"] == 0) {
	if(!isset($uid)) {
		display_login();
	} else {
	login($uid, $pwd);
	}
} else {
	logout($loginsql);
}


?>
<img src="images/block-ph.gif" width="200" height="2">
  </td>
  <td>&nbsp;
  </td>
</tr>

<?php
include("../phpinc/bottom.inc");
?>
</body>
</html>

<?php  // [SIZE=2]account.php[/SIZE]

include("../phpinc/db.php");
include("check_login.php");
include("../phpinc/common.php");
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Pakao.net</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body bgcolor="#993333">
<?php 
include("../phpinc/top.inc");
include("account_inc.php");
?>

<?php 

echo(session_id());

if($_SESSION["logged_in"] == 0) {
	echo("<p>$logged_in You must be logged in to use this feature! Click <a href=\"login.php\">here</a> to log in! If you don't have an account, click <a href=\"signup.php\">here to create one.<br /></p>");
} else {

dbconnect('pakaocom');

if ($submitm) { // The user's details have
	          // been updated.

  $sql = "UPDATE Users SET
	      Userid='$userid',
    	  First='$fname',
          Last='$lname',
          Email='$email'
          WHERE ID=$id";

if (@mysql_query($sql)) {
	echo("<p>Account details updated.</p>");
} else {
	echo("<p>Error updating account details: " .
	mysql_error() . "</p>");
}

} else {

$usersql = "SELECT Userid, First, Last, Email
			FROM Users WHERE Userid='$uid'";

$user = @mysql_query($usersql);
	if (!$user) {
		echo("</tr></table></td>");
		echo("<p>Error retrieving data from database!<br />".
		"Error: " . mysql_error() . "</p>");
		exit();
	}
}
$userid = $user["Userid"];
$fname = $user["First"];
$lname = $user["Last"];
$email = $user["Email"];

$userid = htmlspecialchars($userid);
$fname = htmlspecialchars($fname);
$lname = htmlspecialchars($lname);
$email = htmlspecialchars($email);

?>

<form action="<?=$PHP_SELF?>" method="post">
<p>Your Account:<br />
Userid: <input type="text" name="userid" value="<?=$userid?>" size="20" maxlength="255"><br />
First: <input type="text" name="fname" value="<?=$fname?>" size="20" maxlength="255"><br />
Last: <input type="text" name="lname" value="<?=$lname?>" size="20" maxlength="255"><br />
Email: <input type="text" name="email" value="<?=$email?>" size="20" maxlength="255"><br />
<input type="hidden" name="id" value="<?=$id?>" />
<input type="submit" name="submitm" value="SUBMIT" /></p>
</form>

<?php
}
?>

  <td height="34" valign=top><img src="images/block-ph.gif" width="200" height="2">

<?php

if($_SESSION["logged_in"] == 0) {
	if(!isset($uid)) {
		display_login();
	} else {
	login($uid, $pwd);
	}
} else {
	logout($loginsql);
}

?>
<img src="images/block-ph.gif" width="200" height="2">
  </td>
  <td>&nbsp;
  </td>
</tr>

<?php
include("../phpinc/bottom.inc");
?>
</body>
</html>

[/SIZE]

marque

session_start(); must be at the top of each rendered page.

Sotonin

It is. each page (index,php and account.php) includes check_login.php which has session_start();