sessions not working

Hoangsta

i don't know how to resolve tis issue. maybe i'm not understanding enough about sessions. my final goal is to have the user's name appear when they log in. that's it.

from my login.php page:

<?php
session_start();
// When you go back, the information is still there...IE 6 Fix.
header("Cache-control: private"); // IE 6 Fix. 
// Get the user's input from the form
$name = $_POST['user_name'];

// Register session key with the value
$_SESSION['user_name'] = $user_name;
?>
<?php
require_once('login_funcs.php');

<P CLASS="bold">LOGIN</P>
<FORM ACTION="$php_self" METHOD="POST">
<P CLASS="bold">Username<BR>
<INPUT TYPE="TEXT" NAME="user_name" VALUE="" SIZE="10" MAXLENGTH="15"></P>
<P CLASS="bold">Password<BR>
<INPUT TYPE="password" NAME="password" VALUE="" SIZE="10" MAXLENGTH="15"></P>
<P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"></P>
</FORM>
?>


from my index.php page:

<?php 
// start the session 
session_start(); 
header("Cache-control: private"); //IE 6 Fix 
?> 
Welcome <? echo $_SESSION['user_name']; ?>


my 'login_funcs.php'' has no sessions whatsoever. it's there to validate the login process.

what am i doing wrong?

BuzzLY

Originally posted by Hoangsta
what am i doing wrong?

You aren't telling us what DOES happen... describe the problem, and what happens when the user clicks the Login button.

benson

When is see this part in your code:

<?php 
require_once('login_funcs.php'); 

<P CLASS="bold">LOGIN</P> 
<FORM ACTION="$php_self" METHOD="POST"> 
<P CLASS="bold">Username<BR> 
<INPUT TYPE="TEXT" NAME="user_name" VALUE="" SIZE="10" MAXLENGTH="15"></P> 
<P CLASS="bold">Password<BR> 
<INPUT TYPE="password" NAME="password" VALUE="" SIZE="10" MAXLENGTH="15"></P> 
<P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"></P> 
</FORM> 
?>

I see that you're trying to get html output between php tags and that won't work.
make it:

<?php 
require_once('login_funcs.php'); 
?>
<P CLASS="bold">LOGIN</P> 
<FORM ACTION="<?php echo $php_self; ?>" METHOD="POST"> 
<P CLASS="bold">Username<BR> 
<INPUT TYPE="TEXT" NAME="user_name" VALUE="" SIZE="10" MAXLENGTH="15"></P> 
<P CLASS="bold">Password<BR> 
<INPUT TYPE="password" NAME="password" VALUE="" SIZE="10" MAXLENGTH="15"></P> 
<P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"></P> 
</FORM> 
<?php

Hoangsta

when a user logs in, it will take them to the member's page, but their user_name will not appear..

output from index.php

Welcome

Stoned_Gecko

// Get the user's input from the form
$name = $_POST['user_name'];

// Register session key with the value
$_SESSION['user_name'] = $user_name;

That won't work. Note you're assigning the posted data to $name, but you're registering $user_name with the session ... 2 different vars. Should be this:

// Get the user's input from the form
$user_name = $_POST['user_name'];

// Register session key with the value
$_SESSION['user_name'] = $user_name;

Hoangsta

thank you all. it works now that i have my $name to $user_name thank again all

Hoangsta

hi again, i'm coming into another situation...

Unregistering Session Variables and Destroying a Session

i tried tis in my index.php

<?php 
// start the session 
session_start(); 
header("Cache-control: private"); //IE 6 Fix 

$_SESSION['user_name'] = false;
if($_SESSION['user_name']){
	echo "session registered";
	}
	else
	{	
echo "ok, session is not registered";

echo "<a href=http://www.urcompany.com/login.php>Login</a>";
}
?> 
<? echo $_SESSION['user_name']; ?>

i don't understand the purpose of this....i thought it would not allow me to go into my member's page without going directly from the login....if i cut and paste the member's link...i can go there without having to go from my login.php.  

Destroying a session.... do I add this to my index.php too?

<?php 
// start the session 
session_start(); 
header("Cache-control: private"); //IE 6 Fix 
$_SESSION = array(); 
session_destroy(); 
echo "Destroy This Session"; 
if($_SESSION['user_name']){ 
    echo "The session is still active"; 
} else { 
    echo "Ok, the session is no longer active! <br />"; 
echo "<a href=http://www.urcompany.com/login.php>Login</a>";
} 
?> 


and add tis code to my logout.php ...???

<? 
session_start(); 
$_SESSION = array(); 
session_destroy(); 
?>

Stoned_Gecko

Of course you can go there without having to login. It's a web page, there is nothing to stop it. It's up to your scripts to make sure the user is login. At the top of every script you need to make sure that the user is logged in. You can do that by checking the session variable(s). If the variable is not there, then you redirect to the login script. If the variable is there, then the rest of the script executes. See how that works?

As far as destroying the session, you don't really need to unset the variables. Just destroy the session, and it will be gone.