[Resolved] Silly Sessions Question

geogal

Hello All,

I'm having issues with my login script. Basically, my protected page has an "included" login.php page. When the users enters the username/password correctly the first time, all is okay. But how do I pass the variable again if the login is incorrect? I am using sessions and have initialized the variable, but it doesn't seem to be working across pages.

I apologize if this is such a basic question. I've tried passing the variable in a hidden field to the protected page, but it isn't working. When I print out the variable, it's blank.

Here's the login.php page:

PHP

include ("../includes/include.php");
$id=$_GET['id']; <---- to determine content on protected page

session_set_cookie_params(3600); //set expire time
session_start();

// convert username and password from POST or SESSION
if($POST["username"])
{
$username=trim($POST["username"]);
$password=trim($POST["password"]);
$id=$GET["id"];

}
elseif($SESSION["username"])
{
$username=$SESSION["username"];
$password=$SESSION["password"];
$id=$GET["id"];

}

// start and register session variables
session_register("username");
session_register("password");
session_register("id");

// query for a user/pass match
//QUERY GOES HERE TO DB --- snip ---
$num=mysql_num_rows($result);

// print login form and exit if failed.
if($num < 1){
session_destroy();

//SHOW FORM
<form action="protectedpage.php" method=post>

On my "protectedpage.php" at the top I have:

<?
include("login.php")
$get_id=$_POST['get_id'];
?>

Printing out this variable is showing nothing. Any help on this will be greatly appreciated!

Thanks.

Geogal
🙂

pipe_girl

Are you referring to the "ID" variable? If so, it looks like when the login is not successful the session is destroyed. Instead of destroying, try unset() on all but the "ID" session variable.

// print login form and exit if failed.
if($num < 1){
unset($SESSION['username']);
unset($SESSION['password']);

🙂
Jamie

jayant

the way you are registering sessions is old way.
you should use

$SESSIONS['varname1']="value1";
$SESSIONS['varname2']="value2";
....

and so on.

pipe_girl

Or rather:

$_SESSION['varname1']="value1";

(not plural)

jayant

o yeah, my bad

$SESSION['varname1']="value1";
$SESSION['varname2']="value2";
....

pipe_girl

Tsk, tsk!

;-D

geogal

Thanks for the responses! I still am unable to get my $id variable registered. When I print out the $id, it is still blank. I know it's probably something basic I'm missing. Here is my modified code:

File 1: Login.php
// start session
session_set_cookie_params(3600); //set expire time
session_start();

// convert username and password from POST or SESSION
if($POST["username"])
{
$username=trim($POST["username"]);
$password=trim($POST["password"]);
$id=$GET["id"];

}
elseif($SESSION["username"])
{
$username=$SESSION["username"];
$password=$SESSION["password"];
$id=$SESSION["id"];

}

// start and register session variables
session_register("username");
session_register("password");
session_register("id");
$SESSION['username']=$username;
$SESSION['password']=$password;
$_SESSION['id']=$id;

// query for a user/pass match
$result=mysql_query("QUERY HERE");
$fetch_em = mysql_fetch_array($result);
// retrieve number of rows resulted
$num=mysql_num_rows($result);

// print login form and exit if failed.
if($num < 1){
//session_destroy();
unset($SESSION['username']);
unset($SESSION['password']);

Login Form Goes Here, posting to protectedpage.php

Do I have to put in a hidden field in my form, in case they fail the login by a typo? I tried with a hidden field in and without it and it didn't seem to matter. The form processing page, which uses this login script as an include, is not getting the $id passed. I need the $id to determine which content to show upon login.

Any other ideas? I'm thinking of trying another login script, but I really want to learn sessions more.

Thanks people!

Geogal🙂

ajmoore

You're not registering your session variables properly. You cannot use $SESSION and session_register together...it is one or the other. If you have register_globals turned off your session variables are registered like this:

$_SESSION['varname'] = "value";

If register_globals is on then its done like this:

session_register('varname');
$varname = "value";

You're using both, which is not going to work properly

geogal

Thanks everyone! I got it to work by adjusting my SESSION registration code, as advised. Everyone's advice really helped me understand what I'm doing a bit more.

I eventually used $id=$REQUEST['id']; as opposed to using $GET or $_POST, since I didn't know whether the user was correct on the initial password or not.

Thanks again!

Geogal