Problems with Sessions

DarkDuelist

I made a login script, and it works perfectly fine, it logs me in and out fine. But when I try to echo the $_SESSION['username'] it appears blank. Below are my script, can anyone help?

checklogin.php

<?
session_start();
require('in/conn.php');

$username = $_POST['username'];
$password = $_POST['password'];

//check if the username is in database
function confirmUsername($username, $password)
{
	global $connect;
	if(!get_magic_quotes_gpc())
	{
		$username = addslashes($username);
	}
	//verify username
	$query = "SELECT password FROM users WHERE username='".$_POST['username']."'";
	$result = mysql_query($query, $connect);
	if(!$result || (mysql_numrows($result) != 1))
	{
		return 1;
	}
	//get password
	$pword = mysql_fetch_array($result);
	$pword['password'] = stripslashes($pword['password']);
	$password = stripslashes($password);
	//verify password
	if($password == $pword['password'])
	{
		return 0;
	} else {
		return 2;
	}
}

//if they sent the login information, check if they are correct
if(isset($_POST['submit']))
{
	if(!$username || !$password)
	{
		die("You did not fill in the required fields.");
	}
	//check username and password
	$md5pass = md5($password);
	$result = confirmUsername($username, $md5pass);

//check errors
if($result == 1)
{
	die("That username does not exist in our database.");
} 
else if($result == 2) 
{
	die("The password you entered is incorrect, please try again.");
}

$date=date('F d, Y');
$lastlog="UPDATE users 
SET last_login = '$date' 
WHERE username = '$username'";
$updatelog=mysql_query($lastlog) or die("Invalid Query: [$lastlog] " . mysql_error());

//now if they are all correct, set their session
$username = stripslashes($username);
session_register('username');
session_register('password');
	$_SESSION['username'] = $username;
	$_SESSION['password'] = $md5pass;
	session_register('login');
	$_SESSION['login'] = 1;

echo "<script>window.location='link.php';</script>";
return;
}
?>

The login form is on another page.

So can anyone tell me why is it that the $_SESSION['username'] when being called turn blank?

The other page looked like this wheere I tried to call the session:

<?
session_start();
require('conn.php');
require('checklogin');
if($login == 1){
echo $_SESSION['username'];
} else {
echo "This area is for authorized members only";
?>

Thanks 🙂

drew010

Here is a quote from the php.net site:
"If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered(), and session_unregister(). "

You are mixing session_register with $SESSION. you need to use only one of those methods for a session. I would suggest $SESSION because that will work with register globals off, and session_register will not function on servers where register globals is off.

also, doing something like would be incorrect:

session_register('username');
session_register('password');
$SESSION['username'] = $username;
$SESSION['password'] = $md5pass;

$_SESSION['username'] = $username;
is exactly the same as
session_register('username');
so in a sense, you are registering the same thing two times, and also using two different methods that cant be used together.

DarkDuelist

yeah, that was my original script, it didn't work so I added the session_register()

Removed it and it still wouldn't work

DarkDuelist

I'm planning to fix it to this:

$query = "SELECT username, password FROM app WHERE username = '".$_POST['username']."'";
$result = mysql_query($query) or die("Invalid Query: [$query] " . mysql_error());
while($row = mysql_fetch_array($result)){
        $row['username'] = stripslashes($row['username']);
        $_SESSION['username'] = $row['username'];
        $_SESSION['password'] = $row['password'];
}
session_register('login');
$_SESSION['login'] = 1;

Would that help, maby?

drew010

that looks good except for the last part. change
session_register('login');
$SESSION['login'] = 1;
to
$SESSION['login'] = 1;

i havnt expiremented but i think using both of those will wreck your session if one exists.

DarkDuelist

that didn't work either...