Sessions and LoginPassword

Jabbamonkey

I have a simple login/password section. Basically, when someone logs in, the session should allow them to stay logged in while they sufe the site .... however, everytime the user leaves a page, and goes to another secure page, they are prompted for a username and password.

Please help...

<?
// Check to see if session variables are transfered
echo "Client: ".$_SESSION['clientnumber']."<br>";
echo "Username: ".$_SESSION['username']."<br>";
echo "Password: ".$_SESSION['password']."<br>";
echo "Logged In: ".$_SESSION['logged_in']."<br>";
echo "Prop ID: ".$id."<br><hr><br>";

if($submitted==1)
{
    // Register Variables
    session_register("username"); 
    session_register("password"); 
    session_register("clientnumber"); 
    session_register("logged_in"); 
    session_register("id"); 
}

// Query to see if username exists, and obtain password for verification
$thequery = "SELECT logid, username, password FROM userinformation WHERE username='".$username."'";
echo "Query: ".$thequery."<br>"; // Check query
$sql = mysql_query($thequery);
$fetch_em = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);

echo "Num Rows: ".$numrows."<br>"; // Check number of rows. Should be "1" if valid
echo "Session Pass: ".$_SESSION['password']."<br>"; // Check session password
echo "Fetched Pass: ".$fetch_em["password"]."<br>"; // Check table password

// Confirm if password is correct, and user exists
if($numrows!="0" && $_SESSION['password']==$fetch_em["password"]) 
{
    $valid_user = 1;
    $logged_in = 1;
    $clientnumber = $fetch_em["logid"]; // Set clientnumber
} else {
    $valid_user = 0;
}

// If not valid info, erase session. Otherwise, set logged in
if (!$valid_user || !$_SESSION['username'] || !$_SESSION['password'])
{
    if(!$valid_user)
    {
    session_unset();   // Unset session variables.
    session_destroy(); // End Session we created earlier.
    }
    $logged_in = 0;
} else {
    $logged_in = 1;
}

echo "Logged: ".$logged_in."<br>"; // Check for logged in

// FORM - If not logged in
if($_SESSION['logged_in']==0)
{

if($numrows=="0") 
{
    $errormessage = "Username not in database.<br>Please contact your broker.";
} elseif($password!=$fetch_em["password"]) {
    $errormessage = "Password does not match.";
} elseif($username) {
    $errormessage = "Username field missing.<br>Please try again.";
}

if($errormessage && $submitted==1)
{
    ?>
    <center>
    <span class="text2_red"><b>Error:</b></span><br>
    <span class="text1_red"><?php echo $errormessage; ?></span>
    </center>
    <?php
}
?>

<table border="0" align="center" cellspacing="3">
  <form action="<?php echo $PHP_SELF; ?>" method="POST">
    <tr> 
      <td colspan="2" align="left" valign="middle"><img src="images/login_box.gif" width="194" height="27"></td>
    </tr>
    <tr> 
      <td width="65" align="right" valign="middle"><img src="images/login_username.gif" width="65" height="19"></td>
      <td width="120" align="left" valign="middle"> 
        <input name="username" type="text" size="15">
      </td>
    </tr>
    <tr> 
      <td width="65" align="right" valign="middle"><img src="images/login_password.gif" width="65" height="19"></td>
      <td width="120" align="left" valign="middle"> 
        <input name="password" type="password" size="15">
        <input name="submitted" type="hidden" id="submitted" value="1"></td>
    </tr>
    <tr> 
      <td colspan="2" align="right"><input type="submit" value="Login">
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
    </tr>
  </form>
</table>
<?php
}
?>

And an example of a "private" page...

<?php session_start(); ?>
<html>
<head>
<title>Page Title</title>
</head>
<body>
<?php include("includes/topnav.php"); ?>
<?php include("includes/db_info.php"); ?>
<?php include("includes/login.php"); ?>
<?php
// IF LOGGED IN - START
if($logged_in==1)
{
  ?> Here is some private info. If no private info, then login.php will show the login form. <?php
}
?>
<?php include("includes/botinfo.php"); ?>
</body>
</html>

Now, if I go to a private page. I get promoted for a username and password. When I enter the info, I am shown the private info on that page. BUT, if I just to another "private" page (after being logged in), the session variables dont get transfered and I am prompted for a username and password again.

Please help. This is driving me CRAZY!

Jabbamonkey

rachel2004

Could you post your code (only the relevant code) using the PHP highlighting syntax? It will make it easier for me to read your code on a monitor.

Also, what version of PHP are you running? I notice you are using

session_register("value")

but depending on what version of PHP you are running, it will be better to do

$_SESSION['something'] = "value";

It seems your version of PHP would support it since you are using the superglobal $_SESSION early in the code you posted.

Jabbamonkey

I editted the code above, so you should be able to read it with the PHP colors.

Anyway, I've done some reading abour sessions, and thought that session_register('something') was for designating new variables (but not for designating the values). Several examples showed...

session_register("foo");
$foo = "bar";

And then "bar" would be the value of $foo as long as the session was in place (and as long as it wasn't changed). I also thought that $_SESSION['something'] was used to call these variables from the session. So, if I wanted to call $foo, and print the session value, I would do...

echo $_SESSION['foo']; // This would print 'bar'

Are my assumptions correct? I read a bunch of articles, and this is what I got from it. Let me know.

Jabbamonkey

I've been looking around some more. It says that is something isn't configured in my PHP, then I need to use $_SESSIONS rather than session_register(). So, I switched those out ... but it's still not working....

rachel2004

What is your version of PHP?