session() code hang-up, can you see a problem?

peanutgallery83

I have 3 files set up for logging in to my site and displaying data while storing session information. index.php validation.php which stores the variables, and includes/authentication.php which checks if the user has a session, if not it displays the login form, if they are, then it is supposed to display links the user can access.

The first part works, if I go to index.php it will display the form to log in. I enter the information, and press "Login", it sends the form and displays at the top of the page "Welcome to the site landiswiley" as its supposed to based on the username used to log in.

However, it doesn't display the information, it is redisplaying the login form.

If you want to try it:
www.refphotos.com
Username: mjahemi
ID: 9
Password: welcome

The code for the 3 pages is as follows, can you see where it might be getting hung up?

Please help!

############index.php#############

<?php

include('includes/authentication.php');

?>

<html>
<head>
<title>ECISOA Member Login Area</title>
</head>
<body>

<center><b>Welcome to the Site<?php echo " $username" ?>!</b></center>
<hr>
<br>
<br>
<?php echo "$authentication"; ?>
<br>
<br>

</body>
</html>

############authentication.php#############

<?php

// Session Start Code //
session_start();

if (empty($_SESSION['code'])) {
    // Define Variables //
    $db_name = "refphoto_testdb";
    $table_name = "reflist";

// Connect to Database //
$connect = @mysql_connect("localhost","refphoto_testdb","08291983") or die(mysql_error());
$db = @mysql_select_db($db_name,$connect) or die(mysql_error());

$authentication = "
   <form method=POST action=\"$_SERVER[PHP_SELF]\">

<P><strong>Username:</strong><br>
<input type=\"text\" name=\"username\" size=25 maxlength=25></p>
<P><strong>Referee ID:</strong><br>
<input type=\"text\" name=\"code\" size=10 maxlength=10></p>
<P><strong>Password:</strong><br>
<input type=\"password\" name=\"password\" size=25 maxlength=25></p>

<P><input type=\"submit\" name=\"submit\" value=\"login\"></p>
</form>
        ";

} else {
    // Define Variables //
    $db_name = "refphoto_testdb";
    $table_name = "reflist";
    $code = $_SESSION['code'];
    $logged_in = "Yes";

// Connect to Database //
$connect = @mysql_connect("localhost","refphoto_testdb","08291983") or die(mysql_error());
$db = @mysql_select_db($db_name,$connect) or die(mysql_error());

// Create Logged In User Data Query //
$user = "SELECT * FROM $table_name WHERE id = '$code'";
$user_result = @mysql_query($user,$connect) or die(mysql_error());

while ($row = mysql_fetch_array($user_result)) {
    $fname = $row['f_name'];
    $lname = $row['l_name'];
    $email = $row['email'];
	$username = $row['username'];
	$code = $row['id'];
    // ... etc.  Anything else you may want to grab as a global variable //
	}

$authentication = "
    <h1>Referee Management System</h1><br><h2><em>Referee Access Panel</em></h2>
<P><strong>Assignments</strong>
<ul>
<li><a href=\"show_assignments.php\">View Your Assignments</a>
<li>Update Your Availability - Not Available</a>
</ul>
<P><strong>Personal Information</strong>
<ul>
<li><a href=\"show_assigngames.php\">View Your Account Information</a>
<li><a href=\"show_assigngames.php\">Edit Your Account Information</a>
</ul>
<P><strong>Other Information</strong>
<ul>
<li><a href=\"show_addreferee.php\">Meeting Attendance</a>
<li><a href=\"show_refereebyname.php\">View Referee List</a>
</ul>
        ";
}

?>

############validation.php#############

<?php

// Start Session //
session_start();

if ((!$_POST[username]) || (!$_POST[password]) || (!$_POST[code])) {
    header("Location: index.php");
    exit;
}

// Define Variables //
$db_name = "refphoto_testdb";
$table_name = "reflist";
$username = $_POST[username];
$password = $_POST[password];
$code = $_POST[code];

// Create Database Connection //
$connect = @mysql_connect("localhost", "refphoto", "08291983") or die(mysql_error());
$db = @mysql_select_db($db_name, $connect) or die(mysql_error());

// Create Login Query //
$sql = "SELECT * FROM $table_name WHERE username = '$username' AND password = '$password' AND id = '$code'";
$result = @mysql_query($sql, $connect) or die(mysql_error());

$lognum = mysql_num_rows($result);

if ($lognum == "1") {
    $display_results = "Welcome back, $username!<br><br><a href=index.php>Back to Main Page</a>";
    $_SESSION['code'] = $code;
} else {
    $display_results = "You are not an authorized member!<br><br><a href=index.php>Back to Main Page</a>";
}

?>

RossC0

Hi,

I can't see logically where you are handling the Posted variables and setting:

if(empty($_SESSION['code']))

So to satisfy the if statement.

As far as I can tell as soon as the page is posted and you haven't had chance to set it and determine if the user has access.

Also I can't see where / how you are using validation.php which sets $_SESSION['code']

🙂