[Resolved] Log On Script... (remember this is posted in the n00bs for a reason...)

krs1

Hey, first of thanks for taking a look at this for me! I am attempting to create a log on script. I am able to get the script to connect and check the inputted information against mysql, and set a session tag. However when i try to read the session tag i get an error.... See what I mean @ My Test Logon (user is test, password is password 🆒 ). If you log in and hit check it kicks you out.... Any help?

<?php
//Get information from post
$user = $_POST['username']; 
$pass = $_POST['password'];

//Connect to DataBase
$dbHost = "xxx"; 
$dbUser = "xxx"; 
$dbPass = "xxx"; 
$dbDatabase = "xxx"; 

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass");
if (!$db) {
   die('Error Connecting To Database: ' . mysql_error());
}


//Select Database
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 


//Check User Info
$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db); 

$rowCheck = mysql_num_rows($result); 
if($rowCheck > 0){ 
while($row = mysql_fetch_array($result)){ 

//User and Password are good....
//Start session
session_start(); 
$_SESSION['user'] = '$user';
$_SESSION['passl']  = '$pass';

//successful login code will go here... 
  echo '<a href="checklogin.php"/>Check</a/><br/>'; 
  echo '<a href="Logout.php"/>Log Out</a/>'; 

  } 

  } 
  else { 

//Bad User and Pass 
$Error = "Logon Failed, Please Retry";
include 'index.html';
  } 

  ?>

checklogin.php

<?php
//Get session information
session_start();
$user = $_SESSION['user'];
$pass = $_SESSION['passl'];  

$dbHost = "lxxx"; 
$dbUser = "xxx"; 
$dbPass = "xxx"; 
$dbDatabase = "xxx"; 

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass");
if (!$db) {
   die('Error Connecting To Database: ' . mysql_error());
}


//Select Database
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 


//Check User Info
$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db); 

$rowCheck = mysql_num_rows($result); 
if($rowCheck > 0){ 
while($row = mysql_fetch_array($result)){ 

//User and Password are good....
  echo 'Your Good..... Display info now'; 

  } 

  } 
  else { 

//Bad User and Pass 
$Error = "Session Did not verify!";
include 'index.html';
  } 

  ?>

mrhappiness

you have to put session_start(); into every single file accessible via web

you hae to call session_start() every time the script gets called and not if you found some data in your database

krs1

Oops... sorry i fingered out that i missed putting the Session_start() in checklogin.php as soon as i posted it... (i have added it to my script and fixed my original post), however i still have my problem 🙁

mrhappiness

bad:

$_SESSION['user'] = '$user';
$_SESSION['passl']  = '$pass';

good:

$_SESSION['user'] = $user;
$_SESSION['passl']  = $pass;

and move session_start(); to the top of the script!

krs1

:p See I knew it would be something basic... Cheers!

krs1

Ah, now its not working...???!!!????!!!

mrhappiness

echo your SELECT to see if the values are what you expect them to be

//Check User Info
$sql = "select * from users where username='$user' AND password='$pass'";
echo $sql;
$result=mysql_query($sql, $db) or die(mysql_error());

output?

krs1

Its all good... Thanks Mr Happy!