Sessions...argghh

dst101

The scenario is this:
news_login.php

			<form name="login" method="post" action="news_check.php">
			<table width="325" cellpadding="3" cellspacing="1" border="0">
			<tr>
			<td width="40%" align="right" class="text">Username:</td>
			<td width="60%"><input type="text" class="text" name="userid" size="30" maxlength="20"></td>
			</tr>

		<tr>
		<td align="right" class="text">Password:</td>
		<td><input type="password" class="text" name="password" size="30" maxlength="10"></td>
		</tr>

		<tr>
		<td>&nbsp;</td>
		<td><input type="reset" class="text" value="reset">&nbsp;<input type="submit" class="text" value="Submit >>"></td>
		</tr>
		</form>
		</table>

news_check.php

<?php
	include('../../ssi/mysqlCredentials.php');
 $connection = mysql_connect('localhost', $db_user, $db_pass) or die(mysql_error());
	  mysql_select_db('$database', $connection) or die(mysql_error());	  

//set up the query
  $sql = "SELECT * FROM login WHERE userid='$userid' AND password='$password'";

  $result = mysql_query($sql) or die ("Unable to get results.");

  $num = mysql_numrows($result);

if ($num){

	//STARTING SESSIONS
	session_start();
	session_register("userid");
	session_register("password");

	//IF SUCCESS GO TO UPLOAD (news_upload.php)
    header('Location: news_upload.php');
} 
else 
{
	//GO TO BACK TO LOGIN PAGE(news_login.php)
    header('Location: news_login.php');

}
?>

then it just kicks me back to the news_login.php.
register_sessions.php (which is located on each page after 'news_check.php' as an include file)

<?php
//REGISTERING SESSIONS
session_start();
// is the one accessing this page logged in or not?
if (!isset($_SESSION['userid']) || $_SESSION['password'] !== true) 
{
	//not logged in? Move to login page
	header('Location: news_login.php');
	exit;
}
/*OLD CODE
if (!$_SESSION['userid'] || !$_SESSION['password']) 
{
	// WHAT TO DO IF THE USER HASNT LOGGED IN
	// WE JUST REDIRECT THEM TO THE LOGIN PAGE.
	header('Location: news_login.php');
	die();
}
*/ 
?>

Can anyone help me out, I have been stuck on this for two days now.

Thanks

thorpe

register_sessions.php (which is located on each page after 'news_check.php' as an include file)

session_start() needs to be called before any other code, so you need to include it first.

also, take note that session_register() has long been depricated and should not be used.

dst101

Thank you for your prompt reply!

Sorry that was a mixup, I do have the code (session_start()) at the top of each page.
What I meant was that I have this in an include file on each of my pages after the user goes through the log in process.

Should I omit the session_register then?

Thanks

thorpe

yeah... dont use session register.

you still havent told us what your problem is though.

dst101

The problem is; I cannot get any further than the login screen (news_login.php) when using these sessions, even when I am the right login credentials.

(below is the sequence of pages)
news_login.php -> news_check.php-> news_upload.php

It gets to news_check.php then goes to news_upload.php and kicks me back to the news_login.php screen.

Any clearer?

zbee

I think I see what your problem is. You are registering your session variables but you are not asigning any values to them. Instead of:

if ($num){

    //STARTING SESSIONS
    session_start();
    session_register("userid");
    session_register("password");

    //IF SUCCESS GO TO UPLOAD (news_upload.php)
    header('Location: news_upload.php');

try

if ($num){

    //STARTING SESSIONS
    $_SESSION['userid'] = $userid;

    //IF SUCCESS GO TO UPLOAD (news_upload.php)
    header('Location: news_upload.php');

I'd advise you not to register your password as a session variable so just verify that the $SESSION['userid'] is set on your register_sessions.php file:

<?php
//REGISTERING SESSIONS
session_start();
// is the one accessing this page logged in or not?
if (!isset($_SESSION['userid']) ) 
{
    //not logged in? Move to login page
    header('Location: news_login.php');
    exit;
}

?>

Hope that helps.

halojoy

I suggest
the following changes in
news_check.php

<?php
//START SESSION
session_start();

// get values from POST login form
$userid = $_POST[ "userid" ];
$password = $_POST[ "password" ];

include('../../ssi/mysqlCredentials.php'); 
$connection = mysql_connect('localhost', $db_user, $db_pass) or die(mysql_error()); 
mysql_select_db('$database', $connection) or die(mysql_error());       

//set up the query 
$sql = "SELECT * FROM login WHERE userid='$userid' AND password='$password'"; 

$result = mysql_query($sql) or die("Unable to get results."); 
$num = mysql_numrows( $result ); 

// I guess your  if($num)  will work, but .....
if ( $num > 0 ) { 
        // SUCCESS store userid and password=TRUE, then GOTO news_upload.php
        $_SESSION[ "userid" ] = $userid; 
        $_SESSION[ "password" ] = TRUE; 
        header('Location: news_upload.php'); 
        exit;
}  

else  { 
        // GO BACK TO LOGIN PAGE, news_login.php
        header('Location: news_login.php'); 
        exit;
}

exit;

?>

dst101

zbee I tried what you suggested, but I get a parse error, seems it doesnt like:

$_SESSION['userid'] = '$userid';

halojoy I also tried what you suggested and I got a parse error also:

$userid = $_POST['userid'];

Thanks guys, not my day!!!

zbee

$_SESSION['userid'] = $_POST['userid'];

dst101

Still doesn't like this:

$_SESSION['userid'] = $_POST['userid'];

Ok I going to ask maybe a silly question; does this have anything to do with my version of PHP?
I am using 4.3.11

Thanks for bearing with me...

zbee

No, the version doesn't have anything to do. By the way, what's the output (error)?

dst101

on news_check.php I am getting this:

Parse error: parse error in /my_directory/news/news_check.php on line 45

Driving me and probably you nuts.

halojoy

Originally posted by halojoy
I suggest
the following changes in
news_check.php

<?php
error_reporting( E_ALL );
//START SESSION
session_start();

// get values from POST login form
$userid = $_POST[ "userid" ];
$password = $_POST[ "password" ];

include('../../ssi/mysqlCredentials.php'); 
$connection = mysql_connect('localhost', $db_user, $db_pass) or die(mysql_error()); 
mysql_select_db('$database', $connection) or die(mysql_error());       

//set up the query 
$sql = "SELECT * FROM login WHERE userid='$userid' AND password='$password'"; 

$result = mysql_query($sql) or die("Unable to get results."); 
$num = mysql_numrows( $result ); 

// I guess your  if($num)  will work, but .....
if ( $num > 0 ) { 
        // SUCCESS store userid and password=TRUE, then GOTO news_upload.php
        $_SESSION[ "userid" ] = $userid; 
        $_SESSION[ "password" ] = TRUE; 
        header('Location: news_upload.php'); 
        exit;
}  

else  { 
        // GO BACK TO LOGIN PAGE, news_login.php
        header('Location: news_login.php'); 
        exit;
}

exit;

?>

<?php
error_reporting( E_ALL );
//START SESSION
session_start();

// get values from POST login form
$userid = $_POST[ "userid" ];
$password = $_POST[ "password" ];

Well, I tell you:
It is not from MY ADDITIONS you get error

Parse error, you say
What is that????????

A php error tells us more than that
What error, what it had expected, instead
what php page, line number .....

To get all notices we can from your bad script,
I now have suggested the cange above: E_ALL

And I tell you, if you get any parse errors from My Additions
I will resign from www.phpbuilder.com - right away
Why you get erros, I am almost sure,
is because you have not MADE all the changes I told you
in news_check.php

But if you do not want to fix this now,
go on and do not listen to any more advices from ME,
halojoy

good Luck
:evilgrin:

Drakla

As an aside, if after you've made your modifications it still doesn't work, do a [man]session_write_close/man; before your header('Location:...');

I get on quite nicely without it, but some people don't so give it a go.

dst101

halojoy

I didn't mean to offend you in any way and if I did, my appologies.

I have made your changes, but I am still getting a parse error, even with

error_reporting(E_ALL);

What is going on, I thought this was meant to report detailed errors??:mad:

zbee

Not saying halojoy's polite ways are the way to respond on this kind of forum, but he's got a point. We do need a more detailed error output to help you out.

dst101

I know, I know...

Honestly all that it reports is this damn parse error.
Even with error_reporting(E_ALL);

I reverted back to my original code and wasn't churning out parse errors, then I reintroduced the new code and get parse error on line 7 of news_check.php which is:

$userid = $_POST["userid"];

I do appreciate all the time and effort you are all putting into this.

I do not know what to do....

zbee

ok, then try an echo on $_POST["userid"] and see what it outputs?

dst101

ok I put this on a blank php page and changed the news_login.php to point to this page:

echo 'userid = ' . $userid;
echo '_POST[ "userid" ] = ' . $_POST[ 'userid' ];

And I get what I had put into the userid box on news_login.php (add)

userid = add_POST[ "userid" ] = add

Drakla

It's good to see you're doing the right thing in breaking down bits of code and checking what works and what doesn't. I wish people would write tiny test scripts learning how to use sessions before just slamming them into a stack of code and hoping for the best. People should learn their stuff competently before attempting to help others where you end up with case after case of the stupid leading the blind just because they like the sound of their own voice.

PS. There's no such function as mysql_numrows, it's mysql_num_rows.

When you get an error it means it was discovered on that line, but might have occurred before that. Post your whole script you're having trouble with, as an attachment if necessary if it's huge.

Let's get this thing cracked and move on.