need help with session

yonghan

Hi,i need help please.I'm stuck with session.I want to develop a login system,but my computer can't use session.Is it possible there is wrong with php.ini?I'm using win xp pro sp1 and sp2.Php 4.3,apache 1.3,mysql 3.23.Thanks alot and please help me.

adavis

How do you know that your "computer can't use session"? What kind of error message are you getting?

With sessions, you have to start the session BEFORE you send anything to display to the screen. It is best to start the session first line of your script:

<?php
session_start();
...
?>

That way, you avoid any error message and termination of your script. Also, on any page that you reference sessions, you have to include the session_start(), so include this statement at the top of each script where you are going to set or reference sessions.

yonghan

There are no error message.When i want to login to admin page,it doesn't display what it should display.It says thati haven't login.Thanks.

yonghan

These are the scripts.Help me please.Thanks a lot.

-login.php

<?php
session_start();

$errorMessage = '';
if (isset($POST['txtUserId']) && isset($POST['txtPassword'])) {
include 'library/config.php';
include 'library/opendb.php';

$userId   = $_POST['txtUserId'];
$password = $_POST['txtPassword'];

$sql = "SELECT user_id 
        FROM tbl_auth_user
		WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 

if (mysql_num_rows($result) == 1) {
	$_SESSION['db_is_logged_in'] = true;

	header('Location: main.php');
	exit;
} else {
	$errorMessage = 'Sorry, wrong user id / password';
}

include 'library/closedb.php';

}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150"> </td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

-config.php
<?php
// db properties
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'tutor';
?>

-main.php
<?php
session_start();

if (!isset($SESSION['db_is_logged_in']) || $SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>This is the main application page. You are free to play around here since you
are an autenthicated user :-) </p>
<p> </p>
<p><a href="logout.php">Logout</a> </p>
</body>
</html>

-logout.php
<?php
session_start();

if (isset($SESSION['db_is_logged_in'])) {
unset($SESSION['db_is_logged_in']);
}

header('Location: login.php');
?>

-opendb.php
<?php
$conn = mysql_connect ($dbhost, $dbuser, $dbpass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ($dbname);
?>

adavis

I see a couple of minor things. Some are debugging things that I find helpfull, some may make a difference, and some are more just personal coding preference.

add this debug code to be removed later:

  $sql = "SELECT user_id 
          FROM tbl_auth_user
          WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
  echo "sql: ".$sql."<br />\n";

I am assuming that you use phpMyAdmin or something similar. Anyway copy/paste the displayed sql statement to do a manual query to make sure the sql is doing what you expect.

Next (and this is personal preference) change

<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>

to one of these two:

<?php
if ($errorMessage != '') {
  echo "<p align=\"center\"><strong><font color=\"#990000\">$errorMessage</font></strong></p>\n";
}
?>

<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?=$errorMessage?></font></strong></p>
<?php
}
?>

There's no action in your form tag. You need to tell it where to go:

<form action="" method="post" name="frmLogin" id="frmLogin">

In main.php

<?php
session_start();
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
  header('Location: login.php');           // not logged in, move to login page
  exit;
}
?>

Make these small changes. Change the || to OR and the !== to !=

<?php
session_start();
if (!isset($_SESSION['db_is_logged_in']) OR $_SESSION['db_is_logged_in'] != true) {
  header('Location: login.php');           // not logged in, move to login page
  exit;
}
?>

I don't know if any of these changes will make any significant difference, but I always find it helpful to add echo statement to display values of key variables to make sure I'm getting what I think I'm getting. Once the script works, I go back and either remove or comment out all my debugging lines.