Sessions

Sk_

Im back, with the same script but a different problem. I am trying to use sessions to make my register script a little more user friendly.

My script so far is in 3 files, db.php, check.php and register.php. You start at register.php, you enter your username, password and email then hit submit. That info then gets posted to check.php. Check.php then takes the variables and puts them into the $session array. Then checks it for basic stuff like being to short or to long, or an invalid email address, etc. Now heres whats not working, when it finds an error it is suppose to send the $session back to register.php with a error message, but it doesnt...

I dont fully understand sessions so if someone could look at what i have done then tell me what I did wrong that would be great.

register.php:

<?php
// register.php by Smartkid

session_start();

echo("<html>
<head>
<title>Register</title>
</head>
<body>
<form action=check.php method=POST>
<center>
<table border=0 cellspacing=1 cellpadding=0 width=300>
<tr>
<td colspan=2>Welcome to CyberStorm, please fill out the following information and then hit submit to proceed to step 2.<br></td>
</tr>
<tr>
<td align=right>Username:</td>
<td align=left><input type=text name=user maxlength=30 value=".$session['reg_username']."></td>
</tr>
<tr>
<td align=right>Password:</td>
<td align=left><input type=password name=pass maxlength=30 value=></td>
</tr>
<tr>
<td align=right>Email:</td>
<td align=left><input type=text name=email maxlength=50 value=".$session['reg_email']."></td>
</tr>
<tr>
<td colspan=2 align=center><input type=submit value=Join!></td>
</tr>
</table>
</body>
</html>");

Check.php

<?php
// check.php by Smartkid

session_start();

include("include/db.php");

$session['reg_username'] = $POST['user'];
$session['reg_password'] = $POST['pass'];
$session['reg_email'] = $POST['email'];

// Check username lenth
if(strlen($session['reg_username']) < 5)
{
echo("Username below 5 characters"); die;
}
//Make sure username is not to long
else if(strlen($session['reg_username']) > 30)
{
echo("Username above 30 characters"); die;
}
// Check if username is not alphanumeric
else if(!eregi("^{([0-9a-z])+$",} $session['reg_username']))
{
echo("Username not alphanumeric"); die;
}
// Password Checking
else if(strlen($session['reg_password']) < 5)
{
echo("Password below 5 characters"); die;
}
//Password checking
else if(strlen($session['reg_password']) > 30)
{
echo("Password is over 30 characters"); die;
}
//Check if password is not alphanumeric
else if(!eregi("^{([0-9a-z])+$",} $session['reg_password']))
{
echo("Password not alphanumeric"); die;
}
// Email Checking
else if(strlen($session['reg_email']) < 5)
{
echo("Email is below 5 characters"); die;
}
//Email checking
else if(strlen($session['reg_email']) > 30)
{
echo("Email is over 30 characters"); die;
}
else
$regex = "^{[+a-z0-9-]+(.[+a-z0-9-]+)"."@[a-z0-9-]+(.[a-z0-9-]{1,})".".([a-z]{2,}){1}$";}
if(!eregi($regex, $_session['reg_email']))
{
echo("Email has bad charecters"); die;
}
else
db_connect();

$query = "SELECT username FROM user_info WHERE username = '" . $_session['reg_username'] . "'";
$result = mysql_query($query) or die( $query . ' ' . mysql_error() );
$num_rows = mysql_num_rows( $result );

if( $num_rows > 0 )
{
echo("User already exists!");
mysql_close();
die;
}
else

$query = "SELECT email FROM user_info WHERE email = '" . $_session['reg_email'] . "'";
$result = mysql_query($query) or die( $query . ' ' . mysql_error() );
$num_rows = mysql_num_rows( $result );

if( $num_rows > 0 )
{
echo("Email already exists!");
mysql_close();
die;
}
else

echo("

<center><table border=0 cellspacing=1 cellpadding=0 width=300>
<tr>
<td colspan=2>Please check if this information is correct then hit submit. You cannot change your username or email after this step<br></td>
</tr>
<tr>
<td align=right>Username:</td><td align=left><input type=text readonly=true name=user maxlength=30 value=".$session['reg_username']."></td>
</tr>
<tr>
<td align=right>Password:</td><td align=left><input type=text readonly=true name=pass maxlength=30 value=".$session['reg_password']."></td>
</tr>
<tr>
<td align=right>Email:</td><td align=left><input type=text readonly=ture name=email maxlength=50 value=".$_session['reg_email']."></td>
</tr>
<tr>
<td colspan=2 align=center><br><a href=http://megamanrm.com/cs/register.php>Go back</a> | <input type=submit value=Submit></td>
</tr>
</table></center>");

db.php

<?php

// db.php by smartkid

function db_connect()
{
// DB Info
$dbhost = '-----------';
$dbuser = '-----------';
$dbpass = '-----------';
$dbname = '-----------';

// Connects to db or dies
$db = mysql_connect($dbhost, $dbuser, $dbpass)
or die('Error connecting to mysql');

//Selects Our DB
mysql_select_db($dbname);

}

function query($query)
{
$result = mysql_query($query);
}

Thanks so much,
Sk~

Houdini

The $SESSION array is a constant and it is upper case not $session so change all the $session to $SESSION and try your script.

Oops I just looked more closely at your code. The purpose for using sessions is to be able to carry variables to any page. These type variables last the entire time once set that the user is logged on to your site and can be used anywhere.

The only reason you would want to assign a $SESSION variable to lets say a $POST variable if if you want to use that value on other pages. These are arrays and need different handling. Now you can still use those $SESSION variables but in the code you have you would be best to create your session variables for later use and also create some short variables to be used in the current script with ease. Instead of using the session variables from the $POST variables just make simple variables for the current script and use the $SESSION variables in other pages after using session_start() because you can not create or use $SESSION data without first starting a session.