sessions help, not storing data

scuzzo84

Ok here are some details. I have a site where its got 2 main columns, one on the left and one on the right which is the main section. I have my menu using a GET script so that it will load the pages on the right side , ie. CONTACT's link is index.php?page=contact

Ok so on my login page I have this code:

<?php
include 'connect.php';
include 'functions.php';
$username = $_SESSION['username'];
$password = $_SESSION['password'];
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = pg_query($query);
$numrows = pg_numrows($result);

if ($numrows < 1){

    echo "
    <form action=\"index.php?page=login\" method=\"POST\">  
    User: <input type=\"text\" size=\"10\" name=\"username\">
    Pass: <input type=\"password\" size=\"10\" name=\"password\">
    <input type=\"submit\" value=\"Login\" name=\"login\">
    </form>
    ";

}else{

echo "sup you are already logged in!";

}

if ($_POST['login']){

    $username = pg_escape_string($_POST['username']);
    $password = pg_escape_string($_POST['password']);
    $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
    $result = pg_query($query);
    $numrows = pg_numrows($result);

    if ($numrows > 0){
            $_SESSION['username'] = $username;
            $username = $_SESSION['username'];
            echo "Hello $username , you are logged in, this page will refresh soon";
    }else{
            echo "You are not logged in, bad user/pass";
    }

}

?>

and on index.php I have session_start() at the top. The problem is that on login.php , when I login with correct username and passowrd it says "Hello theusername, you are logged in, this page will refresh soon"

So then I click the homepage and then go back to login page and the login form is still coming up! if I logged in just fine and the username was stored then it shouldnt load the form on login.php according to if statement I have saying dont show the form unless the person isnt already logged in.

$username = $_SESSION['username'];
$password = $_SESSION['password'];
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = pg_query($query);
$numrows = pg_numrows($result);

if ($numrows < 1){

    echo "
    <form action=\"index.php?page=login\" method=\"POST\">  
    User: <input type=\"text\" size=\"10\" name=\"username\">
    Pass: <input type=\"password\" size=\"10\" name=\"password\">
    <input type=\"submit\" value=\"Login\" name=\"login\">
    </form>
    ";

}else{

echo "sup you are already logged in!";

}

So why isnt it remembering that I just logged in?

leatherback

Do you have session_start(); on the login too? You need it on EVERY page.

try:

print_r($_SESSION)

on both pages to see what is in the session.

scuzzo84

Thanks dude it seems to be storing it but I guess its my if statement that is messed up. This is how I tested it.

I added the start_session(); at the top of login.php
I added print_r($_SESSION); to the bottom of login.php
I then loaded up the login page, logged in, said the message that I was logged in and at the bottom it had "Array ( [username] => scuzzo )" . Then I clicked the homepage, and then back to login page and it at the bottom it had "Array ( [username] => scuzzo )" So it did store it but then why is it still displaying the form when I wrote in my code that if a username session is stored, then dont load the login form?

leatherback

You only seem to store the username in a session, but require a username and password to be set (See first lines of your script). THat's what causes you to not find a match in the database.

scuzzo84

leatherback wrote:
You only seem to store the username in a session, but require a username and password to be set (See first lines of your script). THat's what causes you to not find a match in the database.

Thanks dude!

I changed

$username = $SESSION['username'];
$password = $SESSION['password'];
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";

$username = $SESSION['username'];
//$password = $SESSION['password'];
$query = "SELECT * FROM users WHERE username = '$username''";

leatherback

If that solved it, please mark the thread resolved (See thread tools)

roscor

This is what i use, It may help

userlogin.php

<FORM METHOD="POST" ACTION="log.php">
<P><STRONG>Username:</STRONG><BR>
<INPUT TYPE="text" NAME="username" value="<? echo $username; ?>"></p>
<P><STRONG>Password:</STRONG><BR>
<INPUT TYPE="password" NAME="password" value="<? echo $password; ?>"></p>
<P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="login">&nbsp;&nbsp;<input type="reset" name="reset"></P>

</FORM>

log.php

 <? session_start();
if($_SESSION['valid_user']){
}
// else, process the login request:
else
{
    // connect to db:
    include("dbinfo.inc.php");
    $conn = mysql_connect($host, $username, $password) or die(mysql_error());
    mysql_select_db($database,$conn) or die(mysql_error());
    $password = md5($_POST['password']);
    $username=$_POST['username'];

$query = "SELECT *  from Tablename where username='$username' and password='$password'";
 $result = mysql_query($query) or die ("Could not run query.");

// if they are NOT found:
   if (mysql_num_rows($result) == 1) {
//if authorized, get the values of username	
$username = mysql_result($result,0, 'username');
$password =mysql_result($result,0, 'password');
$_SESSION['valid_user']=$username;
    }

else
{
echo 'Login Failed. <br />[<a href=userlogin.php>Go back and try again</a>]';
    exit;  

  }

?>

This is a basic form with no validation.

roscor