I wrote a log-in function according to a reference book, with changes just to be appropriate for my site, but I can't seem to access the values of my $_SESSION superglobal array. I can't see what I'm doing wrong. I've been pounding my head over it for hours. I get the concepts but don't see where it's not applying.
Here are my 2 pages, the full pages (with a few url for anonymity 😛)
<?php // login.php
// Start output buffering:
ob_start();
// Initialize a session:
session_start();
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title><?php echo $page_title; ?></title>
</head>
<body>
<div id="Header"><?php echo $page_title; ?></div>
<div id="Content">
<?php
require_once ('ncludes/config.inc.php');
$page_title = 'Login';
if (isset($_POST['submitted'])) {
require_once ('../dbc.php'); //database connection
if (!empty($_POST['email'])) {
$e = mysqli_real_escape_string ($dbc, $_POST['email']);
} else {
$e = FALSE;
echo '<p class="error">You forgot to enter your email address!</p>';
} // Validate the email address:
if (!empty($_POST['pass'])) {
$p = mysqli_real_escape_string ($dbc, $_POST['pass']);
} else {
$p = FALSE;
echo '<p class="error">You forgot to enter your password!</p>';
} // Validate the password:
if ($e && $p) { // If everything's OK.
$q = "SELECT id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p'))";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); // Query the database:
if (mysqli_num_rows($r) == 1) { // A match was made.
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); // Set values to the session & redirect:
mysqli_free_result($r);
mysqli_close($dbc);
$url = 'http://www.mysite.com/index.php'; // Define the URL:
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else { // No match was made.
echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>';
}
} else { // If everything wasn't OK.
echo '<p class="error">Please try again.</p>';
}
mysqli_close($dbc);
} // End of SUBMIT conditional.
?>
<h1>Login</h1>
<form action="http://longhere.com/login.php" method="post">
<fieldset>
<p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" /></p>
<p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
<input type="hidden" name="submitted" value="TRUE" />
</fieldset>
</form>
<div id="Menu">
<a href="index.php" title="Home Page">Home</a><br />
<?php //this code shows a menu that's supposed to change links depending on whether or not the user is logged in
if (isset($_SESSION['id'])) {
echo '<a href="logout.php" title="Logout">Logout</a><br />
<a href="change_password.php" title="Change Your Password">Change Password</a><br />';
} else { // Not logged in.
echo '<a href="register.php" title="Register for the Site">Register</a><br />
<a href="login.php" title="Login">Login</a><br />
<a href="forgot_password.php" title="Password Retrieval">Retrieve Password</a><br />';
}
?>
</div>
</body>
</html>
<?php // Flush the buffered output.
ob_end_flush();
?>
I checked the SQL query, it pulls up the right bits of information. And when I get redirected to my index, it doesn't keep any of that information stored as as a Session. Here's my index page that I'm redirecting to
<?php
// Start output buffering:
ob_start();
// Initialize a session:
session_start();
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title><?php echo $page_title; ?></title>
</head>
<body>
<div id="Header"><?php echo $page_title; ?></div>
<div id="Content">
<?php
// Include the configuration file:
require_once ('includes/config.inc.php');
// Set the page title
$page_title = 'Welcome to this Site!';
// Welcome the user (by name if they are logged in):
echo '<h1>Hello';
if (isset($_SESSION['first_name'])) {
echo ", {$_SESSION['first_name']}!";
}
echo '</h1>';
?>
<p>TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST .</p>
<p>TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST .</p>
</div>
<div id="Menu">
<a href="index.php" title="Home Page">Home</a><br />
<?php # Script 16.2 - footer.html
// This page completes the HTML template.
// Display links based upon the login status:
if (isset($_SESSION['id'])) {
echo '<a href="logout.php" title="Logout">Logout</a><br />
<a href="change_password.php" title="Change Your Password">Change Password</a><br />
';
} else { // Not logged in.
echo '<a href="register.php" title="Register for the Site">Register</a><br />
<a href="login.php" title="Login">Login</a><br />
<a href="forgot_password.php" title="Password Retrieval">Retrieve Password</a><br />
';
}
?>
</div>
</body>
</html>
<?php // Flush the buffered output.
ob_end_flush();
?>
The only thing I can see is that maybe I'm applying the variables to my $_SESSION wrong? Even though I'm following the example from my book.
Also, my browser accepts all cookies, and I tried it in another browser as well, so I know it's not my security settings.
Any help would be appreciated! thanks!
