[RESOLVED] Session problem

Sigmahokies

Hi everyone, I'm new person in this website, I hope you can help me to find out what is wrong and fix the code in PHP.

I got SESSION problem in third page, I created first - login page and second page - check login, they are working, but third page - succeed page, It shows me an error in header and cache.

In third page:

<?php
session_start();

$_SESSION['username'] = $user;
echo "<p>You are logged as ".$user."</p>";

But I get an error from this. if you want to see first and second page page's code, I will post here again. Please let me know if you want to see my code.

Thanks in advance time,

Gary

NogDog

What is the error?

Sigmahokies

Oh I moved session_start(); in top of all scripts, so somehow error just disappear, but still session has not print as logging user. For example, When i succeed a gain access to this page, top and left of screen should show who is username is logging in. But it is not showing now, even If i type manually web address, it will enter to this restricted page without login. I need something to protect this page who tried to do manually.

previous error showed: Warning: session_start(): Cannot send session cache limiter
But it just disappear when i moved session_start(); to top of all script.

NogDog

Yeah, that error was because the session header can't be sent once your script has output anything (including any text/space before the <?php tag).

I suspect your current problem is that you have this reversed:

$_SESSION['username'] = $user;

You want to assign the value from $_SESSION to $user in this case, not the other way. In fact, there's no real reason to assign it to anything, as you can just do:

<?php
session_start();

echo "<p>You are logged as ".$_SESSION['username']."</p>";

?>

Sigmahokies

I removed $_SESSION['user'] = $username, then followed your code, seem it is not show as logging username yet, even still can enter this website in manually. Do you like me to post my first and second pages on this thread? Please let me know

Thanks,
Gary

NogDog

PS: You'd probably get a notice/warning about $user being undefined if you had a high enough error reporting level in place, e.g.:

<?php
ini_set('display_errors', true); // set to false in production
error_reporting(E_ALL);

// ... rest of script ...

NogDog

Sigmahokies;11052367 wrote:
I removed $_SESSION['user'] = $username, then followed your code, seem it is not show as logging username yet, even still can enter this website in manually. Do you like me to post my first and second pages on this thread? Please let me know

Thanks,
Gary

Make sure you have the assignment order correct wherever you are populating $SESSION['username'], and that there is a valid session_start() on each script that interacts with $SESSION. If that doesn't take care of it, then yes, you probably need to show us more code (hopefully just the minimum to show the problem and using this forum's [noparse]

...

[/noparse] tags).

Sigmahokies

Okay, here my PHP script - first and second page.

First page:

<!doctype html>
<html>
<head>
<title>Login System</title>
<link href="rcd.css" rel="stylesheet" type="text/css">
<link href="font.css" rel="stylesheet" type="text/css">
<link href="submit.css" rel="stylesheet" type="text/css">
</head>
<body>
<form action ="checklogin.php" method="POST">
<center>
<fieldset style='width:800px;'>
<table cellspacing="10" cellpadding="10">
<p id="font">Please Login to RCD's database</p>
<tr><td>Username:</td><td><input type="text" name="user" placeholder="Username"></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" placeholder="Password"></td></tr>
<tr><td colspan="2" align="center"><input id="submit" type="submit" name="submitted" value="Log in"></td></tr>
</table>
</fieldset>
</center>
</form>
</body>
</html>

Second page:

<?php
session_start();

require_once("require.php");

$username= stripslashes($_POST['user']);
$password = stripslashes($_POST['pass']);

$username = mysqli_real_escape_string($Garydb, $username);
$password = mysqli_real_escape_string($Garydb, $password);

$log = "SELECT  username, password, type FROM username WHERE username ='".$username."' AND password = '".$password."'";
$result = mysqli_query($Garydb, $log);

$count = mysqli_num_rows($result);

if ($count == 1) {
$_SESSION['username'];
header('location:register.php');
}
else {
die(header('location:denied.php'));
}
?>

Both are connect to third page.

Sigmahokies

Second page is "check login username" before go to third page.

NogDog

You don't actually assign anything to the session variable here:

if ($count == 1) {
$_SESSION['username']; // you need to set this equal to something
header('location:register.php');
}

Sigmahokies

Then how can I assign anything to session variable?

Sigmahokies

Hey NogDog,

I got it fixed, my login system are working!!! all session are working!

You have a great day!