SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,642
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    SESSION variables

    Im toying around with these Variables, created as login form,
    http://shores-rentals.com/login.php
    Upon successfull login (checks a users mysql table) Im trying to set a few session variables
    PHP Code:
    <?php
    session_start
    ();  
    include 
    $_SERVER['DOCUMENT_ROOT'].'/db/config.php'
        
    $user $_POST['username'];
        
    $pass $_POST['password'];
        
    $sql "select * from users where username = '".$user."' && password = '".$pass."'  limit 1";
         
    $result mysql_query($sql); 
        
    $info mysql_fetch_assoc($result);

        if(
    mysql_num_rows($result)!=1){
                 
    header("location:login_fail.php");
        } else {
        
    $_SESSION['logged'] = '1';
        
    $_SESSION['user'] = $user;
        
    $_SESSION['email'] = $info['email'];
            if(
    $info['isAdmin']==1) {
                
    header("location:admin");    
            } else {
                
    header("location:login_success.php");
            }
        }
    mysql_close($db_connect);
    ?>
    After I login it takes me to the admin section, I look in the top where I have a
    PHP Code:
    echo '<pre>';
    var_dump($_SESSION);
    echo 
    '</pre>'
    and all I see is,
    array(1) {
    ["user"]=>
    string(5) "Admin"
    }

    Where are the other session variables?
    "Oh, and Jenkins--apparently your mother died this morning."

  2. #2
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    While this won't resolve your specific issue, you should be aware that the mysql_* functions have been depreciated and you should be using mysqli or PDO instead.

    You should also be escaping and validating your POST variables before using them. As-is, your script is vulnerable to SQL injections.

    As for your specific issue, comment out the header redirects and add a var_dump($_SESSION) at the end of the script. Are your session variables still missing?
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  3. #3
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,642
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Yes,m they are, heres the script,
    PHP Code:
    <?php
    session_start
    ();  
    include 
    $_SERVER['DOCUMENT_ROOT'].'/db/config.php'
    include 
    $_SERVER['DOCUMENT_ROOT'].'/db/functions.php'
        
    $user mysql_prep($_POST['username']);
        
    $pass mysql_prep($_POST['password']);
        
    $sql "select * from users where username = '".$user."' && password = '".$pass."'  limit 1";
         
    $result mysqli_query($sql); 
        
    $info mysqli_fetch_assoc($result);

        if(
    mysqli_num_rows($result)!=1){
                 
    //header("location:login_fail.php");
        
    } else {
        
    $_SESSION['logged'] = '1';
        
    $_SESSION['user'] = $user;
        
    $_SESSION['id'] = $info['id'];
        
    $_SESSION['email'] = $info['email'];
            if(
    $info['isAdmin']==1) {
                
    //header("location:admin");    
            
    } else {
                
    //header("location:login_success.php");
            
    }
        }
    mysqli_close($db_connect);
    var_dump($_SESSION);
    ?>
    the form that calls the script,
    http://shores-rentals.com/login.php
    "Oh, and Jenkins--apparently your mother died this morning."

  4. #4
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,642
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    heres the function,
    PHP Code:
    <?php
    function mysql_prep$value ) {
        
    $magic_quotes_active get_magic_quotes_gpc();
        
    $new_enough_php function_exists"mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
        
    if( $new_enough_php ) { // PHP v4.3.0 or higher
            // undo any magic quote effects so mysql_real_escape_string can do the work
            
    if( $magic_quotes_active ) { $value stripslashes$value ); }
            
    $value mysql_real_escape_string$value );
        } else { 
    // before PHP v4.3.0
            // if magic quotes aren't already on then add slashes manually
            
    if( !$magic_quotes_active ) { $value addslashes$value ); }
            
    // if magic quotes are active, then the slashes already exist
        
    }
        return 
    $value;
    }
    ?>
    Last edited by cpradio; Oct 22, 2013 at 10:33.
    "Oh, and Jenkins--apparently your mother died this morning."

  5. #5
    SitePoint Evangelist
    Join Date
    Oct 2005
    Location
    Michigan, USA
    Posts
    434
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Call session_write_close() before the redirect.
    - Robert

  6. #6
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,642
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Think I found something, if I get rid of the mysqli thing
    PHP Code:
    <?php
    session_start
    ();  
    include 
    $_SERVER['DOCUMENT_ROOT'].'/db/config.php'
    include 
    $_SERVER['DOCUMENT_ROOT'].'/db/functions.php'
        
    $user mysql_prep($_POST['username']);
        
    $pass mysql_prep($_POST['password']);
        
    $sql "select * from users where username = '".$user."' && password = '".$pass."'  limit 1";
         
    $result mysql_query($sql); 
        
    $info mysql_fetch_assoc($result);

        if(
    mysql_num_rows($result)!=1){
                  
    //header("location:login_fail.php");
        
    } else {
        
    $_SESSION['logged'] = '1';
        
    $_SESSION['user'] = $user;
        
    $_SESSION['id'] = $info['id'];
        
    $_SESSION['email'] = $info['email'];
            if(
    $info['isAdmin']==1) {
                
    //header("location:admin");    
            
    } else {
                
    //header("location:login_success.php");
            
    }
        }
    mysql_close($db_connect);
    var_dump($_SESSION);
    ?>
    The script produces the session variables
    HTML Code:
    array(4) {   ["logged"]=>   string(1) "1"   ["user"]=>   string(1) "1"   ["id"]=>   string(1) "2"   ["email"]=>   string(20) "lukemaxpro@excte.com" }
    But when I add the i thing at the end of mysql in mysql_query() , the script shows no session variables.
    Im running PHP 5.2, is this ok?
    "Oh, and Jenkins--apparently your mother died this morning."

  7. #7
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by lukeurtnowski View Post
    Think I found something, if I get rid of the mysqli thing

    The script produces the session variables

    But when I add the i thing at the end of mysql in mysql_query() , the script shows no session variables.
    Im running PHP 5.2, is this ok?
    Sorry, I didn't catch that you changed that.

    mysqli_* and PDO are not a drop-in replacements for mysql_*. You will need to read the documentation on using it that I liked to in my previous post.

    Regardless of what version of PHP you are running, you should start migrating your code over to mysqli or PDO since mysql_* will be removed from future versions of PHP.

    Here's a guide on getting started with PDO: http://net.tutsplus.com/tutorials/ph...tabase-access/
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  8. #8
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,642
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    thanks for the link!

    I thought session variables can easily be transferred to other php pages. Once I use the form to login
    http://shores-rentals.com/login.php
    im rediredted to login_success.php
    Heres the scriiipt where the redirection happens
    PHP Code:
    <?php
    session_start
    ();  
    include 
    $_SERVER['DOCUMENT_ROOT'].'/db/config.php'
    include 
    $_SERVER['DOCUMENT_ROOT'].'/db/functions.php'
        
    $user mysql_prep($_POST['username']);
        
    $pass mysql_prep($_POST['password']);
        
    $sql "select * from users where username = '".$user."' && password = '".$pass."'  limit 1";
         
    $result mysql_query($sql); 
        
    $info mysql_fetch_assoc($result);

        if(
    mysql_num_rows($result)!=1){
                  
    header("location:login_fail.php");
        } else {
        
    $_SESSION['logged'] = '1';
        
    $_SESSION['user'] = $user;
        
    $_SESSION['id'] = $info['id'];
        
    $_SESSION['email'] = $info['email'];
            if(
    $info['isAdmin']==1) {
                
    header("location:admin");    
            } else {
                
    header("location:login_success.php");
            }
        }
    mysql_close($db_connect);
    //var_dump($_SESSION);
    ?>
    So I gather the 4 session variables are set
    but heres login_success.php
    PHP Code:
    <?php
    session_start
    ();  
    var_dump($_SESSION);
    ?>
    <!DOCTYPE HTML>
    <html>
    <head>
    <meta charset="utf-8">
    <link rel="stylesheet" type="text/css" href="/css/style.css">
    </head>
    <body>
    <div id="background">
      <div id="outer-wrapper">
          <div id="inner-wrapper">
              <header>
    <?php include 'inc/header.php'?>
              </header>
              <div id="content">
    <div id="success">
    <h2>Welcome <?=$_SESSION['user']?></h2>
    <p align="center">Thank you for Logging in.  You may now <a href="rentals/add_a_rental.php">add a rental</a><br><br>
    <?php
    $success 
    = array('success.jpg','success1.jpg','success2.jpg','success3.jpg','success4.jpg','success5.jpg','success6.jpg','success7.jpg');
    echo 
    "<img src=\"images/".$success[array_rand($success)]."\" class=\"result\" />";
    ?>
    </p>
    </div>
              </div><!--END CONTENT-->
              <footer>
    <?php include 'inc/footer.html'?>
              </footer>
          
          </div><!--END INNER-WRAPPER-->
      </div><!--END OUTER-WRAPPER-->
    </div><!--END BACKGROUND-->
    </body>
    </html>
    why aren't the variables being transferred?
    "Oh, and Jenkins--apparently your mother died this morning."

  9. #9
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,642
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    great article, im going to maker the move to the PDO thing.
    "Oh, and Jenkins--apparently your mother died this morning."

  10. #10
    SitePoint Evangelist
    Join Date
    Oct 2005
    Location
    Michigan, USA
    Posts
    434
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by QMonkey View Post
    Call session_write_close() before the redirect.
    Do you want to try it? I've seen this before.
    - Robert

  11. #11
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,642
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    yes, I put it before the code
    PHP Code:
    <?php
    session_start
    ();  
    include 
    $_SERVER['DOCUMENT_ROOT'].'/db/config.php'
    include 
    $_SERVER['DOCUMENT_ROOT'].'/db/functions.php'
        
    $user mysql_prep($_POST['username']);
        
    $pass mysql_prep($_POST['password']);
        
    $sql "select * from users where username = '".$user."' && password = '".$pass."'  limit 1";
         
    $result mysql_query($sql); 
        
    $info mysql_fetch_assoc($result);

        if(
    mysql_num_rows($result)!=1){
                  
    header("location:login_fail.php");
        } else {
        
    $_SESSION['logged'] = '1';
        
    $_SESSION['user'] = $user;
        
    $_SESSION['id'] = $info['id'];
        
    $_SESSION['email'] = $info['email'];
            if(
    $info['isAdmin']==1) {
                
    header("location:admin");    
            } else {
    session_write_close();
                 
    header("location:login_success.php");
            }
        }
    mysql_close($db_connect);
    //var_dump($_SESSION);
    ?>
    But I get redirected, but the var_dump thing s hows an empty array
    "Oh, and Jenkins--apparently your mother died this morning."

  12. #12
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,642
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    k,, think something mat be wrong with my server or something
    Attached 2 screenshots, the first is after I submit the authentication form, which shows the 4 session variables, then I click on the link to see if they are available (this is all I have on it)
    PHP Code:
    <?php
    session_start
    ();  
    echo 
    "<pre>";
    var_dump($_SESSION);
    echo 
    "</pre>";
    ?>
    It shows an empty array, shouldn't there be four?
    Attached Images Attached Images
    "Oh, and Jenkins--apparently your mother died this morning."

  13. #13
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    724
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    And how about with using this line instead?
    PHP Code:
    <h2>Welcome <?php echo "{$_SESSION['user']}"?></h2>

  14. #14
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,642
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    No, that doesn't work, all I get is <h2>welcome</h2>
    "Oh, and Jenkins--apparently your mother died this morning."

  15. #15
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,642
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    the idiots at my server never set up the session save path, so its all set up now, its in the php.ini file, just did a php_info();
    "Oh, and Jenkins--apparently your mother died this morning."

  16. #16
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by lukeurtnowski View Post
    the idiots at my server never set up the session save path, so its all set up now, its in the php.ini file, just did a php_info();
    Wow, that never even occurred to me. Glad you found the issue. I was wondering what the issue might be since I didn't see any obvious problems in your code.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •