SitePoint Sponsor

User Tag List

Results 1 to 20 of 20
  1. #1
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP Sessions not working

    I am working off of the Kevin Yank tutorial on how to Manage Users and Sessions with PHP. (First question: is there a newer way of doing this?)

    I was able to get a simple test work with sessions, but not my user login session. What happens is everything works (users register in database, email password, even error if same user name) except when I try to log in, it says "access denied" even though my user name and password are correct (they exist in the database, and I ma connecting to it).

    This stymies me. The code says to check if the values in the table are =0 and I have looked at the database using PHPMySQL and they are there! (Besides, I am getting the confirmation email).

    I am on GoDaddy Linux host, I have turned globals on in my PHP.INI file, added a session path to my PHP.INI, but still no error, just "Access Denied". What have I done wrong?

    here is my connection script:
    ---------------------------
    PHP Code:
    <?php 
    //Connect to DBServer:
    function dbConnect($db='mydatabasename') {
        global 
    $dbhost$dbuser$dbpass;    
    $dbcnx = @mysql_connect('hostname, 'user name', 'password');
    if (!$dbcnx) {
        exit ('
    <p>unable to connect to the database at this time<p>');
    }
    //select the database
    if (!@mysql_select_db('
    mydatabasename')) {
        exit ('
    <p>Unable to locate database now.<p>');
    }
    }
    ?>
    ------------------------------
    and here is my accesscontrol.php:
    PHP Code:
    <?php
    session_start
    ();
    include_once 
    'common.php';
    include_once 
    'cnxlct.php';
    $uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
    $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
    if(!isset(
    $uid)) {
      
    ?>
      <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <title> Please Log In for Access </title>
        <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1" />
      </head>
      <body>
      <h1> Login Required </h1>
      <p>You must log in to access this area of the site. If you are
         not a registered user, <a href="signup.php">click here</a>
         to sign up for access!</p>
      <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
          <table width="267" border="0">
          <tr>
            <td width="81">User ID:&nbsp;</td>
            <td width="170" align="right"><input type="text" name="uid" size="26" />&nbsp;</td>
          </tr>
          <tr>
            <td>Password: &nbsp;</td>
            <td align="right"><input type="password" name="pwd" size="26"  />&nbsp;</td>
          </tr>
        </table>
        <input type="submit" value="Log in" />
      </form></p>
      </body>
      </html>
      <?php
      
    exit;
    }
    $_SESSION['uid'] = $uid;
    $_SESSION['pwd'] = $pwd;

    dbConnect("mydatabasename");
    $sql "SELECT * FROM user WHERE
    userid = '
    $uid' AND password = PASSWORD('$pwd')";
    $result mysql_query($sql);
    if (!
    $result) {
          
    error('A database error occurred while checking your '.
            
    'login details.\\nIf this error persists, please '.
            
    'contact me.');
            }
    if (
    mysql_num_rows($result) == 0) {
      unset(
    $_SESSION['uid']);
      unset(
    $_SESSION['pwd']);
      
    ?>
      <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <title> Access Denied </title>
        <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1" />
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
      </body>
      </html>
      <?php
      
    exit;
    }
    $username mysql_result($result,0,'fullname');
    ?>

  2. #2
    SitePoint Enthusiast
    Join Date
    Apr 2011
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    check to make sure there are no spaces before the <?php beginning. Hopes this helps

  3. #3
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,401
    Mentioned
    147 Post(s)
    Tagged
    4 Thread(s)
    Do an echo of $sql to see what the query you're running actually looks like. Copy and paste it into PHPMyAdmin and see if it gives any results there.

  4. #4
    SitePoint Enthusiast
    Join Date
    Apr 2011
    Posts
    73
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It may have something to do with this line..
    I replaced it with echo "Welcome, $firstname"; still get no results.
    Could it be still not accepting the $result in this line....

    PHP Code:
    while($row=mysql_fetch_assoc($result)){
        echo 
    "Welcome, $firstname"

  5. #5
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,401
    Mentioned
    147 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by rdkd1970 View Post
    It may have something to do with this line..
    I replaced it with echo "Welcome, $firstname"; still get no results.
    Could it be still not accepting the $result in this line....

    PHP Code:
    while($row=mysql_fetch_assoc($result)){
        echo 
    "Welcome, $firstname"
    I think you posted in the wrong thread

  6. #6
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Guido, thanks for the reply.

    However, I can't figure out how to echo the SQL. Which part of the SQL were you suggesting (the uid, pwd, array)?

    I did try putting a
    PHP Code:
    print_r($_SESSION); 
    right under the session_start statement (is that the same thing?) and it shows: "()" empty parentheses when I try to login. Does this mean that somehow the array data is not getting passed? If so, why not?


    (I checked all the whitespace in the code last night and that didn't help).

  7. #7
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I also just went to MyPHPAdmin and pasted this statement into the "SQL" window:

    SELECT * FROM user WHERE
    userid = '$uid' AND password = PASSWORD('$pwd')
    Returned empty result. So, my query is not getting anything, but there is data there!

    which brings me to:
    $uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
    $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
    I am thinking: shouldn't one or more of the above statements have been: $_POST['userid'] and $POST['password']? It seems like we are defining uid and pwd with themselves... Not sure which to try...

  8. #8
    SitePoint Zealot Cute Tink's Avatar
    Join Date
    Apr 2009
    Posts
    152
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What he means by echo your $sql is add a line here:

    PHP Code:
    $sql "SELECT * FROM user WHERE
    userid = '
    $uid' AND password = PASSWORD('$pwd')";

    // add this line here
    echo $sql
    Then you copy and paste your exact query to phpmyadmin and see what happens.

  9. #9
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, I thought I had already done that, using the print_r($session) command. The output is: () Nothing.

    So, I tried the echo $sql statement, and it echos the user name and password. Correctly.

    So, what does this mean? I'm stuck. It appears the code is doing what it should...

  10. #10
    SitePoint Zealot Cute Tink's Avatar
    Join Date
    Apr 2009
    Posts
    152
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That shouldn't be happening. If you echo or print the $sql after you declare it, then it should at least put something on the screen, even if it is just this:

    SELECT * FROM user WHERE
    userid = '' AND password = PASSWORD('')

    The thing I am thinking is that the $uid and $pwd are not getting set right, but until we know that, there isn't much we can do to help.

    The problem with putting it into phpmyadmin with $uid and $pwd in there like you showed before is that $uid and $pwd are meaningless to phpmyadmin and mysql. The values they hold will be converted by your script to something meaningful and that's what we need to check first.

  11. #11
    SitePoint Zealot Cute Tink's Avatar
    Join Date
    Apr 2009
    Posts
    152
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by morrie View Post
    OK, I thought I had already done that, using the print_r($session) command. The output is: () Nothing.

    So, I tried the echo $sql statement, and it echos the user name and password. Correctly.

    So, what does this mean? I'm stuck. It appears the code is doing what it should...
    I'm assuming that you are getting a proper result if you put the echo'd query in phpmyadmin.

    Then I am at a loss, because I just tested a virtually identical script and it worked fine. The only reason I could think of it failing is because your query isn't right in some way.

  12. #12
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, me too. Maybe you will see something if I post specifically what my $print_r and $echo statements output (could be that I am misreading what is 'proper'?):
    with the two statements in the code right after the session_start directive, I get the two output echoes, at the very top of my "access denied" page. They look like this:
    Array ( ) SELECT * FROM user WHERE userid = 'myusername' AND password = PASSWORD('mypassword')
    I don't get it, how can it echo the right usr/psw, and still say: access denied???

  13. #13
    SitePoint Guru aamonkey's Avatar
    Join Date
    Sep 2004
    Location
    kansas
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is not a helpful post but is that code straight from Kevin yanks book?
    aaron-fisher.com - PHP articles and more

  14. #14
    SitePoint Zealot Cute Tink's Avatar
    Join Date
    Apr 2009
    Posts
    152
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    And just to confirm, the user you are trying to select info on is literally named myusername and the password is supposed to be mypassword?

  15. #15
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, that part has been changed to protect the innocent.

    The "array()" is from the print_r statement, and the other stuff is from the echo $sql statement. It echoes the correct user name and the password, exactly.


    Could it be that my server does not know how to recognize the truncated random string?

    @aamokey: good point. Going back to exactly Kevin's code, yields the same result. I actually had better luck using my own connection code (see above). But that is really all I changed (other than db name). Has anyone else had problem's with using Kevin's code(it's quite old now..)?

  16. #16
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have decided to try another approach. Different code, maybe different host. (I guess I shouldn't have wasted my time if the tutorial code didn't work!)

    No answer.

  17. #17
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,904
    Mentioned
    93 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $dbcnx = @mysql_connect('hostname, 'user name', 'password'); 
    should be

    PHP Code:
    $dbcnx = @mysql_connect('hostname''user name''password'); 
    you were missing the ' after hostname
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  18. #18
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, but I saw that earlier. (Strangely had NO effect).

    Not even the basic code (from Kevin's tutorial) works !

    What's the deal!? Registration, but no access...

    Am I really that dumb, that everyone else gets it but me? (Pulling my hair out for days on this!) What basic thing am I missing?

    Should I be using PHP4 instead of 5?

    (How come the latest post on the tutorial forum is 2005? Am I missing something new that happened?)

  19. #19
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Short answer (to a looong problem):

    Don't use GoDaddy!

    I finally decided to test this setup on another host, and it worked! I wish GoDaddy would tell us beforehand that they have effectively gutted PHP (why provide a scripting environment at all if it only works "for some stuff"?). Not to mention they provide a very un-secure environment, if you able to do so. Ridiculous. I am only sorry that I gave them the benefit of the doubt for so long. I even went back with the exact code that worked, and told them about it. All they did was babble incoherently...trust me, if they made any sense at all, I would have understood..

    Now, I need help with restricting access by account type:
    http://www.sitepoint.com/forums/php-...lp-759616.html

    Thanks, all for the help.

  20. #20
    SitePoint Member
    Join Date
    Jul 2009
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rdkd1970 View Post
    check to make sure there are no spaces before the <?php beginning. Hopes this helps
    lol thats such a pain, that use to happen alot to me ;\


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •