SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Guru
    Join Date
    Feb 2006
    Location
    Chepstow, South Wales
    Posts
    907
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Session causing checklogin problem

    Im putting together a site that allows for a session to be created as soon as a person comes to the site, then the person has the opportunity to log in and so the session continues.

    Here lies my problem.

    If the person uses the correct log in details, it does follow through on the success script by taking the person to the correct page, but the checklogin script on that page doesnt allow it, and takes them back to the log in page.

    If I comment out that script it works, when I un comment it it doesnt.

    Here is the code for the log in page:

    PHP Code:
    <?php
    session_start
    ();
    include(
    "config.php"); 
    $sid=session_id();
    $date=date("Y-m-d G:i:s ");
    $sql="select * from logdetails where sid='$sid' AND ddate='$date' AND pageno=3";
    $q=mysql_query($sql) or die(mysql_error());
    $c=mysql_num_rows($q);
    $usrcnt=0;
    global 
    $h;
    global 
    $w;
    $h=0;
    $w=0;
    if(
    $c<1)
    {
        
    $q1=mysql_query("insert into logdetails(sid,ddate,pageno) values('$sid','$date',3)") or die (mysql_error());

        
    $q3=mysql_query("select count(*) from logdetails where pageno=3") or die (mysql_query());
        
    $r3=mysql_fetch_row($q3);
    //    echo ("No. of Users hit : $r3[0]");    
        
    $usrcnt=$r3[0];
    }
    else
    {
        
    $q2=mysql_query("select count(*) from logdetails where pageno=3") or die (mysql_query());
        
    $r2=mysql_fetch_row($q2);
        
    //echo ("No. of Users hit : $r2[0]");
        
    $usrcnt=$r2[0];
    }
    ?>
    and the form:

    HTML Code:
    <form name="form1" method="post" action="checklogin.php">
    <td>
    <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
    <tr>
    <td colspan="3"><strong>Member Login </strong></td>
    </tr>
    <tr>
    <td width="78">Username</td>
    <td width="6">:</td>
    <td width="294"><input name="myusername" type="text" id="myusername"></td>
    </tr>
    <tr>
    <td>Password</td>
    <td>:</td>
    <td><input name="mypassword" type="password" id="mypassword"></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><input type="submit" name="Submit" value="Login"></td>
    </tr>
    </table>
    </td>
    </form>
    Here is the code for the checklogin page:

    PHP Code:
    <?php
    session_start
    ();
    $_SESSION['user1'];
    $_SESSION['flaglog'];
    ob_start();
    include(
    "config.php");
    $sid=session_id();
    $date=date("Y-m-d G:i:s ");

    $tbl_name="Register"// Table name 

    // Connect to server and select databse.
    mysql_connect("$host""$user""$pass")or die("cannot connect"); 
    mysql_select_db("$db")or die("cannot select DB");

    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=md5($_POST['mypassword']); 


    $q1=mysql_query("select * from Register") or die (mysql_error());        
    while(
    $data mysql_fetch_assoc($q1))
    {
    $username=$_POST['myusername']; 
    $pass=md5($_POST['mypassword']); 
    if (
    $username==$data['Username']  && $pass==$data['Password'])
    {
    $error1="correct";
    $_SESSION['user1']=$username;
    $_SESSION['flaglog']=1;
    $sql="insert into logdetails(sid,Log_Id,dDate,PageNo) values('$sid',$data[RegId],now(),99)";
    $r=mysql_query($sql) or die ("insert into logdetails(sid,Log_Id,dDate,PageNo) values($data[RegId],now(),99)<br><br>".mysql_error());
    //header("location:main.php");
    }
    }

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername trim($myusername);
    $mypassword trim($mypassword);
    $myusername mysql_real_escape_string($myusername);
    $mypassword mysql_real_escape_string($mypassword);

    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $myusername and $mypassword, table row must be 1 row

    if($count==1){
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    $_SESSION['myusername'];
    $_SESSION['mypassword']; 
    //header("location:login_success.php");
    header("location:/tourCheck/index.php");
    }
    else { 
    ?>
    <p>I'm sorry but you have entered the wrong Username and or Password.</p>
    <? }
    ob_end_flush();
    ?>
    And then the problem script on the intended destination index page.

    PHP Code:

    session_start
    ();
    if(!
    session_is_registered(myusername)){
    header("location:../main_login.php");
    }
    //include("../config.php");
    $sid=session_id();
    $date=date("Y-m-d G:i:s ");

    {
    $q1=mysql_query("insert into logdetails(sid,Log_Id,Ddate,pageno) values('$sid','user1','$date',5)") or die (mysql_error());

    The problem goes away when I comment out this bit:

    PHP Code:
    session_start();
    if(!
    session_is_registered(myusername)){
    header("location:../main_login.php");

    I hope that helps, I have worked on this all day to no avail, and now its time for me to go home, but will be on it first thing if somebody would like to help me, I'm sorry that I left it late to post, as I wont be able to reply.

    Thanks

  2. #2
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,032
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    session_is_registered is deprecated in PHP (as of version 5.3.0), change that bit to:

    PHP Code:
    if (!isset($_SESSION['myusername'])) {
    header('location:../main_login.pgp');

    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  3. #3
    SitePoint Guru
    Join Date
    Feb 2006
    Location
    Chepstow, South Wales
    Posts
    907
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Thanks for the reply.

    I changed the line of code over, and unfortuntaly it still doesnt work.

    The log in details are correct as I go to the correct page when logging in, but the checklogin script sends me back.

    Cheers

  4. #4
    Non-Member
    Join Date
    Apr 2011
    Location
    no fixed address
    Posts
    851
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    session_start(); 
    if(!
    session_is_registered(myusername)){ 
    header("location:../main_login.php"); 

    Like SpacePhoenix said, session_is_registered is deprecated. But in any case, to be redirected back to your login page means that the IF test condition is evaluating to true and so header() is being executed.

    The probable cause is that your session is not actually starting. You haven't posted all your code. Make sure there is no output of any kind, including blank lines, echo statements or trailing blank spaces on any lines before session_start(). session_start() should be located directly after <php tag.

    I assume that $_SESSION['myusername'] should exist when the above code is run. To test if the session exists do the following:

    PHP Code:
    session_start(); 

    echo 
    $_SESSION['myusername']; die();

    if(!
    session_is_registered(myusername)){ 
    header("location:../main_login.php"); 

    If the echo outputs nothing, then your session is not being started.

  5. #5
    SitePoint Guru
    Join Date
    Feb 2006
    Location
    Chepstow, South Wales
    Posts
    907
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello again,

    We tested what you asked and unfortunately nothing came back, so I guess your right.

    Below is all the code for the index page we are trying to get too, hopefully there might be something there that you can see to help us.

    PHP Code:
    <?
    session_start
    ();
    echo 
    $_SESSION['myusername']; die();

    if(!
    session_is_registered(myusername)){ 
    header("location:../main_login.php"); 

    include(
    "../config.php");
    $sid=session_id();
    $date=date("Y-m-d G:i(worry) ");

    {
    $q1=mysql_query("insert into logdetails(sid,Log_Id,Ddate,pageno) values('$sid','user1','$date',5)") or die (mysql_error());
    }
    Last edited by multichild; Nov 11, 2011 at 04:08. Reason: Spelling mistakes


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •