Assigning a session to user

PHP
21

so i need to send the header first and then print the contents right

22

Once you send a location header, the user’s browser will change pages - they probably wont see whatever you print afterwards, because it will disappear when the next page begins to load.

23

then what is the procedure for re directing to the next page

24

the header will get the person to the next page. But the next page doesnt include stuff from the previous page.

25

using the session id we generated is it not possible…
or else if their is no session then we can generate to the new page no

26

Sorry, that one didnt even make sense to me. Try again?

27

first i need to redirect the page to “products.php” in the above code

28

You’ve done that, with the header().

29

but it is not redirecting to “products.php”
tell me how to do it…

30

Show me your code.

31

which one

32

The one that you want to redirect.

33

here is rediredted page “products.php”


<?php
include("db.php");
include("functions.php");
if($_REQUEST['command']=='add' && $_REQUEST['productid']>0)
{
 $pid=$_REQUEST['productid'];
 addtocart($pid,1);
 header("location:shoppingcart.php");
 exit();
}	
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Products</title>
<script language="javascript">
	function addtocart(pid)
	{
		document.form1.productid.value=pid;
		document.form1.command.value='add';
		document.form1.submit();
	}
</script>
</head>
<body>
<form name="form1">
	<input type="hidden" name="productid" />
    <input type="hidden" name="command" />
</form>
<div align="center">
<h1>Products</h1>
<table border="0" cellpadding="2px" width="500px">
	<?php
	$result=mysql_query("select * from products");
	while($row=mysql_fetch_array($result))
	{
	 ?>
    <tr>
       <td><img src="<?php echo $row['picture']?>" /></td>
          <td> <b> <?php echo $row['name']?></b><br />
            	   <?php echo $row['description']?><br />
                   Price:<big style="color:red">
                   $<?php echo $row['price']?></big><br /><br />
             <input type="button" value="Add to Cart" onclick="addtocart(<?php echo $row['serial']?>)" />
		  </td>
	</tr>
        <tr><td colspan="2"><hr size="4" /></td></tr>
        <?php } ?>
    </table>
</div>
</body>
</html>
34

k below is the way the code has to flow


<?php 
session_start();
mysql_connect("localhost","root","") or die("mysql_error()");
mysql_select_db("shopping") or die("mysql_error()");
$result = mysql_query("SELECT * from login where username='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'"); 
$rows=mysql_num_rows($result);
if(isset($_SESSION['username']))
{
//if the username is matching in the database go to page "products.php" 

} 
else 
{
//also go to page "products.php" by creating new user in the database
 }

for this how the above code should be modified…

35

Well if you’re going to products.php in either case, the header() should be outside (and after) the if…else, otherwise it’s redundant. That would make your ‘if’ clause empty, since that’s the only thing it does.

Your condition doesnt say “If the username is matching”, it says “Does the session username exist.” So… need to adjust that first.
(if($rows == 1), do nothing. If not, add user. Dont like the ‘do nothing’ part, so take the contradiction to the condition - if($rows != 1), add user.

So:


if($rows != 1) {
  //User specified in $_POST does not exist in the database. Add User here.
}
header('Location: products.php'); //Hate using this, but its the easier way than trying to explain the concept of cross-includes here.
die();
36

then whether the below code is correct…


<?php 
session_start();
mysql_connect("localhost","root","") or die("mysql_error()");
mysql_select_db("shopping") or die("mysql_error()");
$result = mysql_query("SELECT * from login where username='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'"); 
$rows=mysql_num_rows($result);
if(isset($_SESSION['username']))
{
 $messages = "UserId : ".$_SESSION['username'];
} 
else 
{
  $_SESSION['username'] = time();
}
header("Location:products.php");
 if($rows != 1) 
{
 session_register('username');
$_SESSION['username'] = $_POST['username'];
die();  
} 
else
{ 
//unsuccessful login 
header("Location:products.php");
exit; 
} 
header("Location:products.php");
?>

first i need to get the username and with that username i must go to
“products.php” page

37

the username is stored in the session. As long as products.php calls session_start, it will be in the session array.
Why are you die()'ing on successful login?

38

k after successfull login session is created right and that is directed to “products.php”
in my code right


<?php 
session_start();
mysql_connect("localhost","root","") or die("mysql_error()");
mysql_select_db("shopping") or die("mysql_error()"); 
$result = mysql_query("SELECT username FROM login WHERE username='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'"); 
$rows=mysql_num_rows($result);
if(!isset($_SESSION['username']))
{
$_SESSION['username'] = $_POST['username'];
header("Location:products.php");
} 
else 
{
header("Location:products.php");
}

?>
39

Why do you do that query?

40

yes.i need to check for only the session but the username must be in the database
that should match right