Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Basic PHP session problem

Status
Not open for further replies.

Alexfz

Programmer
Aug 2, 2007
8
US
(I known that there is a thread on sessions right below thus, I've already read through it.)

Hello,

I've been working on a very basic PHP login script using a MySQL database to store the username and password. Everything works fine, except that the session won't ever start. Everything else works exactly as intended, except the session will never register.

The login script is for a very light mockup of an admin center that I am doing to teach myself more about PHP in general.

This is the main page for the admin center (index.php). It is supposed to check to see if $_SESSION['login'] has a value, and if it does, it prints the area where the admin center will be. $_SESSION['login'] does not have a value, it prints the login form.
Code:
<?php
	if (!isset($_SESSION['login'])) {
		include './templates/login.php';
	}
	else {
		echo 'This is where the admin center would be if I bothered to make one';
	}
?>

This is the script that the form in .templates/login.php links to. It handles the login process. The file .templates/login.php is just HTML, and is a bit long, so I didn't bother posting it.
Code:
<?php
include '../config/connect_info.php';
include '../config/mysql_connect.php';

$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT * FROM admin WHERE glogin='$username' AND gpassword = '$password'";
$result=mysql_fetch_array(mysql_query($query));

if ($result) {
	session_start();
	$_SESSION['login']=1;
	echo 'Login success. You will now be redirected to the admin cp.<br><br>
				Browser not redirecting? <a href="index.php">Click here.</a>';
	echo " <script>
					self.location='index.php';
				</script>";
}
else {
	echo 'Login unsuccessful. <br><br>
				Username and password did not match. <br><br>
				<a href="index.php">Click here to go back</a>';
}

include '../config/mysql_close.php';
?>

When I login wrong, it displays everything properly. When I login correctly, it redirects to index.php, but without setting the session. This causes it to show the login screen over and over again.

Any help would be greatly appreciated. Thanks!
 
Code:
session_start(); //start the session either way
$username = mysql_escape_string(trim($_POST['username']));
$password = mysql_escape_string(trim($_POST['password']));

$query = "SELECT count(*) FROM admin WHERE glogin='$username' AND gpassword = '$password'";
$result= intval( mysql_fetch_result(mysql_query($query),0,0));

if ($result === 1){
 //logged in
} else {
 //log out
 $_SESSION = array();
 session_destroy;
 if (isset($_COOKIE[session_name()])){
   setcookie(session_name(), '', time()-42000, '/');
 }
}
 
Thank you for helping.

When I tried using the code you put in, it returned an error for:
Code:
$result= intval( mysql_fetch_result(mysql_query($query),0,0));

I am unfamiliar with this function, so I'm not even sure what it does. I tried declaring the session first and then destroying it if the login failed, but even with the session declared so matter what, my main page would keep showing the login form over and over.

If you could please clarify this, I would appreciate it.

Thanks.
 
my fault.

the code should have been
Code:
$result= intval( mysql_result(mysql_query($query),0,0));

reading the code from right to left:
1. perform the query
2. fetch column 0 from row 0 of the result set (which will be the row count)
3. cast the value to an integer so that the === operation next time round will be true.

this relies on the username and password combination being unique in your database. this, of course, should always be the case!
 
Thanks a lot, I've got it all working now. Good to know the improvements that could have been made to it also, thanks again :)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top