Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 3 of 3
  1. #1
    Senior Member
    Join Date
    May 2003
    Location
    UK
    Posts
    2,354
    Member #
    1326
    Hey. I have a login form. The submitted values are checked a mysql table. If a match is found, I set the session variable name to the value of username using this code.

    PHP Code:
    $sql="SELECT * FROM users WHERE username='".$username."' AND password='".md5($passw)."'";
     
    $res=mysql_query($sql) or die("Error: ".mysql_error());
     if(
    mysql_num_rows($res)>0)
     {
    $_SESSION['name'] = $username;
      
    header("Location: admin.php");
     } 
    This works fine. I am then able to view the admin pages and perform admin stuff.

    But a section of this particular site allows visitors to leave feedback. Everytime I leave a page and go to feedback.php and then leave to another page I lose my session variable $_SESSION['name'] but I am still logged in.

    I am not sure where lies the problem, if it is on feedback.php, or if it is on header.php (which is included on each page, its purpose is to determine if you are logged in.)

    header.php is smaller than feedback.php so I will post that code
    PHP Code:
    <?php
    // check if logged in
    if (isset($_SESSION['name'])) {
    include(
    "db.php");
        
    $author $_SESSION['name'];
        
    $query "SELECT * FROM users WHERE username='$author' ORDER BY id";
        
    $result mysql_query($query);
        
    $numrows mysql_num_rows($result);
        if (
    $numrows == "0") {
            echo 
    "No codes to display.<br /><br />";} // i get this message becuase it is trying to select but author has no value
        
    else {
        while(
    $row mysql_fetch_array($result))
        {        
            
    $profilelink"<a href='viewprofile.php?id=" $row['id'] . "'>Your profile</a><br><br>";
        }}
    ?>
    <a href="logout.php" title="Logout">Logout</a> - <a href="news.php" title="News">News</a> - <a href="admin.php" title="Admin">Admin</a> - <a href="index.php" title="Home">Home</a> - <a href="members.php" title="Member list">Members</a>
    <?php echo " - ";
    echo 
    $profilelink; } else { ?>

    <a href="login.php" title="Login">Login</a> - <a href="news.php" title="News">News</a> - <a href="index.php" title="Home">Home</a> - <a href="register.php" title="Register">Register</a> - <a href="members.php" title="Member list">Members</a>
    <?php ?>
    </div>
    One thing you may notice is that I have not included
    PHP Code:
    <?php
    session_start
    ();
    header("Cache-control: private");
    ?>
    This is because I have this on the page that includes header.php

    I have attached feedback.php

    To recap, when I log on, and goto feedback.php then navigate to another page $_SESSION['name'] value is lost. And then on all the other pages I visit after that, I get the "No codes to display." error message which is defined in header.php

    The only way to fix this is to log out then log in again.

    Thanks a lot to anyone who helps me.

  2.  

  3. #2
    Junior Member w84me's Avatar
    Join Date
    Jun 2005
    Location
    Greece
    Posts
    2
    Member #
    10368
    I think its better this way...

    Code:
    $username = $_POST['username'];
    $password = $_POST['password']; 
    $password = md5($password);
    
       $sql = mysql_query("SELECT * FROM users
                               WHERE username ='$username'
                               AND password = '$password'")
                                or die (mysql_error());
                               
                                
       if(mysql_num_rows($sql) == 1){
          while($row = mysql_fetch_assoc($sql)){
             
             $_SESSION['username'] = $row['username'];
    		 
             
           }
             }
    Check that i am doing a $row['username'] not just $username

  4. #3
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    I don't know whether this matters or not, but it doesn't look like you included header.php on feedback.php. Is this intentional?

    Also, do you have register_globals on in php.ini?


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 09:23 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com