using more sessions

[Hooch]

I have decided to use sessions more. So of course I am having some problems. The following code (login.php) has a cpl problems. 1. once successfully logged in I am not redirected to the profile.php. - It's just a blank screen. 2. I will address this later.

<?phpsession_start();include 'includes/online.php';include 'includes/config.php';include 'includes/header.php';if (!$_SESSION['logged'] == 1) {  // #1 not logged inif (!$_POST['login']) {  // #2 no post yet?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><link href="includes/style.css" rel="stylesheet" type="text/css" /></head><body><table width="100" border="0" align="center" cellpadding="0" cellspacing="0">  <tr>	<td height="35"> </td>  </tr></table><table border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#999999"><form method="POST">    <tr> 	<td align=right> 	Username: <input name="username" type="text" class="txtbox" size="15" maxlength="25"></td>   </tr>   <tr> 	<td align="right"> 	Password: <input name="password" type="password" class="txtbox" size="15" maxlength="25"></td></tr><tr> 	<td align="center"> 	<input name="login" type="submit" class="txtbox" value="Login"></td></tr>  <tr>	  <td align="center"><a href="forgot_pass.php" target"_self" class="tia">Forgot Password</a><br>		<a href="index.php" class="tour-footer">Home</a></td>  </tr></form></table><?PHP  } // #2 (end) just had a postif ($_POST['login']) { // #3 just had a postinclude 'includes/clean.php'; $username = clean($_POST['username']);$password = clean($_POST['password']);$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $r = mysql_fetch_array($query); $password2 = sha1($password);$password2 = sha1(substr($password2, 0, 20) . substr($r['salt'], 0, 20) . substr($password2, 19, 20) . substr($r['salt'], 19, 20)); if ($r['username'] == $username && $r['password'] == $password2){ // #4 check for username and pw	 $_SESSION['logged'] = 1;	 $_SESSION['username'] = $r['username'];	 $_SESSION['level'] = $r['level'];	 $_SESSION['accept'] = 0;} // #4 (end) check for username & pw is okelse{ // #5 username & pw is not ok	 $_SESSION['logged'] = 0;	 echo "<center><br><br><span class=\"black-medium\">Incorrect username or password!</span><br><br>"; 	 echo "<a href=\"login.php\" target\"_self\" class=\"members\">Back</a><br><br><br>"; } // #5 (end) since username and pw are not ok, try again} // #3 (end) had a post and everything is ok} // #1 (end) user is logged inelse{echo "<link href=\"includes/style.css\" rel=\"stylesheet\" type=\"text/css\" />";echo "<meta http-equiv=\"Refresh\" content=\"0; URL=profile.php\"/><center>redirect</center>";}?></body></html>

Please let me know if my (if) statements are commented correctly.Wanting to learn more...Hooch

[vijay]

Hi,try to ammend this line echo "<meta http-equiv=\"Refresh\" content=\"0\" URL=\"profile.php\"/><center>redirect</center>";othewise check the is it redirecting on 'profile.php'if yes then check the content of 'profile.php'or its still remain in 'login.php'try to debug the code line by line and check where ur control goes.. suppose this will help you..Regards,Vijay

[Hooch]

Hi vijay. it stays on the login.php If I remove the "Refresh" and just add some text to echo out, it does thesame thing. I'm thinking it's not that. I'll look at my code again later tonight. I was pretty tired wen I posted this. I was over it a few times. I triedchanging my script over and over...but this last posted part was whatI figured how it should be. Maybe a fresh look at it will give me some success. Thanks vijay.

[justsomeguy]

You need to look at the HTML source of the blank page and see what is there. I'm betting you see this:

<link href="includes/style.css" rel="stylesheet" type="text/css" /><meta http-equiv="Refresh" content="0; URL=profile.php"/><center>redirect</center></body></html>

That redirect will not work, that is not a valid document of any type. At a minimum it needs to look like this:

<html><head><link href="includes/style.css" rel="stylesheet" type="text/css" /><meta http-equiv="Refresh" content="0;url=profile.php" /></head><body><a href="profile.php">Redirect</a></body></html>

Make sure you remove the <center> tags from after the meta tag, they don't go there.

[Hooch]

The best spot I could find to put your code was in the same placethe old refresh was.It does not send me to profile.php.

<?phpsession_start();include 'includes/online.php';include 'includes/db.php';include 'includes/header.php';if (!$_SESSION['logged'] == 1) {  // #1 not logged inif (!$_POST['login']) {  // #2 no post yet?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><link href="includes/style.css" rel="stylesheet" type="text/css" /></head><body><table width="100" border="0" align="center" cellpadding="0" cellspacing="0">  <tr>	<td height="35"> </td>  </tr></table><table border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#999999"><form method="POST">    <tr> 	<td align=right> 	Username: <input name="username" type="text" class="txtbox" size="15" maxlength="25"></td>   </tr>   <tr> 	<td align="right"> 	Password: <input name="password" type="password" class="txtbox" size="15" maxlength="25"></td></tr><tr> 	<td align="center"> 	<input name="login" type="submit" class="txtbox" value="Login"></td></tr>  <tr>	  <td align="center"><a href="forgot_pass.php" target"_self" class="tia">Forgot Password</a><br>		<a href="index.php" class="tour-footer">Home</a></td>  </tr></form></table><?PHP  } // #2 (end) just had a postif ($_POST['login']) { // #3 just had a postinclude 'includes/clean.php'; $username = clean($_POST['username']);$password = clean($_POST['password']);$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $r = mysql_fetch_array($query); $password2 = sha1($password);$password2 = sha1(substr($password2, 0, 20) . substr($r['salt'], 0, 20) . substr($password2, 19, 20) . substr($r['salt'], 19, 20)); if ($r['username'] == $username && $r['password'] == $password2){ // #4 check for username and pw	 $_SESSION['logged'] = 1;	 $_SESSION['username'] = $r['username'];	 $_SESSION['level'] = $r['level'];	 $_SESSION['accept'] = 0;} // #4 (end) check for username & pw is okelse{ // #5 username & pw is not ok	 $_SESSION['logged'] = 0;	 echo "<center><br><br><span class=\"black-medium\">Incorrect username or password!</span><br><br>"; 	 echo "<a href=\"login.php\" target\"_self\" class=\"members\">Back</a><br><br><br>"; } // #5 (end) since username and pw are not ok, try again} // #3 (end) had a post and everything is ok} // #1 (end) user is logged inelse{?><html><head><link href="includes/style.css" rel="stylesheet" type="text/css" /><meta http-equiv="Refresh" content="0;url=profile.php" /></head><body><a href="profile.php">Redirect</a></body></html><?PHP}?></body></html>

The page source is as follows...

</body></html>

Why is that last "else" not working? Is my code completely messed up?Thank you very much for taking the time to look at my questionand helping me with another answer.Hooch

[justsomeguy]

It's not really accurate to say the else "isn't working", everything is working fine, it's just not working the way you expected it to. The else block is not being executed because the condition on the if statement is evaluating to true. Here is the condition:if (!$_SESSION['logged'] == 1) So, this expression evaluates to true:!$_SESSION['logged'] == 1It will probably be a little more clear to write that like this:$_SESSION['logged'] != 1or this:!($_SESSION['logged'] == 1)So, this condition is true, it will evaluate to true if $_SESSION['logged'] does not evaluate to true, which is to say if they haven't logged in yet. So, your code is never seeing $_SESSION['logged'] be true. One thing you aren't doing is writing the session, put a call to session_write or session_write_close at the end of the page to make sure the information in the session gets saved. Also try printing out the $_POST or $_SESSION arrays to see what information is in there. If you're not seeing the information you expect, the first thing is to figure out what information is being given to you, and then you can figure out why that information is being given to you.print_r($_SESSION);print_r($_POST);

[Hooch]

Here's how I ended up getting it to work.Thank you justsomeguy and vijay.

<?phpsession_start();include 'includes/online.php';include 'includes/db.php';include 'includes/header.php';if (!($_SESSION['logged'] == 1)) {  // #1 not logged inif (!$_POST['login']) {  // #2 no post yet?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><link href="includes/style.css" rel="stylesheet" type="text/css" /></head><body><table width="100" border="0" align="center" cellpadding="0" cellspacing="0">  <tr>	<td height="35"> </td>  </tr></table><table border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#999999"><form method="POST">    <tr> 	<td align=right> 	Username: <input name="username" type="text" class="txtbox" size="15" maxlength="25"></td>   </tr>   <tr> 	<td align="right"> 	Password: <input name="password" type="password" class="txtbox" size="15" maxlength="25"></td></tr><tr> 	<td align="center"> 	<input name="login" type="submit" class="txtbox" value="login"></td></tr>  <tr>	  <td align="center"><a href="forgot_pass.php" target"_self" class="tia">Forgot Password</a><br>		<a href="index.php" class="tour-footer">Home</a></td>  </tr></form></table><?PHP  } // #2 (end) just had a postif ($_POST['login']) { // #3 just had a postinclude 'includes/clean.php'; $username = clean($_POST['username']);$password = clean($_POST['password']);$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $r = mysql_fetch_array($query); $password2 = sha1($password);$password2 = sha1(substr($password2, 0, 20) . substr($r['salt'], 0, 20) . substr($password2, 19, 20) . substr($r['salt'], 19, 20)); if ($r['username'] == $username && $r['password'] == $password2){ // #4 check for username and pw	 $_SESSION['logged'] = 1;	 $_SESSION['username'] = $r['username'];	 $_SESSION['level'] = $r['level'];	 $_SESSION['accept'] = 0;} // #4 (end) check for username & pw is okelse{ // #5 username & pw is not ok	 $_SESSION['logged'] = 0;	 echo "<center><br><br><span class=\"black-medium\">Incorrect username or password!</span><br><br>"; 	 echo "<a href=\"login.php\" target\"_self\" class=\"members\">Back</a><br><br><br>"; } // #5 (end) since username and pw are not ok, try again} // #3 (end) had a post and everything is ok} // #1 (end) user is logged inelse{session_write_close();}if ($_SESSION['logged'] == 1) {echo "<link href=\"includes/style.css\" rel=\"stylesheet\" type=\"text/css\" />";echo "<meta http-equiv=\"Refresh\" content=\"0; URL=profile.php\"/>";}else{}?></body></html>