Jump to content

using more sessions


Hooch
 Share

Recommended Posts

I have decided to use sessions more. So of course I am having some problems. The following code (login.php) has a cpl problems. 1. once successfully logged in I am not redirected to the profile.php. - It's just a blank screen. 2. I will address this later.

<?phpsession_start();include 'includes/online.php';include 'includes/config.php';include 'includes/header.php';if (!$_SESSION['logged'] == 1) {  // #1 not logged inif (!$_POST['login']) {  // #2 no post yet?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><link href="includes/style.css" rel="stylesheet" type="text/css" /></head><body><table width="100" border="0" align="center" cellpadding="0" cellspacing="0">  <tr>	<td height="35"> </td>  </tr></table><table border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#999999"><form method="POST">    <tr> 	<td align=right> 	Username: <input name="username" type="text" class="txtbox" size="15" maxlength="25"></td>   </tr>   <tr> 	<td align="right"> 	Password: <input name="password" type="password" class="txtbox" size="15" maxlength="25"></td></tr><tr> 	<td align="center"> 	<input name="login" type="submit" class="txtbox" value="Login"></td></tr>  <tr>	  <td align="center"><a href="forgot_pass.php" target"_self" class="tia">Forgot Password</a><br>		<a href="index.php" class="tour-footer">Home</a></td>  </tr></form></table><?PHP  } // #2 (end) just had a postif ($_POST['login']) { // #3 just had a postinclude 'includes/clean.php'; $username = clean($_POST['username']);$password = clean($_POST['password']);$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $r = mysql_fetch_array($query); $password2 = sha1($password);$password2 = sha1(substr($password2, 0, 20) . substr($r['salt'], 0, 20) . substr($password2, 19, 20) . substr($r['salt'], 19, 20)); if ($r['username'] == $username && $r['password'] == $password2){ // #4 check for username and pw	 $_SESSION['logged'] = 1;	 $_SESSION['username'] = $r['username'];	 $_SESSION['level'] = $r['level'];	 $_SESSION['accept'] = 0;} // #4 (end) check for username & pw is okelse{ // #5 username & pw is not ok	 $_SESSION['logged'] = 0;	 echo "<center><br><br><span class=\"black-medium\">Incorrect username or password!</span><br><br>"; 	 echo "<a href=\"login.php\" target\"_self\" class=\"members\">Back</a><br><br><br>"; } // #5 (end) since username and pw are not ok, try again} // #3 (end) had a post and everything is ok} // #1 (end) user is logged inelse{echo "<link href=\"includes/style.css\" rel=\"stylesheet\" type=\"text/css\" />";echo "<meta http-equiv=\"Refresh\" content=\"0; URL=profile.php\"/><center>redirect</center>";}?></body></html>

Please let me know if my (if) statements are commented correctly.Wanting to learn more...Hooch

Link to comment
Share on other sites

Hi,try to ammend this line echo "<meta http-equiv=\"Refresh\" content=\"0\" URL=\"profile.php\"/><center>redirect</center>";othewise check the is it redirecting on 'profile.php'if yes then check the content of 'profile.php'or its still remain in 'login.php'try to debug the code line by line and check where ur control goes.. suppose this will help you..Regards,Vijay

Link to comment
Share on other sites

Hi vijay. it stays on the login.php If I remove the "Refresh" and just add some text to echo out, it does thesame thing. I'm thinking it's not that. I'll look at my code again later tonight. I was pretty tired wen I posted this. I was over it a few times. I triedchanging my script over and over...but this last posted part was whatI figured how it should be. Maybe a fresh look at it will give me some success. Thanks vijay.

Link to comment
Share on other sites

You need to look at the HTML source of the blank page and see what is there. I'm betting you see this:

<link href="includes/style.css" rel="stylesheet" type="text/css" /><meta http-equiv="Refresh" content="0; URL=profile.php"/><center>redirect</center></body></html>

That redirect will not work, that is not a valid document of any type. At a minimum it needs to look like this:

<html><head><link href="includes/style.css" rel="stylesheet" type="text/css" /><meta http-equiv="Refresh" content="0;url=profile.php" /></head><body><a href="profile.php">Redirect</a></body></html>

Make sure you remove the <center> tags from after the meta tag, they don't go there.

Link to comment
Share on other sites

The best spot I could find to put your code was in the same placethe old refresh was.It does not send me to profile.php.

<?phpsession_start();include 'includes/online.php';include 'includes/db.php';include 'includes/header.php';if (!$_SESSION['logged'] == 1) {  // #1 not logged inif (!$_POST['login']) {  // #2 no post yet?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><link href="includes/style.css" rel="stylesheet" type="text/css" /></head><body><table width="100" border="0" align="center" cellpadding="0" cellspacing="0">  <tr>	<td height="35"> </td>  </tr></table><table border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#999999"><form method="POST">    <tr> 	<td align=right> 	Username: <input name="username" type="text" class="txtbox" size="15" maxlength="25"></td>   </tr>   <tr> 	<td align="right"> 	Password: <input name="password" type="password" class="txtbox" size="15" maxlength="25"></td></tr><tr> 	<td align="center"> 	<input name="login" type="submit" class="txtbox" value="Login"></td></tr>  <tr>	  <td align="center"><a href="forgot_pass.php" target"_self" class="tia">Forgot Password</a><br>		<a href="index.php" class="tour-footer">Home</a></td>  </tr></form></table><?PHP  } // #2 (end) just had a postif ($_POST['login']) { // #3 just had a postinclude 'includes/clean.php'; $username = clean($_POST['username']);$password = clean($_POST['password']);$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $r = mysql_fetch_array($query); $password2 = sha1($password);$password2 = sha1(substr($password2, 0, 20) . substr($r['salt'], 0, 20) . substr($password2, 19, 20) . substr($r['salt'], 19, 20)); if ($r['username'] == $username && $r['password'] == $password2){ // #4 check for username and pw	 $_SESSION['logged'] = 1;	 $_SESSION['username'] = $r['username'];	 $_SESSION['level'] = $r['level'];	 $_SESSION['accept'] = 0;} // #4 (end) check for username & pw is okelse{ // #5 username & pw is not ok	 $_SESSION['logged'] = 0;	 echo "<center><br><br><span class=\"black-medium\">Incorrect username or password!</span><br><br>"; 	 echo "<a href=\"login.php\" target\"_self\" class=\"members\">Back</a><br><br><br>"; } // #5 (end) since username and pw are not ok, try again} // #3 (end) had a post and everything is ok} // #1 (end) user is logged inelse{?><html><head><link href="includes/style.css" rel="stylesheet" type="text/css" /><meta http-equiv="Refresh" content="0;url=profile.php" /></head><body><a href="profile.php">Redirect</a></body></html><?PHP}?></body></html>

The page source is as follows...

</body></html>

Why is that last "else" not working? Is my code completely messed up?Thank you very much for taking the time to look at my questionand helping me with another answer.Hooch

Link to comment
Share on other sites

It's not really accurate to say the else "isn't working", everything is working fine, it's just not working the way you expected it to. The else block is not being executed because the condition on the if statement is evaluating to true. Here is the condition:if (!$_SESSION['logged'] == 1) So, this expression evaluates to true:!$_SESSION['logged'] == 1It will probably be a little more clear to write that like this:$_SESSION['logged'] != 1or this:!($_SESSION['logged'] == 1)So, this condition is true, it will evaluate to true if $_SESSION['logged'] does not evaluate to true, which is to say if they haven't logged in yet. So, your code is never seeing $_SESSION['logged'] be true. One thing you aren't doing is writing the session, put a call to session_write or session_write_close at the end of the page to make sure the information in the session gets saved. Also try printing out the $_POST or $_SESSION arrays to see what information is in there. If you're not seeing the information you expect, the first thing is to figure out what information is being given to you, and then you can figure out why that information is being given to you.print_r($_SESSION);print_r($_POST);

Link to comment
Share on other sites

Here's how I ended up getting it to work.Thank you justsomeguy and vijay.

<?phpsession_start();include 'includes/online.php';include 'includes/db.php';include 'includes/header.php';if (!($_SESSION['logged'] == 1)) {  // #1 not logged inif (!$_POST['login']) {  // #2 no post yet?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><link href="includes/style.css" rel="stylesheet" type="text/css" /></head><body><table width="100" border="0" align="center" cellpadding="0" cellspacing="0">  <tr>	<td height="35"> </td>  </tr></table><table border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#999999"><form method="POST">    <tr> 	<td align=right> 	Username: <input name="username" type="text" class="txtbox" size="15" maxlength="25"></td>   </tr>   <tr> 	<td align="right"> 	Password: <input name="password" type="password" class="txtbox" size="15" maxlength="25"></td></tr><tr> 	<td align="center"> 	<input name="login" type="submit" class="txtbox" value="login"></td></tr>  <tr>	  <td align="center"><a href="forgot_pass.php" target"_self" class="tia">Forgot Password</a><br>		<a href="index.php" class="tour-footer">Home</a></td>  </tr></form></table><?PHP  } // #2 (end) just had a postif ($_POST['login']) { // #3 just had a postinclude 'includes/clean.php'; $username = clean($_POST['username']);$password = clean($_POST['password']);$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $r = mysql_fetch_array($query); $password2 = sha1($password);$password2 = sha1(substr($password2, 0, 20) . substr($r['salt'], 0, 20) . substr($password2, 19, 20) . substr($r['salt'], 19, 20)); if ($r['username'] == $username && $r['password'] == $password2){ // #4 check for username and pw	 $_SESSION['logged'] = 1;	 $_SESSION['username'] = $r['username'];	 $_SESSION['level'] = $r['level'];	 $_SESSION['accept'] = 0;} // #4 (end) check for username & pw is okelse{ // #5 username & pw is not ok	 $_SESSION['logged'] = 0;	 echo "<center><br><br><span class=\"black-medium\">Incorrect username or password!</span><br><br>"; 	 echo "<a href=\"login.php\" target\"_self\" class=\"members\">Back</a><br><br><br>"; } // #5 (end) since username and pw are not ok, try again} // #3 (end) had a post and everything is ok} // #1 (end) user is logged inelse{session_write_close();}if ($_SESSION['logged'] == 1) {echo "<link href=\"includes/style.css\" rel=\"stylesheet\" type=\"text/css\" />";echo "<meta http-equiv=\"Refresh\" content=\"0; URL=profile.php\"/>";}else{}?></body></html>

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...