Sessions?

[TheCatapult]

Hello, I am completely beginner in this field and I am just a hobbyist so pardon me if I ask very elementary questions in an advanced forum. I'll first post my codes. 1. config.php

<?php/*This script was downloaded at:LightPHPScripts.comPlease support us by visitingout website and letting peopleknow of it.Produced under: LGPL*//* Main Options *///----------------/* Which page user goes to after logoss */$logoutPage = 'login.php';/* Secure page to redirect to after login */$loginPage = 'myaccount.php';/* Start session? Set this to false, ifyou are already starting the session elsewhere*/$startSession = TRUE;/* Use Cookies with sessions*/$useCookies = TRUE;/* Stay loged in for? -> cookies *//* in seconds:3600 ->  1 hr, 86400 -> 1 day604800 -> 1 week, 2419200 -> 1 month29030400 -> 1 year*/$logedInFor = 2419200;/* Domain name -> cookies */$domainName = 'example.com';/*Notes: Please note that using sessions,will store a cookie with the ID on userside.To make this work for users without cookies,propagate the ID through the URLSin this manner:nextpage.php?<?php echo htmlspecialchars(SID); ?>*//* Connect to database? Set to false, if youare already conneted */$connectDatabase = TRUE;/* Database Info */$databaseUserName = '';$databaseUserPassword = '';$databaseHostName = '';$databaseName = '';/* Table Info */$tableName = 'userlist';$userNameField = 'userName';$userPasswordField = 'UserPassword';/** SEC 334 **/?>

login.php

<?php/*This script was downloaded at:LightPHPScripts.comPlease support us by visitingout website and letting peopleknow of it.Produced under: LGPL*//* Start session */if($startSession == TRUE){ session_start();}/* Config file */include('config.php');/* Check for submition */if($_POST['submitID'] == 1){/* Connect to database */if($connectDatabase == TRUE){$action=TRUE;include('connect.php');} /* sanitize and check info */$userName = mysql_real_escape_string($_POST['userName'],$dbc);$password = mysql_real_escape_string($_POST['password'],$dbc);if($userName == NULL) { $message = 'Please enter username.';}if($message == NULL && $password == NULL){ $message = 'Please enter password.';}if($message == NULL){     $userQuery = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM " . $tableName .  " WHERE `" . $userNameField . "`='$userName' AND `" . $userPasswordField . "`='$password'"));    /* If usercount is more than 0 -> ok */  if($userQuery[0] > 0){   /* Disconnect from database */   if($connectDatabase == TRUE){$action=FALSE;include('connect.php');}   $_SESSION['isLoged'] = 'yes';   $_SESSION['userName'] = $userName;     /* add cookies ?*/   /* expire in 1 hour */   if($useCookies == TRUE)   {    setcookie("isLoged", 'yes', time()+logedInFor, "/", ".$domainName", 1);    setcookie("userName", $userName, time()+logedInFor, "/", ".$domainName", 1);   }   /* Redirect to login page */   header("Location: $loginPage");   exit();  } else {   $message = 'Invalid username and/or password!';  }}/* Disconnect from database */if($connectDatabase == TRUE){$action=FALSE;include('connect.php');}}?><!--/*This script was downloaded at:LightPHPScripts.comPlease support us by visitingout website and letting peopleknow of it.Produced under: LGPL*/--><?php/* Display error messages */if($message != NULL){?><table width="100%"  border="0" cellpadding="3" cellspacing="0" bgcolor="#FFCCCC">  <tr>    <td><div align="center"><strong><font color="#FF0000"><?=$message;?></font></strong></div></td>  </tr></table><?php } ?><form action="<? echo $_SERVER['PHP_SELF'];?>" method="post" name="login" id="login" style="display:inline;">  <table width="100%" border="1" align="center" cellpadding="5" cellspacing="0" bordercolor="#99CC33">    <tr bgcolor="#99CC99">	  <td colspan="2"><div align="center"><strong>Please log in:</strong></div></td>    </tr>    <tr>	  <td width="47%"><strong>Username:</strong></td>	  <td width="53%"><input name="userName" type="text" id="userName"></td>    </tr>    <tr>	  <td><strong>Password:</strong></td>	  <td><input name="password" type="password" id="password"></td>    </tr>    <tr>	  <td colspan="2"><div align="center"><font face="Georgia, Times New Roman, Times, serif"><strong>		  <input name="Submit" type="submit" id="Submit" value="Sign-In">		  <input name="submitID" type="hidden" id="submitID" value="1"></strong></font> </div></td>    </tr>    <tr>	  <td colspan="2"><div align="right"><a href="http://lightphpscripts.com" target="_blank"><font size="1">Powered by LPS</font></a></div></td>    </tr>  </table></form>

myaccount.php

<html><header><title>hello my world!!!!</title><body>To protect any pages, place this code on top most of the page:<?phpsession_start();if($_SESSION['isLoged'] != 'yes' || $_SESSION['userName'] == NULL){    header("Location: login.php");exit();}?>Hello world!!</body></html>

readme.txt

This script was downloaded at:LightPHPScripts.comPlease support us by visitingout website and letting peopleknow of it.Produced under: LGPLNOTE: Script assumes you have an existing userbase database. If not, please use the tablescheme provided in database.sql.Step 1------Open config.php, fill it with the correct informationStep 2------Place the registration file where you want it to appear as:<?php include('register.php'); ?>Step 3------Place login.php in the page where you want the login box to appear as:<?php include('login.php'); ?>Step 4------To log out a user, redirect them to logoff.php as:http://example.com/logoff.phpStep 5------To protect any pages, place this code on top most of the page:<?phpsession_start();if($_SESSION['isLoged'] != 'yes' || $_SESSION['userName'] == NULL){    header("Location: login.php");exit();}?>Step 6------To protect any directory, place the above code in a file called index.php andplace that file in the directory.

The readme.txt said (in Step 5) that I always put <?php session_start(); if($_SESSION['isLoged'] != 'yes' || $_SESSION['userName'] == NULL){ header("Location: login.php");exit();}?> so only logged in users can view the content. But it just don't work with my code in myaccount.php. Did i make any mistake and what is it? Thank you very much for your time and sorry for this kind of question.

[thescientist]

what is the actual problem? Are you getting errors? What is isn't working? The session part? the header part? Please be more specific. If its the header redirect, then the problem is because you are doing a header redirect and outputting HTML in myaccount.php. The instructions indicate that you put the SESSION check code at the top most of any page (before any possible output could be sent to the browser). You have it right in the middle of some output. That won't work.

Edited January 12, 2013 by thescientist

[TheCatapult]

The problem is the word Hello world!! does not display even though I am logged.Sorry and thanks!

[Labtec]

The scientist got it spot on, you're trying to start a session after HTML has been read/outputted. Do this instead:

<?phpsession_start();?><html><head>	<title>hello my world!!!</title></head><body>To protect any pages, place this code on top most of the page:<?php if($_SESSION['isLoged'] != 'yes' || $_SESSION['userName'] == NULL){	header("Location: login.php");exit();}else{	echo $_SESSION['isLoged']."<br />";	echo $_SESSION['userName'];}?>Hello world!! </body></html>

Slightly modified your HTML. Took the <header> tag which was outside the <body> tag and added <head> opening and closing tags. Give this a try. Regards, Labtec.

Edited January 12, 2013 by Labtec

[TheCatapult]

Thank you. But it still does not work, it only shows the "To protect any pages, place this code on top most of the page:". As I view the source code in my browser, it shows <html> <head> <title>hello my world!!!</title> </head> <body> To protect any pages, place this code on top most of the page: Notice the </body> and </html> is not found. I am using Google Chrome.

Edited January 13, 2013 by MisterCatapult

[Labtec]

Echo your session variables in myaccount.php just after you set session_start0;

<?phpsession_start();echo $_SESSION['isLoged']."<br />";echo $_SESSION['userName'];?>

What does this print? Have you got error reporting turned on? Regards, Lab.

[TheCatapult]

It shows no error. But it shows only "To protect any pages, place this code on top most of the page:"Pardon me, but I can no longer follow. I used the code you have given earlier above.

[dsonesuk]

place theinclude('config.php');above the if condition, i can't see how it can determine if sessionstart is true if it references the value AFTER the if condition from config.php.

[TheCatapult]

Thanks dsonseuk! I followed your advise.

<?phpsession_start();?><html><head>	    <title>hello my world!!!</title></head><body>To protect any pages, place this code on top most of the page:<?phpinclude('config.php');if($_SESSION['isLoged'] != 'yes' || $_SESSION['userName'] == NULL){	    header("Location: login.php");exit();}else{	    echo $_SESSION['isLoged']."<br />";	    echo $_SESSION['userName'];}?>Hello world!!</body></html>

Still, it does not work. It shows only the To protect any pages, place this code on top of the page: Here is the source code (I am using Google Chrome and yes I logged in.).

<html><head>	    <title>hello my world!!!</title></head><body>To protect any pages, place this code on top most of the page:

Thanks everybody!

[dsonesuk]

1) is your server setup to allow short php tags of <? ?>.2) <? =$message ?> '=' sign is not valid old asp coding yes! but not in PHP.3) $message has to be defined $message=""; or you will get undefined error4) since you don't have errors messages appearing showing these errors, I have to presume you have display errors turned off, suggest you it turn on for this.

[justsomeguy]

You need to put all code that sends headers before any HTML code. Your code is getting to the if statement, trying to send a header to redirect you, and then it exits. Since it exits, you don't see anything else after that. But it doesn't actually redirect because you can't send a header at that point. You need to send all headers before you send any output.

<?phpsession_start();include('config.php');if($_SESSION['isLoged'] != 'yes' || $_SESSION['userName'] == NULL){  header("Location: login.php");  exit();}?><html><head>  <title>hello my world!!!</title></head><body><?phpecho $_SESSION['isLoged']."<br />";echo $_SESSION['userName'];?>Hello world!!</body></html>

[TheCatapult]

Thank you for the answers. Sorry for too much question. I have three problems now: 1. Even though the user is not logged, the myaccount.php redirects the user to the variable written in Location: .i.e. login.php [which I have changed.] 2. Since the Location is login.php, what it does is just redirect the user to login form. 3. I have changed the location to myaccount1.php, the problem is just like in number 1. Help please. I'm completely noob at this. What I want is just to have a page where only logged users can view it [since this page will be the one where I will put my form.] Thanks for understanding!

Edited January 17, 2013 by MisterCatapult

[justsomeguy]

1. Even though the user is not logged, the myaccount.php redirects the user to the variable written in Location: .i.e. login.php [which I have changed.]

That's exactly what you're telling it to do. You're saying that if the user is not logged in, then redirect them.

2. Since the Location is login.php, what it does is just redirect the user to login form.

What exactly is the problem with that?

[TheCatapult]

My problem is even though I logged in successfully, myaccount.php always redirects it to login.php .

[justsomeguy]

Test the conditions in the if statement then. You have an if statement that decides whether to redirect, so check the variables being tested to see what they are set to after you log in.