I found the source of the problem #2. It is the use of *session_register(foo)*.
I put the following to my *handle_registration.php*.
session_register("foo");
session_register("foo2");
$foo2 = $_POST['email'];
$foo['email'] = $_POST['email']
The problem still persists, since no variables are stored to my session cookie.
This is the logic of my login script.
- Solved by Pascal Martin and The Disintegrator: Which is the right place to put the function
session_write_close
in generating sessions for login? - How can you get a permanent session for user "session" such that a new session is not started each time index.php is loaded?
I have the session_start()
at the beginning of my index.php
.
The very Beginning of my index.php
session_start();
if($_SESSION['logged_in'] == false) {
$random_number = rand(1,100000);
session_id($random_number);
session_id['email'] = '';
}
while the very end of my index.php
<?php
session_write_close(); // Session code ends here!
?>
I have right after the very beginning of the session code the validation process of user's password by
$dbconn = pg_connect("host=localhost port=5432 dbname=masi user=masi password=123");
$result = pg_prepare($dbconn, "query22", "SELECT passhash_md5 FROM users
WHERE email=$1;");
$passhash_md5 = pg_execute($dbconn, "query22", array($_REQUEST['email']));
// users from registration/login form
if ($passhash_md5 == md5($_REQUEST['password'])) {
$_SESSION['logged_in'] = true;
$_SESSION['email'] = $_REQUEST['email'];
$_SESSION['passhash_md5'] = md5($_REQUEST['password']);
}
// this may be unnecessary if the passhash_md5 cannot be changed by the user
$passhash_md5_2 = pg_execute($dbconn, "query22", array($_SESSION['email']));
// users staying in the site
if ($passhash_md5_2 == $_SESSION['passhash_md5'])) {
$_SESSION['logged_in'] = true;
}
The code generates me continuously random sessions such that no user's data is being saved for the user.
I replaced each $_REQUEST
after the login/registration handlers by $_SESSION
in my code, since $_REQUEST
does not include $_SESSION - still the same problem and I cannot see the username in the homepage after registration/login.