tags:

views:

177

answers:

3
Q: 

$_SESSION difficulties

I am creating a login script that stores the value of a variable called $userid to $_SESSION["userid"] then redirects the user back to the main page (a side question is how to send them back where they were?). However, when I get back to that page, I am echoing the session_id() and the value of $_SESSION["userid"] and only the session id shows up. It had occured to me that maybe my redirect page needs to have at the top, but if this were true, then the session_id I'm echoing would change each time I end up on the page that is echoing it. Here is the script:

    <?php
session_start();
include_once("db_include.php5");
doDB();
//check for required fields from the form
if ((empty($_POST['username']) && empty($_POST['email'])) || empty($_POST['password'])) {
header("Location: loginform.php5");
exit;
}   else if($_POST["username"] && $_POST["password"]){

    //create and issue the query
    $sql = "SELECT id FROM aromaMaster WHERE username='".$_POST["username"]."' AND password=PASSWORD('".$_POST["password"]."')";
    $sql_res =mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));

    //get the number of rows in the result set; should be 1 if a match
    if(mysqli_num_rows($sql_res) != 0) {
      //if authorized, get the userid
      while($info = mysqli_fetch_array($sql_res)) {
        $userid = $_info["id"];
      }
      //set session variables
      $_SESSION['userid'] = $userid;

      mysqli_free_result($sql_res);
      //redirect to main page
      header("Location: loginredirect.php5");
      exit; }
    } else if($_POST["email"] && $_POST["password"]) {

          //create and issue the query
    $sql = "SELECT id FROM aromaMaster WHERE email='".$_POST["email"]."' AND password=PASSWORD('".$_POST["password"]."')";
    $sql_res =mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));

    //get the number of rows in the result set; should be 1 if a match
    if(mysqli_num_rows($sql_res) != 0) {

      //if authorized, get the userid
      while($info = mysqli_fetch_array($sql_res)) {
        $userid = $_info["id"];
      }
      //set session variables
      $_SESSION['userid'] = $userid;

      mysqli_free_result($sql_res);

      //redirect to main page
      header("Location: loginredirect.php5");
      exit;}
      } else {
      //redirect back to login form
      header("Location: loginform.php5");
      exit;
    }
    mysqli_close($mysqli);
?>
+1  A: 

You need to call session_write_close() to store the session data changes.

Side answer: you can use the $SERVER["HTTP REFERER"] to redirect back, if it was filled by the browser

Zed  2009-08-20 15:59:13
thanks, I'll look into the referer thing. I may as well ask, though, what you mean 'if it was filled by the browser'?
 2009-08-20 16:05:39
session_write_close() should be called for you
Tom Haigh  2009-08-20 16:10:24
In some (most?) browsers you can tell the browser not to send a referer header. For example in firefox set network.http.sendRefererHeader value to 0 to disable sending referrers.
Zed  2009-08-20 16:13:44
Ah, I see. So, I would just use header("Location: ".$_SERVER["HTTPREFERER"].""); ?
 2009-08-20 16:18:30
+3  A: 

You're doing this:

while($info = mysqli_fetch_array($sql_res)) {
    $userid = $_info["id"];
}

Where you should do this:

while($info = mysqli_fetch_array($sql_res)) {
    $userid = $info["id"];
}
Ropstah  2009-08-20 16:00:56
Oh you made the same typo twice in your code by the way, so make sure you change it at both points!
Ropstah  2009-08-20 16:03:54
aren't both those loops identical?
mrinject  2009-08-20 16:04:34
No, please note the change from $_info['id'] to $info['id']
Ropstah  2009-08-20 16:05:30
My answer as far as debugging would eventually find this - but yeah, The session value is being set wrong, so the session value is echo'ing wrong.
McAden  2009-08-20 16:05:56
Ha, I know there's two the same :)They are identical, but one works if the user has entered their username and password, and the second if they've only entered their email address and password. I could have worked that into once condition and then decided inside which query to make, but that way was just simpler. Thanks, guys!
 2009-08-20 16:07:02
+1  A: 

Make sure: 

   <?php
   session_start();

Is at the top of each page.

Additionally, you can test by commenting out your redirects and echo'ing the value you're setting with to make sure you're retrieving/storing the correct value to begin with.

McAden  2009-08-20 16:02:42

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases