tags:

views:

22

answers:

1
+1  Q: 

PHP Session Variables - At Wit's End

I'm just getting in to MySQL and PHP--and I'm just trying to create a simple login system for a project we're testing. I've connected and created the login logic just fine, but now I can't for the life of me get the session variables to carry over to the new pages. Could someone please show me the correct way to do this?

Here is my login script--which is activated by submitting a form:

<?php 
session_start();

$link = mysql_connect('xxxxxxx.ipowermysql.com', 'xxxxxx', 'xxxxxx'); 
if (!$link) { 
    die('Could not connect: ' . mysql_error()); 
} 

mysql_select_db(austinhabich_IC_20090511_174535) or die(msql_error());

$email=$_POST['email']; 
$password=$_POST['password'];

$sql="SELECT * FROM player WHERE email='$email' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){

$_SESSION['status'] = "1";      

header("location: main.php");
}
else {
echo "Wrong Username or Password";
}
?>

And here is the page it redirects to:

 <?php session_start(); ?>
 ...doctype stuff...

 <html
 xmlns="http://www.w3.org/1999/xhtml"&gt;
 <head> <meta http-equiv="Content-Type"
 content="text/html; charset=utf-8" />
 <title>Untitled Document</title>
 </head>

 <body> 

 <?
 echo $_SESSION['status'];

 ?> </body> </html>

In this case, I'm just trying to even get the session variable to register, so I'm testing by attempting to print the variable's data. I've been trying to use isset and have it redirect back to the login page. The redirect worked, but it happened every time since the session variable is not registering.

PHP Verion is 5.2.12

A: 

On a quick glance, three things:

  • You seem to be missing session_start() in the first script.

  • You would get "Wrong username" if the account exists twice or more in the table, which can sometimes happen while testing.

  • You should die() after doing a header() redirect.

  • austinhabich_IC_20090511_174535 needs to be put into quotes.

  • session_start(); needs to be called in the head of the script, before any HTML is output.

  • Your SQL statements are vulnerable to SQL injection. Incoming data should urgently be sanitized using mysql_real_escape_string before used in a query

Pekka  2010-07-28 21:51:30
Right-- I accidentally forgot to put the session_start(); at the top of the login script in my code example. Even with it there, I still can't get the session variable to register...
 2010-07-28 21:54:36
I also put <? session_start(); ?> as the very first line of the end page-- and of course deleted it from where it was, also to no avail...
 2010-07-28 21:56:52
@user strange, then I don't know what the matter is. I added another point that you should take care of before going live with anything.
Pekka  2010-07-28 21:59:05
I had some sanitation precautions, as well as an isset statement on the login script that would redirect to login if they came there any other way than by submitting the form--I just got rid of absolutely everything non-essential until I can get this ****** session variable to register...
 2010-07-28 22:01:20
@user ah, I see. Are you given a session cookie? You're not switching domains or anything?
Pekka  2010-07-28 22:02:12
No-- not switching domains... I've tried in Chrome with regular settings and IE with all cookies enables. How can I check to see if I've been given a session cookie?
 2010-07-28 22:17:19

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases