ansaurus

Question

Answer 1

+1 A:

make double sure you are using two = signs. a single one will assign as opposed to eval.

also switch would be better

switch ($_SESSION['username']) {
case 'google':
$file='file1.php';
break;
case 'google':
$file='file2.php';
break;
default:
$file='default.php';
break;
}
header("location: $file');

FatherStorm 2010-10-01 21:39:14

i have inserted two = signs. Your code takes me to default.php no matter what the username is

Sarthak Srivastava 2010-10-01 21:42:58

then you don't have persistent sessions. check your server config.

FatherStorm 2010-10-01 21:57:23

ou can test this with: $a = session_id();if ($a == '') session_start(); echo $a; reload that page several times and see if the sessionid changes

FatherStorm 2010-10-01 21:58:11

Answer 2

A:

<?php

$host = "localhost";
$username = "USERNAME OF PHPMYADMIN";
$password = "PASS OF PHPMYADMIN";
$db_name = "membership";
$tbl_name = "users";

$connect = @mysql_connect ($host, $username, $password) or die ('error');
$select = @mysql_select_db($db_name, $connect) or die('check');

$username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT  * FROM $tbl_name WHERE username='$username' and password='$password' ";

$result = mysql_query($sql);

$count = mysql_num_rows($result);

if($count==1) {
    session_register("username");
    session_register("passsword");
    header("location:dashboard.php");
}
else
{
    echo "Username/Password does not match. Try Again.";
}


?>

tHIS IS THE Other code im using.

Sarthak Srivastava 2010-10-01 21:41:00

This is getting messy. You should put your code into your question instead of into multiple answers.

stjowa 2010-10-01 21:51:47

There's quite a lot wrong here.First things first, **escape your data** - anything that a user inputs which then gets used in a database query must be escaped with at least `mysql_real_escape_string()`Secondly, why are you using `session_register()`? You need to be using `$_SESSION['username'] = $username` to set the data, not `session_register()`

chigley 2010-10-01 21:53:35

This is not an answer.

Matt Huggins 2010-10-01 21:59:05

Don't post things like this as answers. Edit your question instead.

colithium 2010-10-01 22:10:03

Answer 3

A:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login to access the secret files!</title>
<link rel="stylesheet" type="text/css" href="css/default.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"&gt;&lt;/script&gt;
<script type="text/javascript" src="js/main.js"></script>
</head>

<body>
<div id="login">
    <form method="post" action="test.php">
        <h2>Login <small>enter your credentials</small></h2>
        <p>
            <label for="name">Username: </label>
            <input type="text" name="username" />
        </p>

        <p>
            <label for="pwd">Password: </label>
            <input type="password" name="password" />
        </p>

        <p>
            <input type="submit" id="submit" value="Login" name="submit" />
        </p>
    </form>
    <?php if(isset($response)) echo "<h4 class='alert'>" . $response . "</h4>"; ?>
</div><!--end login-->
</body>
</html>

This is what I am using for my login page.

Sarthak Srivastava 2010-10-01 21:49:09

This is not an answer.

Matt Huggins 2010-10-01 22:00:13

Answer 4

+3 A:

Wouldn't you need session_start(); on the page where you query for the username?

Assuming this code is in a separate page.

<?php

session_start();

$connect = @mysql_connect ($host, $username, $password) or die ('error');
$select = @mysql_select_db($db_name, $connect) or die('check');
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password' ";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1) {
    session_register("username");
    session_register("passsword");
    header("location:dashboard.php");
} else {
    echo "Username/Password does not match. Try Again.";
}
?>

luckytaxi 2010-10-01 21:52:36

Answer 5

A:

Try doing a print_r on the session variable there may be other issues with your sessions.

<?= print_r($_SESSION['username']) ?>

anthonyjack 2010-10-01 21:53:18

Answer 6

A:

First of all, you really shouldn't be storing passwords in the database in plaintext. At very least, md5() them or something.

Second of all, you should escape the values you put into the SQL query (or even better, use MySQLi's prepared statements, if your server has MySQLi enabled) to avoid SQL injections.

Third of all, debug statements do wonders. Have you tried printing out the value of $_SESSION['username'] immediately before the conditional? I have a hard time believing PHP's conditional processing or equality tests would mess up, so the value must be "google" for some reason. I think you'll need to track down assignments to $_SESSION['username'] in your code to try and figure out why.

2010-10-01 22:05:04

Answer 7

A:

You should be calling session_start() before putting the username and password in session, and shouldn't be using session_register() (as it's deprecated), just use the $_SESSION global like so

session_start();
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

then on the next page do a start_session() and var_dump($_SESSION); and you can see what has been set in session

Dave 2010-10-01 22:07:12

Hey Dave, Thank for posting this. This code worked and on the next page where var_dump is located, i get a message like array username google, password -----. So thanks for that. When i now post the condition to redirect different users, it still redirects me to file1.php. Thanks.

Sarthak Srivastava 2010-10-02 13:33:13

ansaurus

tags:

views:

answers:

I need help with PHP sessions

related questions