[UPHPU] login session propagation problems
Dave Simpson
bigbikkuri at gmail.com
Thu May 11 02:15:32 MDT 2006
Hi everyone,
I'm having problems getting my $_SESSION variables to propagate across my
page so I can make page customizations. If you could look at my code and
point me in the right direction as to what I'm doing wrong, I would really
appreciate it. Basically, what I'm expecting to happen right now is a
successful login will replace the login pages login form with a welcome
message. I have a login.html, a login.php, and a checklogin.php file. I'm
not really sure why the code in checklogin.php is in a seperate file, and
I'm not sure why I'd ever call to it (outside of this situation) but that is
the setup of a tutorial I was pointed to. I've looked at so many session
tutorials and forums and I have yet to find my answer. I hope you all can
pull my butt out of the fire.
LOGIN.HTML
____________
<?
session_start();
if(session_is_registered($_SESSION[name]))
{
echo "<p>$_SESSION[name], you are already logged
in!</p>";
}
else
{
?>
<div id="centercol">
<form method="POST" action="login.php">
Username: <input type="text" name="username"
size="20"><br>
Password: <input type="password" name="password"
size="20"><br>
<input type="submit" value="Submit" name="login">
</form>
<?
}
?>
<p>Not a Club L member? <a href="signup.html">Sign Up!</a></p>
<p>Need to logout? <a href="logout.php">Click Here</a></p>
LOGIN.PHP
__________
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);
//set the database connection variables
$dbHost = "localhost";
$dbUser = "root";
$dbPass = "abc123";
$dbDatabase = "clubl_movies";
//connect to the database
$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error
connecting to database.");
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the
database.");
//$result=mysql_query("SELECT * FROM users WHERE username='$user'
AND password='$pass'", $db);
$query = sprintf("SELECT * FROM users WHERE username='%s' AND
password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($pass));
$result = mysql_query($query, $db);
//check that at least one row was returned
$rowCheck = mysql_num_rows($result);
if($rowCheck > 0)
{
while($row = mysql_fetch_array($result))
{
//start the session and register a variable
session_start();
session_register('$user');
$_SESSION[name] = $user; //session id
$_SESSION[first] = $row['first']; //user's first name
for personalization
$_SESSION[last] = $row['last']; //user's last name
for personalization
//successful login code will go here...
echo 'Success!';
//we will redirect the user to another page where we
will make sure they're logged in
header( "Location: /club_l/checkLogin.php" );
}
}
else
{
//if nothing is returned by the query, unsuccessful login
code goes here...
echo 'Incorrect login name or password. Please try again.';
}
CHECKLOGIN.PHP
_________________
session_start();
//check to make sure the session variable is registered
if(session_is_registered('$user'))
{
//the session variable is registered, the user is allowed to see
anything that follows
//echo "Welcome $_SESSION['name'], you are still logged in.";
header( "Location: /club_l/login.html" );
}
else
{
//the session variable isn't registered, send them back to the
login page
echo "Your are not logged in.";
/*header( "Location: club_l/login.html" );*/
}
Thanks again!
More information about the UPHPU
mailing list