Question

I'm having some problems to check session, to access a page I need to have a session active.

Login process: 

    //Connect to mysql server
    require "reservation/connect.php";

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values
    $login = clean($_POST['user']);
    $password = clean($_POST['password']);

    //Create query
    $qry="SELECT * FROM user WHERE username='$login' AND password='$password'";
    $result=mysql_query($qry);
    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) > 0) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $member['user_id'];
            $_SESSION['SESS_FIRST_NAME'] = $member['position'];
            session_write_close();
            //if ($level="admin"){
            header("location: admin/dashboard.php");
            exit();
        }else {
            //Login failed
            header("location: index.php");
            exit();
        }
    }else {
        die("Query failed");
    }
?>

Authentication: 

if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
        header("location: index.php");
        exit();
    } 
?>

Even if i log in from the form, the page doesn't load and redirect me back to index! What i'm doing wrong? I put "require_once('../auth.php');" on the page but it's still not working.

Was it helpful?

Solution

That is because it is getting into else part of the statement , which means $result is 0 or false.

So the reason is the query must be failing.. So add mysql_error() like this..

$result=mysql_query($qry) or die(mysql_error());

To know the exact cause..

This(mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. Switching to PreparedStatements is even more better to ward off SQL Injection attacks !

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top