Question
I have a login.php file that after a valid login it does not seem to be starting a session or storing any information in the session array? Any help would be appreciated. Thank you.
https://stackoverflow.com/questions/15801964
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian <?php
include_once 'accounts/db.php';
include_once 'accounts/dbfunctions.php';
$err = array();
foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}
if ($_POST['doLogin']=='Login')
{
foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}
$user_email = $data['usr_email'];
$pass = $data['pwd'];
if (strpos($user_email,'@') === false) {
$user_cond = "user_name='$user_email'";
} else {
$user_cond = "user_email='$user_email'";
}
$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE
$user_cond
AND `banned` = '0'
") or die (mysql_error());
$num = mysql_num_rows($result);
// Match row found with more than 1 results - the user is authenticated.
if ( $num > 0 ) {
list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);
if(!$approved) {
//$msg = urlencode("Account not activated. Please check your email for activation code");
$err[] = "Account not activated. Please check your email for activation code";
//header("Location: login.php?msg=$msg");
//exit();
}
//check against salt
if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
if(empty($err)){
// this sets session and logs user in
session_start();
session_regenerate_id(true); //prevent against session fixation attacks.
// this sets variables in the session
$_SESSION['user_id']= $id;
$_SESSION['user_name'] = $full_name;
$_SESSION['user_level'] = $user_level;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
//update the timestamp and key for cookie
$stamp = time();
$ckey = GenKey();
mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
//set a cookie
if(isset($_POST['remember'])){
setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
}
header( 'Location: http://www.example.com' ) ;
}
}
else
{
//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
//$err[] = "Invalid Login. Please try again with correct user email and password.";
header("Location: index.html?p=problem1");
}
} else {
header("Location: index.html?p=problem2");
//$err[] = "Error - Invalid login. No such user exists";
}
}
?>
<script type="text/javascript" src="jquery/jquery.validate.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$("#logForm").validate();
});
</script>
<?php
/******************** ERROR MESSAGES*************************************************
This code is to show error messages
**************************************************************************/
if(!empty($err)) {
echo "<div class=\"msg\">";
foreach ($err as $e) {
echo "$e <br>";
}
echo "</div>";
}
/******************************* END ********************************/
?>
<div>
<?php
echo "session user id " . $_SESSION['user_id'];
echo "session id" . $sess_user_id;
echo "cookie id" . $cook_user_id;
echo "Session A " . $test1;
Print_r ($_SESSION);
$sid = session_id();
if($sid) {
echo "Session exists!" . session_id();
} else {
echo "NOTHING!";
}
echo $_SESSION['user_name'];
echo $_COOKIE['user_id'];
echo $_COOKIE['user_key'];
?>
<a id="11" href="#colorbox" class="Link">Login</a>
</div>
<div style='display:none'>
<div id="colorbox">
<div id="LoginBox">
<form action="login.php" method="post" name="logForm" id="logForm">
<div class="Fields">
<div id="userName">UserName:</div>
<input name="usr_email" type="text" class="required" size="25">
</div>
<div class="Fields" style="padding-top:5px;">
<div id="passWord">Password:</div>
<input name="pwd" type="password" class="required password" size="25">
</div>
<div class="Fields" style="padding-top:5px;">
<input name="remember" type="checkbox" id="remember" value="1">
Remember me</div>
<div class="Fields" style="padding-top:5px;text-align:center;">
<input name="doLogin" type="submit" id="doLogin3" class="button" value="Login">
</div>
</form>
<div id="forgotPasswordLink">
<a class="sitelink" id="colorboxForgot" href="forgot.php">Forgot Password</a></div>
</div>
</div>
</div>
Right now after login I see url index.html?p=problem instead of http://www.example.com
the following echos are empty so I believe that means no information is going into the session array
<?php
echo "session user id " . $_SESSION['user_id'];
echo "session id" . $sess_user_id;
echo "cookie id" . $cook_user_id;
echo "Session A " . $test1;
Print_r ($_SESSION);
$sid = session_id();
if($sid) {
echo "Session exists!" . session_id();
} else {
echo "NOTHING!";
}
echo $_SESSION['user_name'];
echo $_COOKIE['user_id'];
echo $_COOKIE['user_key'];
?>
Solution
keep in mind that you should start session at the very top of thd page,ie before anything start.else you will get empty values for session variables. if you wish to use session variables.Move session_start();
to fist line.
sure this will solve ur problem
