Member Avatar for M4trixSh4d0w

Hi, I'm new to php, but I'm trying to implement a basic user system on my site. I'm having some trouble keeping a PHP session when I change pages (or something like that) where the logged in varible (id) isn't showing up as being defined, so a logged-in user doesn't actually log in.

This is how I log the user in

<?php

if ($_POST['username'] && $_POST['password']) {
include_once "mysql.php";
$username = ereg_replace("[^A-Za-z0-9]", "", $_POST['username']);
$password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']);
$password = md5($password);
$sql = mysql_query("SELECT * FROM members WHERE username='$username' AND password='$password' AND email_activated='1'"); 
$login_check = mysql_num_rows($sql);
if($login_check > 0){ 
    while($row = mysql_fetch_array($sql)) { 
        $id = $row["account_id"];   
        session_register('id'); 
        $_SESSION['id'] = $id;
        $username = $row["username"];   
        session_register('username'); 
        $_SESSION['username'] = $username;
        mysql_query("UPDATE members SET lastlogin=now() WHERE account_id='$id'");
        //$_SESSION id is set to the correct value here
        header("Location: profile.php?id=$id"); //supposed to redirect the user, now logged in. But doesn't keep the session I just registered.
    }
//rest of login form code after here (html)

This is how I try to check if the user is logged in
and display menus

<?php
session_start();
$toplinks = "";

if (isset($_SESSION['id']))  { //id always returns null, and is never displayed
  $userid = $_SESSION['id'];
    $username = $_SESSION['username'];
    $toplinks = '<a href="profile.php?id=' . $userid . '">' . $username . '</a> &bull; 
    <a href="account.php">Account</a> &bull; 
    <a href="logout.php">Log Out</a>';
} else {
    $toplinks = '<a href="join.php">Register</a> &bull; <a href="login.php">Login</a>';
}
//other site code (html)

So what am I doing wrong to have the login not set up a session? I've looked through other tutorials and they do it just the same way as this. Did I miss something?

Thanks

Edited by M4trixSh4d0w because: Thanks
  • 2 Contributors
  • 6 Replies
  • 318 Views
  • 22 Hours Discussion Span
  • Latest Post Latest Post by M4trixSh4d0w
Member Avatar for IIM

In line number 2,you forgot to start session.

<?php
session_start();
if ($_POST['username'] && $_POST['password']) {
Edited by IIM
Member Avatar for M4trixSh4d0w

I added that line on line 2 of login.php, but it doesn't seem to keep the session still... Also the link you PM'd me was this same thread.

Member Avatar for IIM

Add session_start(); on line 2

bool session_register ( mixed $name [, mixed $... ] )

This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.

remove lines as session variable is created just by $_SESSION['id'],as session_register() is deprecated.

  session_register('id'); //line 13
  session_register('username'); //line 16

After line 12 echo $id to check its value.

http://www.php.net/manual/en/function.session-start.php

Edited by IIM
Member Avatar for M4trixSh4d0w

So I tried this for login.php

<?php
session_start();
if ($_POST['username'] && $_POST['password']) {
include_once "mysql.php";
$username = ereg_replace("[^A-Za-z0-9]", "", $_POST['username']);
$password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password']);
$password = md5($password);
$sql = mysql_query("SELECT * FROM members WHERE username='$username' AND password='$password' AND email_activated='1'"); 
$login_check = mysql_num_rows($sql);
if($login_check > 0){ 
    while($row = mysql_fetch_array($sql)) { 
        $id = $row["account_id"];   
        //echo $id; //echos just fine..
    $username = $row["username"];   
        $_SESSION['id'] = $id;
        $_SESSION['username'] = $username;
        mysql_query("UPDATE members SET lastlogin=now() WHERE account_id='$id'");
        header("Location: profile.php?id=$id");
    }
    //rest of code

But that didn't work either, so using the link you posted, I tried out the files
page1.php

<?php
// page1.php

session_start();

echo 'Welcome to page #1';

$_SESSION['favcolor'] = 'green';
$_SESSION['animal']   = 'cat';
$_SESSION['time']     = time();

// Works if session cookie was accepted
echo '<br /><a href="page2.php">page 2</a>';

// Or maybe pass along the session id, if needed
echo '<br /><a href="page2.php?' . SID . '">page 2</a>';
?>

and page2.php

<?php
// page2.php

session_start();

echo 'Welcome to page #2<br />';

echo $_SESSION['favcolor']; // green
echo $_SESSION['animal'];   // cat
echo date('Y m d H:i:s', $_SESSION['time']);

// You may want to use SID here, like we did in page1.php
echo '<br /><a href="page1.php">page 1</a>';
?>

And even the demo didn't work. It just gave me this:

Welcome to page #2
1969 12 31 19:00:00
page 1

With no session data. So what is going on here? Is it my website service host?

Edited by M4trixSh4d0w because: asd
Member Avatar for IIM

use phpinfo() and check the session.* settings.
or open php.ini file and print the session settings.

register_globals = off

if it is on then it will create a global variable and session data will be stored in $user instead of $_SESSION['user']

Member Avatar for M4trixSh4d0w

Thanks for the answers, but I actually figured it out.
My host set the default session.save_path to somewhere I couldn't access. So after setting that, it works just fine.

Thanks for all the help though!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.