6 replies to this topic

[pirateXcore]

I'm having a little post-session problem.

On my login page, I have the session_start...blah blah then the session starts. haha It sets the session once you login & all, but the problem is getting it to work when you're already logged in on the login page.

<?
session_start();
include ('include/header.php');
?>
</div>
<div align="center">
<table border="0" cellspacing="0" width="800" cellpadding="0" background="images/pglength.png" align="center">
  <tr>
	<td width="570" valign="top" align="center">
	<table border="0" cellspacing="0" width="570" cellpadding="0" valign="top" style="border-collapse: collapse" bordercolor="#111111">
	  <tr>
		<th height="20" class="rightcolumn" valign="top">
		<img border="0" src="images/register.png" align="top" width="570" height="20">
		</th>
	  </tr>
	  <tr>
		<td height="56" align="right" class="rightcolumn" valign="top" background="images/pagecenter.png">

<?
if ($_POST['submit'])
{
	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);
	$passwordthatismd5 = md5($password);
	
	$query = "SELECT id FROM users WHERE username='$username'"; 
	$result = mysql_query($query) or die("Couldn't execute query."); 
	$num = mysql_num_rows($result);
	
if ($num > 0){
	$query = "SELECT id FROM users WHERE username='$username' and password='$passwordthatismd5'"; 
	$result2 = mysql_query($query) or die("Couldn't execute query."); 
	$num2 = mysql_num_rows($result2);
	
	if ($num2 > 0){
	$_SESSION['auth']="yes";
	$_SESSION['loginid']="$id";
	$loggedid = $id;
	$today=date("Y-m-d h:i:s");
		
	$sql = "INSERT INTO login (`loginid`, `logintime`) VALUES ('$loggedid', '$today')";
	$result = mysql_query($query) or die ("Can't execute insert query.");
	echo"<div align='center'>Successfully logged in as $username!</div>";
	}
	else
	{
	echo"<div align='center'>The password is incorrect.</div>";
	}
} 
elseif ($num == 0)
{
echo"<div align='center'>The username is incorrect.</div>";
}	
}


elseif(isset( $_SESSION['loginid'])){
	$query = "SELECT * FROM users where id='{$_SESSION['loginid']}'";
	$result = mysql_query($query) or die("Couldn't execute query.");
	$num = mysql_num_rows($result);
	while ($row = mysql_fetch_row($result));
	{
		$username = $row['username'];
	}
	

echo"<div align='center'>You are already logged in as {$_SESSION['loginid']} $username.</div>";

session_destroy();
}
else{
?>
		<form enctype="multipart/form-data" id="post" method="post" action="login.php">
		<blockquote>
		  <p align="left">
		<label>Username:</label>
		<input type="text" name="username" size="20">
		<br>
		<label>Password:</label>
		<input type="password" name="password" size="20">
		<br>
		<input type="submit" value="Submit" name="submit"> </p>
		</blockquote>
		</form>
		</td>
	  </tr>
		<?}?>
				<tr>
	<td width="600" height="10" align="center" class="rightcolumn" valign="top">
	<img border="0" src="images/pagefooter.png" align="bottom" width="570" height="20"></td></tr></table></td></tr></table><?
include ('include/footer.php');
?>

What happens is, it logs you in, but the thing that if you're already logged in just gives back "You are already logged in as" and that's it. I am new to sessions, and they're confusing me (the headache i've had all day & being tired could be affecting this as well)
anyway...any help at figuring this out would be appreciated. thanks.
sorry for the bad typing tonight, i'm tired. :\

Edited by tgs, 15 July 2007 - 06:35 PM.

[Korndawg]

I don't know if it would matter, but why don't you do the "work" before you echo anything? As is move the query and num_rows up before the echo and make only one echo (I also believe this would save space, so the site would load faster).

[pirateXcore]

That won't help with this, although that would be better practice than this XD

[bay]

Here is your problem:

<?
if ($_POST['submit'])
{
    // You set $username
	$username = mysql_real_escape_string($_POST['username']);
   
   ...
}
elseif($_SESSION['auth']=="yes"){
	// You try to echo $username
    echo"$username</div>";
}
else{
	...
}
?>

You see, you are setting $username only when condition 1 is met...so when condition 2 is met, you have not yet set $username which is why nothing is showing up

[pirateXcore]

Yea, the problem is, I'm unsure as to what I need to compare to get the username. :\

I have a database called login...and it sets the logintime & loginid...
when trying to get the id of the current user logged in...i take from the session...the loginid is what I thought...as you can see. That doesn't work though.
So idk what exactly I need to do with the session to get the id that is being used. :\

[bay]

When you log them in and create $_SESSION['auth'] why dont you just set its value to be the users username?

then instead of checking if ( $_SESSION['auth'] == 'yes'] ) just check if it exists.. if ( isset ( $_SESSION['auth'] ) ). The only time it will be set is when you confirm their login credentials and its value will be their username or username id saving you the trouble of fetching it again.

[pirateXcore]

Hmm, well I put my updated code on there, and tried something similar to what you said.
It's still not working though. :\