5 replies to this topic

[er0x]

when i run php 4 on my website my login works fine. however. when i switch it to 5 it stops working. here is the script...

maybe someone can tell the problem?

also.. maybe theres a way to shorten and improvise this code a bit?

function do_login()
{
	$username = mysql_real_escape_string($_POST[username]);
	$password = md5(mysql_real_escape_string($_POST[password]));
	
	$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
	
	if(mysql_num_rows($checklogin) == 1)
	{
		$r = mysql_fetch_array($checklogin);
		session_start();
		$_SESSION[Username] = $username;
		$_SESSION[EmailAddress] = $r[EmailAddress];
		$_SESSION[LoggedIn] = 1;
		$_SESSION[UserType] = $r[UserType];

		
		echo '<h2>Now logged in!</h2>';
		echo '<p>You are now logged in. Redirecting you to the recent entries</p>';
		echo $_SESSION[Username];
	}
	else
	{
		echo '<p><b>Error</b>: Your account could not be found. Please try again</p>';
		echo login_form();
	}
}

function login_form()
{
	echo '<h2>Login</h2>
	<p>Use your login information given to you.</p>
	<form method="post" action="?page=login" name="loginform" id="loginform">
	<p>Username:<br /><input type="text" name="username" id="username" /></p>
	<p>Password:<br /><input type="password" name="password" id="password" /></p>
	<p><a href="?page=forgotpass">Forgot Password?</a><br />
	<input type="submit" name="login" class="button" value="Login" /></p>
	</form>';
}

function do_logout()
{
	$_SESSION = array();
	session_destroy();
	 
	echo '<h2>Now Logged Out</h2>';
	echo '<p>Redirecting you to login page.</p>';
	echo "<script language=\"javascript\">setTimeout(\"location.href='?page=login', 3000\");</script>";
}

[Demonslay]

php.net/session_start said:

Note: If you are using cookie-based sessions, you must call session_start() before anything is outputted to the browser.

Could have something to do with your problem if you are outputting anything before the do_login() function is called.

I always place session_start() near the beginning of all pages (or near the top of included my configuration file) so that kind of issues never happens. So in other words, I'd say it should be invoked outside of the do_login() function, and to log the user out, I don't think you normally 'destroy' the session, but rather re-write everything in it to be blank. I could be wrong, as I've not messed with coding a user system in a while, I could check my code to double-check.

[KanGebeuren]

Demonslay, on Nov 15 2009, 10:43 AM, said:

......
I always place session_start() near the beginning of all pages
...

Agree here, the session_start() should be on the very top of the page above the html

[rc69]

Are you getting any errors? Other than not properly quoting your array keys, and possibly not "back-ticking" your fields in the mySQL query, i don't see anything wrong. I would recommend giving the following post a read and seeing if anything in it helps.

http://www.pixel2lif...showtopic=36853

[er0x]

not getting any errors... session_start() is at the beginning of every page including the login page...

looking at that link will reply in the morning

[Hayden]

Echo the session_id() on the page so you can see if one is being created?


Also, throw in a phpinfo() on some page and check out how the PHP5 php.ini is loading your session configuration.

Edited by Hayden, 16 November 2009 - 08:15 PM.