CODEWITHSUNDEEP
phphttp-redirectauthenticationsession
user97410
user97410

Reputation: 724

$_SESSION difficulties

I am creating a login script that stores the value of a variable called $userid to $_SESSION["userid"] then redirects the user back to the main page (a side question is how to send them back where they were?).

However, when I get back to that page, I am echoing the session_id() and the value of $_SESSION["userid"] and only the session id shows up. It had occurred to me that maybe my redirect page needs to have at the top, but if this were true, then the session_id I'm echoing would change each time I end up on the page that is echoing it. Here is the script:

    <?php
session_start();
include_once("db_include.php5");
doDB();
//check for required fields from the form
if ((empty($_POST['username']) && empty($_POST['email'])) || empty($_POST['password'])) {
header("Location: loginform.php5");
exit;
}   else if($_POST["username"] && $_POST["password"]){

    //create and issue the query
    $sql = "SELECT id FROM aromaMaster WHERE username='".$_POST["username"]."' AND password=PASSWORD('".$_POST["password"]."')";
    $sql_res =mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));

    //get the number of rows in the result set; should be 1 if a match
    if(mysqli_num_rows($sql_res) != 0) {
      //if authorized, get the userid
      while($info = mysqli_fetch_array($sql_res)) {
        $userid = $_info["id"];
      }
      //set session variables
      $_SESSION['userid'] = $userid;

      mysqli_free_result($sql_res);
      //redirect to main page
      header("Location: loginredirect.php5");
      exit; }
    } else if($_POST["email"] && $_POST["password"]) {

          //create and issue the query
    $sql = "SELECT id FROM aromaMaster WHERE email='".$_POST["email"]."' AND password=PASSWORD('".$_POST["password"]."')";
    $sql_res =mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));

    //get the number of rows in the result set; should be 1 if a match
    if(mysqli_num_rows($sql_res) != 0) {

      //if authorized, get the userid
      while($info = mysqli_fetch_array($sql_res)) {
        $userid = $_info["id"];
      }
      //set session variables
      $_SESSION['userid'] = $userid;

      mysqli_free_result($sql_res);

      //redirect to main page
      header("Location: loginredirect.php5");
      exit;}
      } else {
      //redirect back to login form
      header("Location: loginform.php5");
      exit;
    }
    mysqli_close($mysqli);
?>

Upvotes: 0

Views: 616

Answers (3)

Zed
Zed

Reputation: 57648

You need to call session_write_close() to store the session data changes.

Side answer: you can use the $SERVER["HTTP REFERER"] to redirect back, if it was filled by the browser

Upvotes: 1

McAden
McAden

Reputation: 13972

Make sure: 

   <?php
   session_start();

Is at the top of each page.

Additionally, you can test by commenting out your redirects and echo'ing the value you're setting with to make sure you're retrieving/storing the correct value to begin with.

Upvotes: 1

Ropstah
Ropstah

Reputation: 17794

You're doing this:

while($info = mysqli_fetch_array($sql_res)) {
    $userid = $_info["id"];
}

Where you should do this:

while($info = mysqli_fetch_array($sql_res)) {
    $userid = $info["id"];
}

Upvotes: 3

Related Questions