CODEWITHSUNDEEP
phpmysqlsessionauthentication
Cal Courtney
Cal Courtney

Reputation: 1289

My PHP won't log my $_SESSIONs

So I'm building a website for PHP & MySQL practice and I'm attempting to set up a member's system. What is supposed to happen is the user goes to the login page and logs in using a registered username and password (Which works in the registration process) and then the page will refresh and take them to the 'members' area. Here's my code:

<?php  
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) {   
    echo "<h1>Member Area</h1>"; 
    echo "<p>Thanks for logging in! You are <b>" . $_SESSION['Username'] . "</b> and your email address is <b>" . $_SESSION['EmailAddress'] . "</b>.</p>";    

} elseif(!empty($_POST['username']) && !empty($_POST['password'])) {  
    $username = mysql_real_escape_string($_POST['username']);  
    $password = md5(md5(mysql_real_escape_string($_POST['password'])));  

    $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");  

    if(mysql_num_rows($checklogin) == 1) {  
        $row = mysql_fetch_array($checklogin);  
        $email = $row['EmailAddress'];  

        $_SESSION['Username'] = $username;  
        $_SESSION['EmailAddress'] = $email;  
        $_SESSION['LoggedIn'] = 1;  

        echo "<center>";
        echo "<h1>Success</h1>";  
        echo "<p>We are now redirecting you to the member area.</p>";  
        echo "<meta http-equiv='refresh' content='2;login.php' />";
        echo "</center>";  
    } else {  
        echo "<h1>Error</h1>";  
        echo "<p>Sorry, your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>";  
    }  
} else {  
    echo "<center>";
    echo "<h1>Login</h1>";
    echo "<p>Thanks for visiting! Please either login below, or <a href=\"register.php\">click here to register</a>.</p>";
    echo "<form method=\"post\" action=\"login.php\" name=\"loginform\" id=\"loginform\">";
    echo "<label for=\"username\">Username:</label><input type=\"text\" name=\"username\" id=\"username\" /><br />";
    echo "<label for=\"password\">Password:</label><input type=\"password\" name=\"password\" id=\"password\" /><br /> "; 
    echo "<input type=\"submit\" name=\"login\" id=\"login\" value=\"Login\" />";
    echo "</form>";
    echo "</center>";
}  
?>

So basically, the page loads and checks if the user is already logged in and if they are, it loads the members area. If not, it checks to see if the user is trying to log in and if not it shows the login form. My problem is that, every time I or somebody else tries to log in, the page reloads, but instead of taking them to the 'member' area, it takes them back to the login form... Also, at the top of the document I have a line which is: <?php include "base.php"; ?> and in the base.php file I have a session_start(), but maybe that is irrelevant? Any suggestions? Thanks.

EDIT: The code to register a user is in a different php file. Again, the base.php file with session_start(); is included at the top of the document: if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = md5(md5(mysql_real_escape_string($_POST['password'])));
$email = mysql_real_escape_string($_POST['email']); 

    $checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");  

    if(mysql_num_rows($checkusername) == 1) {  
        echo "<h1>Error</h1>";  
        echo "<p>Sorry, that username is taken. Please go back and try again.</p>";  
     } else {  
        $registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");  
        if($registerquery) {  
            echo "<h1>Success</h1>";  
            echo "<p>Your account was successfully created. Please <a href=\"login.php\">click here to login</a>.</p>";  
        } else {  
            echo "<h1>Error</h1>";  
            echo "<p>Sorry, your registration failed. Please go back and try again.</p>";      
        }         
     }  
} else {  

   echo "<h1>Register</h1>";

   echo "<p>Please enter your details below to register.</p> "; 

    echo "<form method=\"post\" action=\"register.php\" name=\"registerform\" id=\"registerform\">";
    echo "    <label for=\"username\">Username:</label><input type=\"text\" name=\"username\" id=\"username\" /><br /> "; 
    echo "    <label for=\"password\">Password:</label><input type=\"password\" name=\"password\" id=\"password\" /><br />  ";
    echo "    <label for=\"email\">Email Address:</label><input type=\"text\" name=\"email\" id=\"email\" /><br />";  
    echo "    <input type=\"submit\" name=\"register\" id=\"register\" value=\"Register\" />"; 
    echo "</form>";   
}  
?>

Upvotes: 1

Views: 190

Answers (4)

elliotanderson
elliotanderson

Reputation: 452

For every page you want to carry over the session to, you have to do 

session_start();

even if the session is already created.

assuming you will want a logout page, when you are going to log the users out on a page like logout.php, you must have:

session_start();
session_destroy();

The session_start(); is necessary to destroy the session

Upvotes: 1

Kevin Lynch
Kevin Lynch

Reputation: 24723

Always ensure that session_start() is at the top of all other pages concerned also. I would use isset as apposed to !empty. 

session_start();
if(isset($_SESSION['LoggedIn']) && isset($_SESSION['Username'])) {

Upvotes: 1

user2509223
user2509223

Reputation:

mysql_real_escape_string is deprecated, use MySQLi or PDO instead!!! Also a session_start(); might be useful to work with sessions.

Upvotes: 0

Max
Max

Reputation: 2112

You seem to be missing a 

session_start()

at the top of that php script

Upvotes: 3

Related Questions