PHP sessions problem

andy · #1 23-Jul-2003, 05:47

i use this code to verify the username & password, but how to pass the username in every pages such as 'welcome andy' if andy login and 'welcome jack' if jack login.
this script is unsecure, what script should i include in every pages so when i enter localhost it will ask me to login first.

PHP Code:


<?
session_start();
if ($username && $password)
{
$Connect = mysql_connect("localhost", "root", "");
mysql_select_db("mw");
$result = mysql_query("select * from account where username='$username' and password='$password'");

if (mysql_num_rows($result) > 0)
{
$valid_user = $username;
session_register("valid_user");
}
}
?>


<?
if (session_is_registered("valid_user"))
{

$_SESSION['valid_user'] = $_POST['username'];
echo "<center><br><br>You are logged in as: $valid_user <br><br>";
echo "<center><a href=\"logout.php\">Log out</a><br>";
}
else
{
if (isset($username))
{
echo "<center>Could not log you in";
}
else
{
echo "<center>You are not logged in.<br>";
}
echo "<form method=post action=\"login.php\">";
echo "<center><table>";
echo "<tr><td>Username:</td>";
echo "<td><input type=text name=username></td></tr>";
echo "<tr><td>Password:</td>";
echo "<td><input type=password name=password></td></tr>";
echo "<tr><td colspan=2 align=center>";
echo "<input type=submit value=\"Log In\"></td></tr>";
echo "</table></form>";
}
?>

JdS · #2 23-Jul-2003, 05:56

Hello andy,

One quick question before I proceed; what is the version of your PHP?

andy · #3 23-Jul-2003, 05:58

JdS · #4 23-Jul-2003, 06:23

I am going to assume you're using the latest version off PHP4 i.e. v.4.3.2 at the time of this posting.

Here's how I will go about assisting you get your session-thingy up. I'll write some code and functions here in this thread and you tell me if it makes sense to you (or if they simply don't work for you).

I was planning to write a tutorial on this and you can help me help others by contributing to this post - how's that?

andy · #5 23-Jul-2003, 07:16

ok, but my php is not the latest version, about 4.0 something

JdS · #6 23-Jul-2003, 10:07

Hey andy,

It took me a while but I think the script works just fine with what I have written so far.

I've used your database / table structure in the example so it will be easier for you to follow.

The link to the example files and the notes:

Password Protect web pages/site using PHP sessions and MySQL.

Please post your questions, suggestions and comments here in this thread.

samtediou · #7 23-Jul-2003, 10:52

Wonderful, JDS! I haven't implemented your code yet, but I was just coming to the point in my site development where I wanted to add password-protection to certain pages on my site. I just read a tutorial on Session Handling with PHP 4 (posted on zend.com), it was a good tutorial, but I'm going to try the implementation shown here instead. It's much more to the point.

samtediou

Let us know how your implementation goes, andy

samtediou · #8 23-Jul-2003, 12:57

Well, I copied and pasted your example, JDS to my own webspace. You can see the result here:

braindivot.com

I had to do several things to make it work, and it's still not working entirely. Maybe you could see where I've gone wrong.

1. I had to take out the initial forward slash (/) from all url references in the code. I'm not sure why.

For example, my code reads like

PHP Code:


define( 'URL_LOGIN_PAGE', 'example_login.php' );

instead of

PHP Code:


define( 'URL_LOGIN_PAGE', '/example_login.php' );

2. I modified the db connection to call my own db, of course, and put some php script in the example_login.php to automatically write a valid username and password into the text boxes.

Code:

    <input name="username" type="text" id="username" size="30" value = <? echo "wjzpi"; ?> maxlength="30" />
    Username</p>
  <p> 
    <input name="password" type="password" id="password" size="30" value = <? echo "sibt1ec"; ?> maxlength="30" />
    Password</p>

When I try to logout, however, or try to login again by pasting the login url in the address window of a browser window that has already been used to run the script, I get this error message:

Warning: Cannot modify header information - headers already sent by (output started at /home.../pass/example_session_functions.php:122) in /home.../pass/example_session_functions.php on line 72

What can I do?

Samtediou

andy · #9 23-Jul-2003, 23:56

thanx a lot!

JdS · #10 24-Jul-2003, 03:57

Quote:

Originally posted by samtediou
Well, I copied and pasted your example, JDS to my own webspace. You can see the result here:

http://braindivot.com/pass/example_login.php

I had to do several things to make it work, and it's still not working entirely. Maybe you could see where I've gone wrong.

1. I had to take out the initial forward slash (/) from all url references in the code. I'm not sure why.

For example, my code reads like

PHP Code:
define( 'URL_LOGIN_PAGE', 'example_login.php' );

instead of

PHP Code:
define( 'URL_LOGIN_PAGE', '/example_login.php' );

samtediou,

this line:

PHP Code:


<?php
define( 'URL_LOGIN_PAGE', '/example_login.php' );
?>

just means that the script would look for the page inside your WWW root folder (where your homepage usually is). If you had to use this in a subfolder (i.e. /pass); like you have, you just have to add the sub folder / directory name to the string e.g.:

PHP Code:


<?php
define( 'URL_LOGIN_PAGE', '/pass/example_login.php' );
?>

take out the first slash in that string and the page is fetched from the folder you're already in... i.e. /pass. That is why it worked!

Quote:

Originally posted by samtediou
2. I modified the db connection to call my own db, of course, and put some php script in the example_login.php to automatically write a valid username and password into the text boxes.

Code:

<input name="username" type="text" id="username" size="30" value = <? echo "wjzpi"; ?> maxlength="30" /> Username</p> <p> <input name="password" type="password" id="password" size="30" value = <? echo "sibt1ec"; ?> maxlength="30" /> Password</p>

When I try to logout, however, or try to login again by pasting the login url in the address window of a browser window that has already been used to run the script, I get this error message:

Warning: Cannot modify header information - headers already sent by (output started at /home.../pass/example_session_functions.php:122) in /home.../pass/example_session_functions.php on line 72

What can I do?

Samtediou

Are you certain that you pasted the code to logout.php including a space or a tab somewhere at the top (or bottom) of that page? Please recreate the file but this time, ensure that there are absolutely no occurance of whitespace before or after <?php ?>

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Apache / PHP problem, maybe output length?	HaganeNoKokoro	Apache Web Server Forum	3	07-Aug-2008 04:42
php sessions	mrjameer	MySQL / PHP Forum	0	24-Oct-2006 05:26
Problem with executing PHP in webpage	fdgloworm	Apache Web Server Forum	0	13-Feb-2006 11:43
Php Sessions & Smarty Templating Engine	ohm_	MySQL / PHP Forum	0	18-Jan-2006 00:42
Alt. Problem: PHP 4.4 GD compilation errors	Fezzen	Computer Software Forum - Linux	2	12-Aug-2005 21:16

PHP sessions problem

Password Protect web pages/site using PHP sessions and MySQL

Great