Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 177
  • Last Modified:

Session problem. Could be simple for you guys

I am using the code below and checking a user authentication. I want to start the session if the username and password is matched and send him to a new page. For some reason after I hit the submit button, the page goes blank. So there is an error. Please have a look at the code below
Thanks
<?PHP
 
require_once('info.php');
 
$form = "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' name='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST["submit"]) {
 
        if($_POST['newpass']) {
                
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
				$user = mysql_real_escape_string($_POST['user']);
                
                if($newpass == $confirmpass) {
                        
                        $insertquery = "INSERT INTO users(user, pass, flag) VALUES ('".$user."','".$newpass ."',2)";
                        
                        $resultinsert = mysql_query($insertquery) or die(mysql_error());
                        
                        //$message = "Password inserted into database";
session_start();
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
header ('Location: newpage.php');
 
}
                
                }else{
                
                        $message = "Password Dont Match";
                
                }
        
        }else{
        
        
        $user = mysql_real_escape_string($_POST['user']);
 
        $pass = mysql_real_escape_string($_POST['pass']);
 
        $result = mysql_query("SELECT user,pass FROM users WHERE (pass='" . $pass. "' AND flag=1)  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());
 
        $num = mysql_num_rows($result);
        
        if (!$num) {
        
                $message = "Username & Password Dont match <br><br>";
                $message .= $form;
        
        }else{
        
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                  
                        //$message =  "You entered a username & password";
						session_start();
						$_SESSION['user'] = $_POST['user'];
						$_SESSION['pass'] = $_POST['pass'];
						header ('Location: newpage.php');
                  
                  }else {
                  
                        $message =  "<h4> <center><br><br>
                                <form action='$_SERVER[PHP_SELF]' method='post'>
                                New PassWord: <input type='text' name='newpass'><br><br>
                                Confirm Password : <input type='password' name='confirmpass'><br>
								<input type='hidden' name='user' value='".$user."'>
 
                                <br><br>
                                <input type='submit' name='submit' size='10' value='Login'>
                                </form></center></h4>";
                  
                  }
                 
                 
        
        }
        
       	
		}
       
	     echo $message;
 
}else {
 
        echo $form;
        
 
}
 ?>

Open in new window

0
syedasimmeesaq
Asked:
syedasimmeesaq
4 Solutions
 
nplibCommented:
session_start();
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
header ('Location: newpage.php');
exit;

see if that works
0
 
steelseth12Commented:
put
error_reporting(E_ALL);
ini_set("display_errors","On");

on the first line of your page.
0
 
syedasimmeesaqAuthor Commented:
after I added the code it says

Notice: Undefined index: newpass in C:\inetpub\wwwrootI\index.php on line 75

thanks
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
steelseth12Commented:
thats the only notice you get ?
No warning headers already sent in ... error ??
0
 
steelseth12Commented:
Lets take the notices out of the equation ...

change error_reporting(E_ALL);

to
error_reporting(E_ALL ^ E_NOTICE);
0
 
syedasimmeesaqAuthor Commented:
ok the exit; worked with a little limitation
if the user has the password and login already in the database which is this part
else{
       
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                 
                        //$message =  "You entered a username & password";
                                                session_start();
                                                $_SESSION['user'] = $_POST['user'];
                                                $_SESSION['pass'] = $_POST['pass'];
                                                header ('Location: newpage.php');
                                               exit;
                 
                  }
it works but if the user is asked to make a new password and confirm it  which is this part

if($_POST['newpass']) {
               
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
                                $user = mysql_real_escape_string($_POST['user']);
               
                if($newpass == $confirmpass) {
                       
                        $insertquery = "INSERT INTO users(user, pass, flag) VALUES ('".$user."','".$newpass ."',2)";
                       
                        $resultinsert = mysql_query($insertquery) or die(mysql_error());
                       
                        //$message = "Password inserted into database";
session_start();
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
header ('Location: newpage.php');
 exit;
}
then it doesn't work

Thanks
0
 
syedasimmeesaqAuthor Commented:
yea I din't get headers already sent warning
thanks
0
 
syedasimmeesaqAuthor Commented:
so I change the above to this
session_start();
                                    $_SESSION['user'] = $_POST['user'];
                                    $_SESSION['pass'] = $_POST['newpass'];
                                    header ('Location: newpage.php');
                                    exit;

now it works but I am not sure if it is the right way to do it or it can cause any problems later on
Thanks
0
 
steelseth12Commented:
Cant understand why the one would work and the other wouldn't .... there is some white space in front of the first but if it affected it it should give out a warning ....

Anyways you should always put session_start() at the very begining of your page .. and include it on all pages you want to transfer the session.

0
 
nizsmoDeveloperCommented:
syedasimmeesag,

Always put:
session_start();

as the very first line of your script.

Also, it is good practice after you have assigned your variables, to close your session, something like this:

$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['newpass'];
session_write_close();
header ('Location: newpage.php');
exit;
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now