Solved

Session problem. Could be simple for you guys

Posted on 2007-11-30
10
163 Views
Last Modified: 2013-12-12
I am using the code below and checking a user authentication. I want to start the session if the username and password is matched and send him to a new page. For some reason after I hit the submit button, the page goes blank. So there is an error. Please have a look at the code below
Thanks
<?PHP

 

require_once('info.php');

 

$form = "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='pass'><br>

 

<br><br>

<input type='submit' name='submit' size='10' value='Login'>

</form></center></h4>";

 

if($_POST["submit"]) {

 

        if($_POST['newpass']) {

                

                $newpass = mysql_real_escape_string($_POST['newpass']);

                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);

				$user = mysql_real_escape_string($_POST['user']);

                

                if($newpass == $confirmpass) {

                        

                        $insertquery = "INSERT INTO users(user, pass, flag) VALUES ('".$user."','".$newpass ."',2)";

                        

                        $resultinsert = mysql_query($insertquery) or die(mysql_error());

                        

                        //$message = "Password inserted into database";

session_start();

$_SESSION['user'] = $_POST['user'];

$_SESSION['pass'] = $_POST['pass'];

header ('Location: newpage.php');
 

}

                

                }else{

                

                        $message = "Password Dont Match";

                

                }

        

        }else{

        

        

        $user = mysql_real_escape_string($_POST['user']);

 

        $pass = mysql_real_escape_string($_POST['pass']);

 

        $result = mysql_query("SELECT user,pass FROM users WHERE (pass='" . $pass. "' AND flag=1)  OR (user='". $user."' AND pass='".$pass."')") or die(mysql_error());

 

        $num = mysql_num_rows($result);

        

        if (!$num) {

        

                $message = "Username & Password Dont match <br><br>";

                $message .= $form;

        

        }else{

        

                 list($dbuser,$dbpass) = mysql_fetch_row($result);

                 

                  if($dbuser==$user && $dbpass==$pass) {

                  

                        //$message =  "You entered a username & password";

						session_start();

						$_SESSION['user'] = $_POST['user'];

						$_SESSION['pass'] = $_POST['pass'];

						header ('Location: newpage.php');

                  

                  }else {

                  

                        $message =  "<h4> <center><br><br>

                                <form action='$_SERVER[PHP_SELF]' method='post'>

                                New PassWord: <input type='text' name='newpass'><br><br>

                                Confirm Password : <input type='password' name='confirmpass'><br>

								<input type='hidden' name='user' value='".$user."'>

 

                                <br><br>

                                <input type='submit' name='submit' size='10' value='Login'>

                                </form></center></h4>";

                  

                  }

                 

                 

        

        }

        

       	

		}

       

	     echo $message;

 

}else {

 

        echo $form;

        

 

}

 ?>

Open in new window

0
Comment
Question by:syedasimmeesaq
10 Comments
 
LVL 17

Accepted Solution

by:
nplib earned 200 total points
ID: 20385133
session_start();
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
header ('Location: newpage.php');
exit;

see if that works
0
 
LVL 20

Assisted Solution

by:steelseth12
steelseth12 earned 200 total points
ID: 20385144
put
error_reporting(E_ALL);
ini_set("display_errors","On");

on the first line of your page.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385241
after I added the code it says

Notice: Undefined index: newpass in C:\inetpub\wwwrootI\index.php on line 75

thanks
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20385269
thats the only notice you get ?
No warning headers already sent in ... error ??
0
 
LVL 20

Expert Comment

by:steelseth12
ID: 20385286
Lets take the notices out of the equation ...

change error_reporting(E_ALL);

to
error_reporting(E_ALL ^ E_NOTICE);
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385332
ok the exit; worked with a little limitation
if the user has the password and login already in the database which is this part
else{
       
                 list($dbuser,$dbpass) = mysql_fetch_row($result);
                 
                  if($dbuser==$user && $dbpass==$pass) {
                 
                        //$message =  "You entered a username & password";
                                                session_start();
                                                $_SESSION['user'] = $_POST['user'];
                                                $_SESSION['pass'] = $_POST['pass'];
                                                header ('Location: newpage.php');
                                               exit;
                 
                  }
it works but if the user is asked to make a new password and confirm it  which is this part

if($_POST['newpass']) {
               
                $newpass = mysql_real_escape_string($_POST['newpass']);
                $confirmpass = mysql_real_escape_string($_POST['confirmpass']);
                                $user = mysql_real_escape_string($_POST['user']);
               
                if($newpass == $confirmpass) {
                       
                        $insertquery = "INSERT INTO users(user, pass, flag) VALUES ('".$user."','".$newpass ."',2)";
                       
                        $resultinsert = mysql_query($insertquery) or die(mysql_error());
                       
                        //$message = "Password inserted into database";
session_start();
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
header ('Location: newpage.php');
 exit;
}
then it doesn't work

Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385335
yea I din't get headers already sent warning
thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20385352
so I change the above to this
session_start();
                                    $_SESSION['user'] = $_POST['user'];
                                    $_SESSION['pass'] = $_POST['newpass'];
                                    header ('Location: newpage.php');
                                    exit;

now it works but I am not sure if it is the right way to do it or it can cause any problems later on
Thanks
0
 
LVL 20

Assisted Solution

by:steelseth12
steelseth12 earned 200 total points
ID: 20385388
Cant understand why the one would work and the other wouldn't .... there is some white space in front of the first but if it affected it it should give out a warning ....

Anyways you should always put session_start() at the very begining of your page .. and include it on all pages you want to transfer the session.

0
 
LVL 21

Assisted Solution

by:nizsmo
nizsmo earned 100 total points
ID: 20385401
syedasimmeesag,

Always put:
session_start();

as the very first line of your script.

Also, it is good practice after you have assigned your variables, to close your session, something like this:

$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['newpass'];
session_write_close();
header ('Location: newpage.php');
exit;
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now