Solved

Getting PHP Login Script to Remember the Session

Posted on 2008-06-24
13
318 Views
Last Modified: 2013-12-12
Hi all, hope you can help me with this, was recommended this site by a contractor at work.

I have an issue where by my code does not remember a session through login, I can get the session displaying the data I request from the database and display it on the page but when browsing away from the page to another area of the website or another url the session is ultimately lost.

Rather than using seperate pages to gather the information I wanted to use the login form with the extension ?login=yes or false when requiring log out.

An example of the page is here:- http://www.ezegaming.com/SiteDevelopment/Index.php

I have setup temporary login details for you to be able to see my fristration.
Username = 'ExpertExchange'
Password = 'temppass'

If you login you will see that the correct information is brought back from the database, but when clicking on the 'Home' tab which redirects to the same page the login form is on the session is lost, can anyone help and spot why on the code i've attached??

NOTE: I have the start_session() command already on the main index page, I am calling this script via login.php as an include on the index page.

Thanks in advance for the help and support,
Tim
<?php session_start(); ?>
	<div style="position:absolute; right:10px; top:23px; height: 100px; width: 330px; background-color:#000">
	
		<?php
			// database credentials
			$host="host.company.co.uk"; // Host name
			$username="username"; // Mysql username
			$password="password"; // Mysql password
			$db_name="db_name"; // Database name
					
			 // username and password sent from form
			$myusername=$_POST['myusername'];
			$mypassword=$_POST['mypassword'];
			$login=$_GET['login'];
									
			if($login=='yes'){
				// Connect to server and select databse.
				$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
				mysql_select_db("$db_name")or die("cannot select DB");
												
				$saltsql="SELECT t1.converge_pass_salt FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id WHERE t2.name='$myusername'";
				$saltresult=mysql_query($saltsql);
				$saltresult=mysql_result($saltresult, 0);
				
				$namesql="SELECT members_display_name FROM ibf1_members WHERE name='$myusername'";
				$nameresult=mysql_query($namesql);
				$nameresult=mysql_result($nameresult, 0);
				
				$avatarpath="SELECT t3.avatar_location FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
				$avatarpathresult=mysql_query($avatarpath);
				$avatarpathresult=mysql_result($avatarpathresult, 0);
				
				$avatartype="SELECT t3.avatar_type FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
				$avatartyperesult=mysql_query($avatartype);
				$avatartyperesult=mysql_result($avatartyperesult, 0);
				
				if ($avatartyperesult!='') {
				if ($avatartyperesult=='url') $avatarpathresult = $avatarpathresult;
				if ($avatartyperesult=='local') $avatarpathresult = "http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg";
				if ($avatartyperesult=='upload') $avatarpathresult = "http://www.ezegaming.com/Forum/uploads/$avatarpathresult";
				}
				   
				else $avatarpathresult = 'http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg';
							
				$messagecount="SELECT new_msg FROM ibf1_members WHERE name='$myusername'";
				$messagecountresult=mysql_query($messagecount);
				$messagecountresult=mysql_result($messagecountresult, 0);
				
				$awardlocation="SELECT award_image FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername' LIMIT 0,5";
				$awardlocationresult=mysql_query($awardlocation);
	
				echo "<div style='position:absolute; top:60px; left:88px;'>";
				echo "<table>";
	
				while($awardlist = mysql_fetch_array($awardlocationresult))
				{
					echo "<td>";
					echo "<img style='height:25px; width:25px; padding-left:0px;' src='http://www.ezegaming.com/Forum/style_images/awards/".$awardlist['award_image']."'>";
					echo "</td>";
				}
							
				echo "</table>";
				echo "</div>";
				
				echo "<div style='position:absolute; top:44px; left:88px;'>";
				echo "<table>";
				
				$medaltotalcount="SELECT count(username) FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername'";
				$medaltotalcountresult=mysql_query($medaltotalcount);
				$medaltotalcountresult=mysql_result($medaltotalcountresult, 0);
				
				{
				echo "<td>";
				echo "Latest Medals Awarded: ($medaltotalcountresult in total)";
				echo "</td>";
				}
				
				echo "</table>";
				echo "</div>";
	
				// encrypt password
				$encrypted_mypassword = md5( md5( $saltresult ) . md5( $mypassword ) );
				
				$sql="SELECT * FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id WHERE t2.name='$myusername' AND t1.converge_pass_hash='$encrypted_mypassword'";
				$result=mysql_query($sql);
				
				// Mysql_num_row is counting table row
				$count=mysql_num_rows($result);
				// If result matched $myusername and $mypassword, table row must be 1 row
							
				if($count==1){
				// Register $myusername, $mypassword and redirect to file "login_success.php"
				$_SESSION['myusername']=$myusername;
				}
				else {
				echo "<div style='position:absolute; right:5px; top:2px; color:red;'>Wrong Username or Password</div>";
				}
			}
			?>
			
		<?php if (isset($_SESSION['myusername'])) { ?>
		<form name="form1" method="post" action="Index.php?login=no">
		<div style="position:absolute; right:30px; bottom:12px;">Logout</div><div style="position:absolute; bottom:7px; right:7px;"><input type="image" src="http://www.ezegaming.com/SiteDevelopment/Images/submit.png" name="Submit" value="Login"></div>
		<?php
			$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
			mysql_select_db("$db_name")or die("cannot select DB");
		
			$namesql="SELECT members_display_name FROM ibf1_members WHERE name='$myusername'";
			$nameresult=mysql_query($namesql);
			$nameresult=mysql_result($nameresult, 0);
			
			$avatarpath="SELECT t3.avatar_location FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
			$avatarpathresult=mysql_query($avatarpath);
			$avatarpathresult=mysql_result($avatarpathresult, 0);
			
			$avatartype="SELECT t3.avatar_type FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
			$avatartyperesult=mysql_query($avatartype);
			$avatartyperesult=mysql_result($avatartyperesult, 0);
			
			if ($avatartyperesult!='') {
			if ($avatartyperesult=='url') $avatarpathresult = $avatarpathresult;
			if ($avatartyperesult=='local') $avatarpathresult = "http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg";
			if ($avatartyperesult=='upload') $avatarpathresult = "http://www.ezegaming.com/Forum/uploads/$avatarpathresult";
			}
			   
			else $avatarpathresult = 'http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg';
						
			$messagecount="SELECT new_msg FROM ibf1_members WHERE name='$myusername'";
			$messagecountresult=mysql_query($messagecount);
			$messagecountresult=mysql_result($messagecountresult, 0);
			
			$awardlocation="SELECT award_image FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername' LIMIT 0,5";
			$awardlocationresult=mysql_query($awardlocation);
 
			echo "<div style='position:absolute; top:60px; left:88px;'>";
			echo "<table>";
 
			while($awardlist = mysql_fetch_array($awardlocationresult))
			{
				echo "<td>";
				echo "<img style='height:25px; width:25px; padding-left:0px;' src='http://www.ezegaming.com/Forum/style_images/awards/".$awardlist['award_image']."'>";
				echo "</td>";
			}
						
			echo "</table>";
			echo "</div>";
			
			echo "<div style='position:absolute; top:44px; left:88px;'>";
			echo "<table>";
			
			$medaltotalcount="SELECT count(username) FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername'";
			$medaltotalcountresult=mysql_query($medaltotalcount);
			$medaltotalcountresult=mysql_result($medaltotalcountresult, 0);
			
			mysql_close($con);
			
			{
			echo "<td>";
			echo "Latest Medals Awarded: ($medaltotalcountresult in total)";
			echo "</td>";
			}
			
			echo "</table>";
			echo "</div>";
					 
			echo "<div style='position:absolute; left:80px; top:10px;'>Welcome back, $nameresult!</div>";
			echo "<div style='position:absolute; left:80px; top:27px;'><img src='http://www.ezegaming.com/SiteDevelopment/Images/pm_small.png'><a href='http://www.ezegaming.com/Forum/index.php?act=Msg&CODE=01'> ($messagecountresult) New Messages</a></div>";
			echo "<div style='position:absolute; left:205px; top:27px;'>| <img src='http://www.ezegaming.com/Forum/style_images/default/my_controls.png' style='width:12px; height:8px;'><a href='http://www.ezegaming.com/Forum/index.php?act=UserCP&CODE=00'> My Controls</a></div>";
			echo "<div style='position:absolute; left:-3px; top:10px;'><img src='$avatarpathresult' style='height:80px; width=80px;'</div>";
		?>
		</form>
	<?php } else { ?>
		<form name="form1" method="post" action="Index.php?login=yes">
		<div style="position:absolute; top:10px; left:10px;">
		Login to EzEGaming
		</div>
		<div style="position:absolute; top:30px; left:10px;">
		Username:
		</div>	
		<div style="position:absolute; top:45px; left:10px;">
		<input name="myusername" type="text" id="myusername" style="height:15px; width:120px;">
		</div>	
		<div style="position:absolute; top:30px; left:150px;">
		Password:
		</div>	
		<div style="position:absolute; top:45px; left:150px;">
		<input name="mypassword" type="password" id="mypassword" style="height:15px; width:120px;">
		</div>	
		<div style="position:absolute; top:45px; left:280px;">
		<input type="image" src="http://www.ezegaming.com/SiteDevelopment/Images/submit.png" name="Submit" value="Login">
		</div>	
		</form>
		<div style="position:absolute; top:75px; left:10px;">
		  <a href="http://www.ezegaming.com/Forum/index.php?act=Reg&CODE=00">Join EzEGaming</a> | <a href="#">Forgot Login</a> | <a href="#">Help</a>		
		</div>
			<?php } 
				//If a session, allow logout
					if($login=='no'){
					unset($_SESSION['myusername']);
					}
				?>
	</div>
			<?php
		echo "<pre>";
		var_dump($_SESSION);
		echo "</pre>";
		?>

Open in new window

0
Comment
Question by:EzEApostle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 8

Expert Comment

by:CoyotesIT
ID: 21860210
Can you make sure that in your code somewhere you are not killing the session. i.e session_destroy()

I took a look and saw that after I navigate away from "Home" and go back the login box is back. and the session var is empty. This would seem like the session is being killed.

0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21860263
I have pasted the code above and there is no destroy session only:

                              unset($_SESSION['myusername']);
 when the login=no i.e. clicking log out
0
 
LVL 4

Expert Comment

by:albuitra
ID: 21860437
Try with the libraries of pear
http://pear.php.net/
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 29

Expert Comment

by:fibo
ID: 21863267
[not directly related to topic] As a safety routine , I would probably replace

                            unset($_SESSION['myusername']);
with
                            $_SESSION['myusername'] = '';
                            unset($_SESSION['myusername']);

0
 
LVL 29

Expert Comment

by:fibo
ID: 21863279
Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?
0
 
LVL 29

Expert Comment

by:fibo
ID: 21863289
Oops... seems this post duplicates post Q_23512402.html
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21864271
I have removed the unset function in the logout and the problem still persits
Thanks
Tim
0
 
LVL 29

Expert Comment

by:fibo
ID: 21864306
Hi Tim
<<Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?>>
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21865787
I have already changed my password but thanks for amending the question, could I also ask you amend this topic:-

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/Q_23512402.html

As a further matter, I cannot understand why the author of a question cannot edit the original question? When I noticed I had copy and pasted my code without realising the database credentials where still in the script I couldnt amend the question OR get in contact with any mods on the site, this really needs to be addressed.

Thanks
Tim
0
 
LVL 8

Accepted Solution

by:
CoyotesIT earned 500 total points
ID: 21867264
Took another look throgh your code, one thing not related would be some repetative code that you may consider moving into an include for the member information that you are pulling i.e. messages, awards, and so on.

another here try adding this in place of your logout test

<?php }
      //If a session, allow logout
      if(isset($login) && ($login=='no')){
            //unset($_SESSION['myusername']); Not sure why you just don't end the session...
            session_destroy();
      }
?>
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21867653
Thanks for the advice but the problem is still there, I feel I may need to start from scratch and test it bit by bit

Thanks for the help though

Tim
0
 
LVL 29

Expert Comment

by:fibo
ID: 21868411
Not sure you noticed my question...
[[Hi Tim
<<Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?>>
]]
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction A frequently used term in Object-Oriented design is "SOLID" which is a mnemonic acronym that covers five principles of OO design.  These principles do not stand alone; there is interplay among them.  And they are not laws, merely princ…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question