Solved

Getting PHP Login Script to Remember the Session

Posted on 2008-06-24
13
316 Views
Last Modified: 2013-12-12
Hi all, hope you can help me with this, was recommended this site by a contractor at work.

I have an issue where by my code does not remember a session through login, I can get the session displaying the data I request from the database and display it on the page but when browsing away from the page to another area of the website or another url the session is ultimately lost.

Rather than using seperate pages to gather the information I wanted to use the login form with the extension ?login=yes or false when requiring log out.

An example of the page is here:- http://www.ezegaming.com/SiteDevelopment/Index.php

I have setup temporary login details for you to be able to see my fristration.
Username = 'ExpertExchange'
Password = 'temppass'

If you login you will see that the correct information is brought back from the database, but when clicking on the 'Home' tab which redirects to the same page the login form is on the session is lost, can anyone help and spot why on the code i've attached??

NOTE: I have the start_session() command already on the main index page, I am calling this script via login.php as an include on the index page.

Thanks in advance for the help and support,
Tim
<?php session_start(); ?>
	<div style="position:absolute; right:10px; top:23px; height: 100px; width: 330px; background-color:#000">
	
		<?php
			// database credentials
			$host="host.company.co.uk"; // Host name
			$username="username"; // Mysql username
			$password="password"; // Mysql password
			$db_name="db_name"; // Database name
					
			 // username and password sent from form
			$myusername=$_POST['myusername'];
			$mypassword=$_POST['mypassword'];
			$login=$_GET['login'];
									
			if($login=='yes'){
				// Connect to server and select databse.
				$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
				mysql_select_db("$db_name")or die("cannot select DB");
												
				$saltsql="SELECT t1.converge_pass_salt FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id WHERE t2.name='$myusername'";
				$saltresult=mysql_query($saltsql);
				$saltresult=mysql_result($saltresult, 0);
				
				$namesql="SELECT members_display_name FROM ibf1_members WHERE name='$myusername'";
				$nameresult=mysql_query($namesql);
				$nameresult=mysql_result($nameresult, 0);
				
				$avatarpath="SELECT t3.avatar_location FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
				$avatarpathresult=mysql_query($avatarpath);
				$avatarpathresult=mysql_result($avatarpathresult, 0);
				
				$avatartype="SELECT t3.avatar_type FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
				$avatartyperesult=mysql_query($avatartype);
				$avatartyperesult=mysql_result($avatartyperesult, 0);
				
				if ($avatartyperesult!='') {
				if ($avatartyperesult=='url') $avatarpathresult = $avatarpathresult;
				if ($avatartyperesult=='local') $avatarpathresult = "http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg";
				if ($avatartyperesult=='upload') $avatarpathresult = "http://www.ezegaming.com/Forum/uploads/$avatarpathresult";
				}
				   
				else $avatarpathresult = 'http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg';
							
				$messagecount="SELECT new_msg FROM ibf1_members WHERE name='$myusername'";
				$messagecountresult=mysql_query($messagecount);
				$messagecountresult=mysql_result($messagecountresult, 0);
				
				$awardlocation="SELECT award_image FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername' LIMIT 0,5";
				$awardlocationresult=mysql_query($awardlocation);
	
				echo "<div style='position:absolute; top:60px; left:88px;'>";
				echo "<table>";
	
				while($awardlist = mysql_fetch_array($awardlocationresult))
				{
					echo "<td>";
					echo "<img style='height:25px; width:25px; padding-left:0px;' src='http://www.ezegaming.com/Forum/style_images/awards/".$awardlist['award_image']."'>";
					echo "</td>";
				}
							
				echo "</table>";
				echo "</div>";
				
				echo "<div style='position:absolute; top:44px; left:88px;'>";
				echo "<table>";
				
				$medaltotalcount="SELECT count(username) FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername'";
				$medaltotalcountresult=mysql_query($medaltotalcount);
				$medaltotalcountresult=mysql_result($medaltotalcountresult, 0);
				
				{
				echo "<td>";
				echo "Latest Medals Awarded: ($medaltotalcountresult in total)";
				echo "</td>";
				}
				
				echo "</table>";
				echo "</div>";
	
				// encrypt password
				$encrypted_mypassword = md5( md5( $saltresult ) . md5( $mypassword ) );
				
				$sql="SELECT * FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id WHERE t2.name='$myusername' AND t1.converge_pass_hash='$encrypted_mypassword'";
				$result=mysql_query($sql);
				
				// Mysql_num_row is counting table row
				$count=mysql_num_rows($result);
				// If result matched $myusername and $mypassword, table row must be 1 row
							
				if($count==1){
				// Register $myusername, $mypassword and redirect to file "login_success.php"
				$_SESSION['myusername']=$myusername;
				}
				else {
				echo "<div style='position:absolute; right:5px; top:2px; color:red;'>Wrong Username or Password</div>";
				}
			}
			?>
			
		<?php if (isset($_SESSION['myusername'])) { ?>
		<form name="form1" method="post" action="Index.php?login=no">
		<div style="position:absolute; right:30px; bottom:12px;">Logout</div><div style="position:absolute; bottom:7px; right:7px;"><input type="image" src="http://www.ezegaming.com/SiteDevelopment/Images/submit.png" name="Submit" value="Login"></div>
		<?php
			$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
			mysql_select_db("$db_name")or die("cannot select DB");
		
			$namesql="SELECT members_display_name FROM ibf1_members WHERE name='$myusername'";
			$nameresult=mysql_query($namesql);
			$nameresult=mysql_result($nameresult, 0);
			
			$avatarpath="SELECT t3.avatar_location FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
			$avatarpathresult=mysql_query($avatarpath);
			$avatarpathresult=mysql_result($avatarpathresult, 0);
			
			$avatartype="SELECT t3.avatar_type FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
			$avatartyperesult=mysql_query($avatartype);
			$avatartyperesult=mysql_result($avatartyperesult, 0);
			
			if ($avatartyperesult!='') {
			if ($avatartyperesult=='url') $avatarpathresult = $avatarpathresult;
			if ($avatartyperesult=='local') $avatarpathresult = "http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg";
			if ($avatartyperesult=='upload') $avatarpathresult = "http://www.ezegaming.com/Forum/uploads/$avatarpathresult";
			}
			   
			else $avatarpathresult = 'http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg';
						
			$messagecount="SELECT new_msg FROM ibf1_members WHERE name='$myusername'";
			$messagecountresult=mysql_query($messagecount);
			$messagecountresult=mysql_result($messagecountresult, 0);
			
			$awardlocation="SELECT award_image FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername' LIMIT 0,5";
			$awardlocationresult=mysql_query($awardlocation);
 
			echo "<div style='position:absolute; top:60px; left:88px;'>";
			echo "<table>";
 
			while($awardlist = mysql_fetch_array($awardlocationresult))
			{
				echo "<td>";
				echo "<img style='height:25px; width:25px; padding-left:0px;' src='http://www.ezegaming.com/Forum/style_images/awards/".$awardlist['award_image']."'>";
				echo "</td>";
			}
						
			echo "</table>";
			echo "</div>";
			
			echo "<div style='position:absolute; top:44px; left:88px;'>";
			echo "<table>";
			
			$medaltotalcount="SELECT count(username) FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername'";
			$medaltotalcountresult=mysql_query($medaltotalcount);
			$medaltotalcountresult=mysql_result($medaltotalcountresult, 0);
			
			mysql_close($con);
			
			{
			echo "<td>";
			echo "Latest Medals Awarded: ($medaltotalcountresult in total)";
			echo "</td>";
			}
			
			echo "</table>";
			echo "</div>";
					 
			echo "<div style='position:absolute; left:80px; top:10px;'>Welcome back, $nameresult!</div>";
			echo "<div style='position:absolute; left:80px; top:27px;'><img src='http://www.ezegaming.com/SiteDevelopment/Images/pm_small.png'><a href='http://www.ezegaming.com/Forum/index.php?act=Msg&CODE=01'> ($messagecountresult) New Messages</a></div>";
			echo "<div style='position:absolute; left:205px; top:27px;'>| <img src='http://www.ezegaming.com/Forum/style_images/default/my_controls.png' style='width:12px; height:8px;'><a href='http://www.ezegaming.com/Forum/index.php?act=UserCP&CODE=00'> My Controls</a></div>";
			echo "<div style='position:absolute; left:-3px; top:10px;'><img src='$avatarpathresult' style='height:80px; width=80px;'</div>";
		?>
		</form>
	<?php } else { ?>
		<form name="form1" method="post" action="Index.php?login=yes">
		<div style="position:absolute; top:10px; left:10px;">
		Login to EzEGaming
		</div>
		<div style="position:absolute; top:30px; left:10px;">
		Username:
		</div>	
		<div style="position:absolute; top:45px; left:10px;">
		<input name="myusername" type="text" id="myusername" style="height:15px; width:120px;">
		</div>	
		<div style="position:absolute; top:30px; left:150px;">
		Password:
		</div>	
		<div style="position:absolute; top:45px; left:150px;">
		<input name="mypassword" type="password" id="mypassword" style="height:15px; width:120px;">
		</div>	
		<div style="position:absolute; top:45px; left:280px;">
		<input type="image" src="http://www.ezegaming.com/SiteDevelopment/Images/submit.png" name="Submit" value="Login">
		</div>	
		</form>
		<div style="position:absolute; top:75px; left:10px;">
		  <a href="http://www.ezegaming.com/Forum/index.php?act=Reg&CODE=00">Join EzEGaming</a> | <a href="#">Forgot Login</a> | <a href="#">Help</a>		
		</div>
			<?php } 
				//If a session, allow logout
					if($login=='no'){
					unset($_SESSION['myusername']);
					}
				?>
	</div>
			<?php
		echo "<pre>";
		var_dump($_SESSION);
		echo "</pre>";
		?>

Open in new window

0
Comment
Question by:EzEApostle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 8

Expert Comment

by:CoyotesIT
ID: 21860210
Can you make sure that in your code somewhere you are not killing the session. i.e session_destroy()

I took a look and saw that after I navigate away from "Home" and go back the login box is back. and the session var is empty. This would seem like the session is being killed.

0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21860263
I have pasted the code above and there is no destroy session only:

                              unset($_SESSION['myusername']);
 when the login=no i.e. clicking log out
0
 
LVL 4

Expert Comment

by:albuitra
ID: 21860437
Try with the libraries of pear
http://pear.php.net/
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 29

Expert Comment

by:fibo
ID: 21863267
[not directly related to topic] As a safety routine , I would probably replace

                            unset($_SESSION['myusername']);
with
                            $_SESSION['myusername'] = '';
                            unset($_SESSION['myusername']);

0
 
LVL 29

Expert Comment

by:fibo
ID: 21863279
Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?
0
 
LVL 29

Expert Comment

by:fibo
ID: 21863289
Oops... seems this post duplicates post Q_23512402.html
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21864271
I have removed the unset function in the logout and the problem still persits
Thanks
Tim
0
 
LVL 29

Expert Comment

by:fibo
ID: 21864306
Hi Tim
<<Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?>>
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21865787
I have already changed my password but thanks for amending the question, could I also ask you amend this topic:-

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/Q_23512402.html

As a further matter, I cannot understand why the author of a question cannot edit the original question? When I noticed I had copy and pasted my code without realising the database credentials where still in the script I couldnt amend the question OR get in contact with any mods on the site, this really needs to be addressed.

Thanks
Tim
0
 
LVL 8

Accepted Solution

by:
CoyotesIT earned 500 total points
ID: 21867264
Took another look throgh your code, one thing not related would be some repetative code that you may consider moving into an include for the member information that you are pulling i.e. messages, awards, and so on.

another here try adding this in place of your logout test

<?php }
      //If a session, allow logout
      if(isset($login) && ($login=='no')){
            //unset($_SESSION['myusername']); Not sure why you just don't end the session...
            session_destroy();
      }
?>
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21867653
Thanks for the advice but the problem is still there, I feel I may need to start from scratch and test it bit by bit

Thanks for the help though

Tim
0
 
LVL 29

Expert Comment

by:fibo
ID: 21868411
Not sure you noticed my question...
[[Hi Tim
<<Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?>>
]]
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Thoughout my experience working on eCommerce web applications I have seen applications succumbing to increased user demand and throughput. With increased loads the response times started to spike, which leads to user frustration and lost sales. I ha…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question