?
Solved

Getting PHP Login Script to Remember the Session

Posted on 2008-06-24
13
Medium Priority
?
319 Views
Last Modified: 2013-12-12
Hi all, hope you can help me with this, was recommended this site by a contractor at work.

I have an issue where by my code does not remember a session through login, I can get the session displaying the data I request from the database and display it on the page but when browsing away from the page to another area of the website or another url the session is ultimately lost.

Rather than using seperate pages to gather the information I wanted to use the login form with the extension ?login=yes or false when requiring log out.

An example of the page is here:- http://www.ezegaming.com/SiteDevelopment/Index.php

I have setup temporary login details for you to be able to see my fristration.
Username = 'ExpertExchange'
Password = 'temppass'

If you login you will see that the correct information is brought back from the database, but when clicking on the 'Home' tab which redirects to the same page the login form is on the session is lost, can anyone help and spot why on the code i've attached??

NOTE: I have the start_session() command already on the main index page, I am calling this script via login.php as an include on the index page.

Thanks in advance for the help and support,
Tim
<?php session_start(); ?>
	<div style="position:absolute; right:10px; top:23px; height: 100px; width: 330px; background-color:#000">
	
		<?php
			// database credentials
			$host="host.company.co.uk"; // Host name
			$username="username"; // Mysql username
			$password="password"; // Mysql password
			$db_name="db_name"; // Database name
					
			 // username and password sent from form
			$myusername=$_POST['myusername'];
			$mypassword=$_POST['mypassword'];
			$login=$_GET['login'];
									
			if($login=='yes'){
				// Connect to server and select databse.
				$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
				mysql_select_db("$db_name")or die("cannot select DB");
												
				$saltsql="SELECT t1.converge_pass_salt FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id WHERE t2.name='$myusername'";
				$saltresult=mysql_query($saltsql);
				$saltresult=mysql_result($saltresult, 0);
				
				$namesql="SELECT members_display_name FROM ibf1_members WHERE name='$myusername'";
				$nameresult=mysql_query($namesql);
				$nameresult=mysql_result($nameresult, 0);
				
				$avatarpath="SELECT t3.avatar_location FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
				$avatarpathresult=mysql_query($avatarpath);
				$avatarpathresult=mysql_result($avatarpathresult, 0);
				
				$avatartype="SELECT t3.avatar_type FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
				$avatartyperesult=mysql_query($avatartype);
				$avatartyperesult=mysql_result($avatartyperesult, 0);
				
				if ($avatartyperesult!='') {
				if ($avatartyperesult=='url') $avatarpathresult = $avatarpathresult;
				if ($avatartyperesult=='local') $avatarpathresult = "http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg";
				if ($avatartyperesult=='upload') $avatarpathresult = "http://www.ezegaming.com/Forum/uploads/$avatarpathresult";
				}
				   
				else $avatarpathresult = 'http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg';
							
				$messagecount="SELECT new_msg FROM ibf1_members WHERE name='$myusername'";
				$messagecountresult=mysql_query($messagecount);
				$messagecountresult=mysql_result($messagecountresult, 0);
				
				$awardlocation="SELECT award_image FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername' LIMIT 0,5";
				$awardlocationresult=mysql_query($awardlocation);
	
				echo "<div style='position:absolute; top:60px; left:88px;'>";
				echo "<table>";
	
				while($awardlist = mysql_fetch_array($awardlocationresult))
				{
					echo "<td>";
					echo "<img style='height:25px; width:25px; padding-left:0px;' src='http://www.ezegaming.com/Forum/style_images/awards/".$awardlist['award_image']."'>";
					echo "</td>";
				}
							
				echo "</table>";
				echo "</div>";
				
				echo "<div style='position:absolute; top:44px; left:88px;'>";
				echo "<table>";
				
				$medaltotalcount="SELECT count(username) FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername'";
				$medaltotalcountresult=mysql_query($medaltotalcount);
				$medaltotalcountresult=mysql_result($medaltotalcountresult, 0);
				
				{
				echo "<td>";
				echo "Latest Medals Awarded: ($medaltotalcountresult in total)";
				echo "</td>";
				}
				
				echo "</table>";
				echo "</div>";
	
				// encrypt password
				$encrypted_mypassword = md5( md5( $saltresult ) . md5( $mypassword ) );
				
				$sql="SELECT * FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id WHERE t2.name='$myusername' AND t1.converge_pass_hash='$encrypted_mypassword'";
				$result=mysql_query($sql);
				
				// Mysql_num_row is counting table row
				$count=mysql_num_rows($result);
				// If result matched $myusername and $mypassword, table row must be 1 row
							
				if($count==1){
				// Register $myusername, $mypassword and redirect to file "login_success.php"
				$_SESSION['myusername']=$myusername;
				}
				else {
				echo "<div style='position:absolute; right:5px; top:2px; color:red;'>Wrong Username or Password</div>";
				}
			}
			?>
			
		<?php if (isset($_SESSION['myusername'])) { ?>
		<form name="form1" method="post" action="Index.php?login=no">
		<div style="position:absolute; right:30px; bottom:12px;">Logout</div><div style="position:absolute; bottom:7px; right:7px;"><input type="image" src="http://www.ezegaming.com/SiteDevelopment/Images/submit.png" name="Submit" value="Login"></div>
		<?php
			$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
			mysql_select_db("$db_name")or die("cannot select DB");
		
			$namesql="SELECT members_display_name FROM ibf1_members WHERE name='$myusername'";
			$nameresult=mysql_query($namesql);
			$nameresult=mysql_result($nameresult, 0);
			
			$avatarpath="SELECT t3.avatar_location FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
			$avatarpathresult=mysql_query($avatarpath);
			$avatarpathresult=mysql_result($avatarpathresult, 0);
			
			$avatartype="SELECT t3.avatar_type FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";
			$avatartyperesult=mysql_query($avatartype);
			$avatartyperesult=mysql_result($avatartyperesult, 0);
			
			if ($avatartyperesult!='') {
			if ($avatartyperesult=='url') $avatarpathresult = $avatarpathresult;
			if ($avatartyperesult=='local') $avatarpathresult = "http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg";
			if ($avatartyperesult=='upload') $avatarpathresult = "http://www.ezegaming.com/Forum/uploads/$avatarpathresult";
			}
			   
			else $avatarpathresult = 'http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg';
						
			$messagecount="SELECT new_msg FROM ibf1_members WHERE name='$myusername'";
			$messagecountresult=mysql_query($messagecount);
			$messagecountresult=mysql_result($messagecountresult, 0);
			
			$awardlocation="SELECT award_image FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername' LIMIT 0,5";
			$awardlocationresult=mysql_query($awardlocation);
 
			echo "<div style='position:absolute; top:60px; left:88px;'>";
			echo "<table>";
 
			while($awardlist = mysql_fetch_array($awardlocationresult))
			{
				echo "<td>";
				echo "<img style='height:25px; width:25px; padding-left:0px;' src='http://www.ezegaming.com/Forum/style_images/awards/".$awardlist['award_image']."'>";
				echo "</td>";
			}
						
			echo "</table>";
			echo "</div>";
			
			echo "<div style='position:absolute; top:44px; left:88px;'>";
			echo "<table>";
			
			$medaltotalcount="SELECT count(username) FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername'";
			$medaltotalcountresult=mysql_query($medaltotalcount);
			$medaltotalcountresult=mysql_result($medaltotalcountresult, 0);
			
			mysql_close($con);
			
			{
			echo "<td>";
			echo "Latest Medals Awarded: ($medaltotalcountresult in total)";
			echo "</td>";
			}
			
			echo "</table>";
			echo "</div>";
					 
			echo "<div style='position:absolute; left:80px; top:10px;'>Welcome back, $nameresult!</div>";
			echo "<div style='position:absolute; left:80px; top:27px;'><img src='http://www.ezegaming.com/SiteDevelopment/Images/pm_small.png'><a href='http://www.ezegaming.com/Forum/index.php?act=Msg&CODE=01'> ($messagecountresult) New Messages</a></div>";
			echo "<div style='position:absolute; left:205px; top:27px;'>| <img src='http://www.ezegaming.com/Forum/style_images/default/my_controls.png' style='width:12px; height:8px;'><a href='http://www.ezegaming.com/Forum/index.php?act=UserCP&CODE=00'> My Controls</a></div>";
			echo "<div style='position:absolute; left:-3px; top:10px;'><img src='$avatarpathresult' style='height:80px; width=80px;'</div>";
		?>
		</form>
	<?php } else { ?>
		<form name="form1" method="post" action="Index.php?login=yes">
		<div style="position:absolute; top:10px; left:10px;">
		Login to EzEGaming
		</div>
		<div style="position:absolute; top:30px; left:10px;">
		Username:
		</div>	
		<div style="position:absolute; top:45px; left:10px;">
		<input name="myusername" type="text" id="myusername" style="height:15px; width:120px;">
		</div>	
		<div style="position:absolute; top:30px; left:150px;">
		Password:
		</div>	
		<div style="position:absolute; top:45px; left:150px;">
		<input name="mypassword" type="password" id="mypassword" style="height:15px; width:120px;">
		</div>	
		<div style="position:absolute; top:45px; left:280px;">
		<input type="image" src="http://www.ezegaming.com/SiteDevelopment/Images/submit.png" name="Submit" value="Login">
		</div>	
		</form>
		<div style="position:absolute; top:75px; left:10px;">
		  <a href="http://www.ezegaming.com/Forum/index.php?act=Reg&CODE=00">Join EzEGaming</a> | <a href="#">Forgot Login</a> | <a href="#">Help</a>		
		</div>
			<?php } 
				//If a session, allow logout
					if($login=='no'){
					unset($_SESSION['myusername']);
					}
				?>
	</div>
			<?php
		echo "<pre>";
		var_dump($_SESSION);
		echo "</pre>";
		?>

Open in new window

0
Comment
Question by:EzEApostle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 8

Expert Comment

by:CoyotesIT
ID: 21860210
Can you make sure that in your code somewhere you are not killing the session. i.e session_destroy()

I took a look and saw that after I navigate away from "Home" and go back the login box is back. and the session var is empty. This would seem like the session is being killed.

0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21860263
I have pasted the code above and there is no destroy session only:

                              unset($_SESSION['myusername']);
 when the login=no i.e. clicking log out
0
 
LVL 4

Expert Comment

by:albuitra
ID: 21860437
Try with the libraries of pear
http://pear.php.net/
0
Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

 
LVL 29

Expert Comment

by:fibo
ID: 21863267
[not directly related to topic] As a safety routine , I would probably replace

                            unset($_SESSION['myusername']);
with
                            $_SESSION['myusername'] = '';
                            unset($_SESSION['myusername']);

0
 
LVL 29

Expert Comment

by:fibo
ID: 21863279
Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?
0
 
LVL 29

Expert Comment

by:fibo
ID: 21863289
Oops... seems this post duplicates post Q_23512402.html
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21864271
I have removed the unset function in the logout and the problem still persits
Thanks
Tim
0
 
LVL 29

Expert Comment

by:fibo
ID: 21864306
Hi Tim
<<Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?>>
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21865787
I have already changed my password but thanks for amending the question, could I also ask you amend this topic:-

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/Q_23512402.html

As a further matter, I cannot understand why the author of a question cannot edit the original question? When I noticed I had copy and pasted my code without realising the database credentials where still in the script I couldnt amend the question OR get in contact with any mods on the site, this really needs to be addressed.

Thanks
Tim
0
 
LVL 8

Accepted Solution

by:
CoyotesIT earned 1500 total points
ID: 21867264
Took another look throgh your code, one thing not related would be some repetative code that you may consider moving into an include for the member information that you are pulling i.e. messages, awards, and so on.

another here try adding this in place of your logout test

<?php }
      //If a session, allow logout
      if(isset($login) && ($login=='no')){
            //unset($_SESSION['myusername']); Not sure why you just don't end the session...
            session_destroy();
      }
?>
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21867653
Thanks for the advice but the problem is still there, I feel I may need to start from scratch and test it bit by bit

Thanks for the help though

Tim
0
 
LVL 29

Expert Comment

by:fibo
ID: 21868411
Not sure you noticed my question...
[[Hi Tim
<<Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?>>
]]
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question