Solved

Getting PHP Login Script to Remember the Session

Posted on 2008-06-24
13
312 Views
Last Modified: 2013-12-12
Hi all, hope you can help me with this, was recommended this site by a contractor at work.

I have an issue where by my code does not remember a session through login, I can get the session displaying the data I request from the database and display it on the page but when browsing away from the page to another area of the website or another url the session is ultimately lost.

Rather than using seperate pages to gather the information I wanted to use the login form with the extension ?login=yes or false when requiring log out.

An example of the page is here:- http://www.ezegaming.com/SiteDevelopment/Index.php

I have setup temporary login details for you to be able to see my fristration.
Username = 'ExpertExchange'
Password = 'temppass'

If you login you will see that the correct information is brought back from the database, but when clicking on the 'Home' tab which redirects to the same page the login form is on the session is lost, can anyone help and spot why on the code i've attached??

NOTE: I have the start_session() command already on the main index page, I am calling this script via login.php as an include on the index page.

Thanks in advance for the help and support,
Tim
<?php session_start(); ?>

	<div style="position:absolute; right:10px; top:23px; height: 100px; width: 330px; background-color:#000">

	

		<?php

			// database credentials

			$host="host.company.co.uk"; // Host name

			$username="username"; // Mysql username

			$password="password"; // Mysql password

			$db_name="db_name"; // Database name

					

			 // username and password sent from form

			$myusername=$_POST['myusername'];

			$mypassword=$_POST['mypassword'];

			$login=$_GET['login'];

									

			if($login=='yes'){

				// Connect to server and select databse.

				$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");

				mysql_select_db("$db_name")or die("cannot select DB");

												

				$saltsql="SELECT t1.converge_pass_salt FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id WHERE t2.name='$myusername'";

				$saltresult=mysql_query($saltsql);

				$saltresult=mysql_result($saltresult, 0);

				

				$namesql="SELECT members_display_name FROM ibf1_members WHERE name='$myusername'";

				$nameresult=mysql_query($namesql);

				$nameresult=mysql_result($nameresult, 0);

				

				$avatarpath="SELECT t3.avatar_location FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";

				$avatarpathresult=mysql_query($avatarpath);

				$avatarpathresult=mysql_result($avatarpathresult, 0);

				

				$avatartype="SELECT t3.avatar_type FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";

				$avatartyperesult=mysql_query($avatartype);

				$avatartyperesult=mysql_result($avatartyperesult, 0);

				

				if ($avatartyperesult!='') {

				if ($avatartyperesult=='url') $avatarpathresult = $avatarpathresult;

				if ($avatartyperesult=='local') $avatarpathresult = "http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg";

				if ($avatartyperesult=='upload') $avatarpathresult = "http://www.ezegaming.com/Forum/uploads/$avatarpathresult";

				}

				   

				else $avatarpathresult = 'http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg';

							

				$messagecount="SELECT new_msg FROM ibf1_members WHERE name='$myusername'";

				$messagecountresult=mysql_query($messagecount);

				$messagecountresult=mysql_result($messagecountresult, 0);

				

				$awardlocation="SELECT award_image FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername' LIMIT 0,5";

				$awardlocationresult=mysql_query($awardlocation);

	

				echo "<div style='position:absolute; top:60px; left:88px;'>";

				echo "<table>";

	

				while($awardlist = mysql_fetch_array($awardlocationresult))

				{

					echo "<td>";

					echo "<img style='height:25px; width:25px; padding-left:0px;' src='http://www.ezegaming.com/Forum/style_images/awards/".$awardlist['award_image']."'>";

					echo "</td>";

				}

							

				echo "</table>";

				echo "</div>";

				

				echo "<div style='position:absolute; top:44px; left:88px;'>";

				echo "<table>";

				

				$medaltotalcount="SELECT count(username) FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername'";

				$medaltotalcountresult=mysql_query($medaltotalcount);

				$medaltotalcountresult=mysql_result($medaltotalcountresult, 0);

				

				{

				echo "<td>";

				echo "Latest Medals Awarded: ($medaltotalcountresult in total)";

				echo "</td>";

				}

				

				echo "</table>";

				echo "</div>";

	

				// encrypt password

				$encrypted_mypassword = md5( md5( $saltresult ) . md5( $mypassword ) );

				

				$sql="SELECT * FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id WHERE t2.name='$myusername' AND t1.converge_pass_hash='$encrypted_mypassword'";

				$result=mysql_query($sql);

				

				// Mysql_num_row is counting table row

				$count=mysql_num_rows($result);

				// If result matched $myusername and $mypassword, table row must be 1 row

							

				if($count==1){

				// Register $myusername, $mypassword and redirect to file "login_success.php"

				$_SESSION['myusername']=$myusername;

				}

				else {

				echo "<div style='position:absolute; right:5px; top:2px; color:red;'>Wrong Username or Password</div>";

				}

			}

			?>

			

		<?php if (isset($_SESSION['myusername'])) { ?>

		<form name="form1" method="post" action="Index.php?login=no">

		<div style="position:absolute; right:30px; bottom:12px;">Logout</div><div style="position:absolute; bottom:7px; right:7px;"><input type="image" src="http://www.ezegaming.com/SiteDevelopment/Images/submit.png" name="Submit" value="Login"></div>

		<?php

			$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");

			mysql_select_db("$db_name")or die("cannot select DB");

		

			$namesql="SELECT members_display_name FROM ibf1_members WHERE name='$myusername'";

			$nameresult=mysql_query($namesql);

			$nameresult=mysql_result($nameresult, 0);

			

			$avatarpath="SELECT t3.avatar_location FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";

			$avatarpathresult=mysql_query($avatarpath);

			$avatarpathresult=mysql_result($avatarpathresult, 0);

			

			$avatartype="SELECT t3.avatar_type FROM ibf1_members_converge AS t1 INNER JOIN ibf1_members AS t2 ON t1.converge_id = t2.id INNER JOIN ibf1_member_extra AS t3 ON t2.id = t3.id WHERE t2.name='$myusername'";

			$avatartyperesult=mysql_query($avatartype);

			$avatartyperesult=mysql_result($avatartyperesult, 0);

			

			if ($avatartyperesult!='') {

			if ($avatartyperesult=='url') $avatarpathresult = $avatarpathresult;

			if ($avatartyperesult=='local') $avatarpathresult = "http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg";

			if ($avatartyperesult=='upload') $avatarpathresult = "http://www.ezegaming.com/Forum/uploads/$avatarpathresult";

			}

			   

			else $avatarpathresult = 'http://www.ezegaming.com/Forum/style_avatars/defaultavatar.jpg';

						

			$messagecount="SELECT new_msg FROM ibf1_members WHERE name='$myusername'";

			$messagecountresult=mysql_query($messagecount);

			$messagecountresult=mysql_result($messagecountresult, 0);

			

			$awardlocation="SELECT award_image FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername' LIMIT 0,5";

			$awardlocationresult=mysql_query($awardlocation);
 

			echo "<div style='position:absolute; top:60px; left:88px;'>";

			echo "<table>";
 

			while($awardlist = mysql_fetch_array($awardlocationresult))

			{

				echo "<td>";

				echo "<img style='height:25px; width:25px; padding-left:0px;' src='http://www.ezegaming.com/Forum/style_images/awards/".$awardlist['award_image']."'>";

				echo "</td>";

			}

						

			echo "</table>";

			echo "</div>";

			

			echo "<div style='position:absolute; top:44px; left:88px;'>";

			echo "<table>";

			

			$medaltotalcount="SELECT count(username) FROM ibf1_awards AS t1 INNER JOIN ibf1_members AS t2 ON t1.username = t2.id WHERE t2.name='$myusername'";

			$medaltotalcountresult=mysql_query($medaltotalcount);

			$medaltotalcountresult=mysql_result($medaltotalcountresult, 0);

			

			mysql_close($con);

			

			{

			echo "<td>";

			echo "Latest Medals Awarded: ($medaltotalcountresult in total)";

			echo "</td>";

			}

			

			echo "</table>";

			echo "</div>";

					 

			echo "<div style='position:absolute; left:80px; top:10px;'>Welcome back, $nameresult!</div>";

			echo "<div style='position:absolute; left:80px; top:27px;'><img src='http://www.ezegaming.com/SiteDevelopment/Images/pm_small.png'><a href='http://www.ezegaming.com/Forum/index.php?act=Msg&CODE=01'> ($messagecountresult) New Messages</a></div>";

			echo "<div style='position:absolute; left:205px; top:27px;'>| <img src='http://www.ezegaming.com/Forum/style_images/default/my_controls.png' style='width:12px; height:8px;'><a href='http://www.ezegaming.com/Forum/index.php?act=UserCP&CODE=00'> My Controls</a></div>";

			echo "<div style='position:absolute; left:-3px; top:10px;'><img src='$avatarpathresult' style='height:80px; width=80px;'</div>";

		?>

		</form>

	<?php } else { ?>

		<form name="form1" method="post" action="Index.php?login=yes">

		<div style="position:absolute; top:10px; left:10px;">

		Login to EzEGaming

		</div>

		<div style="position:absolute; top:30px; left:10px;">

		Username:

		</div>	

		<div style="position:absolute; top:45px; left:10px;">

		<input name="myusername" type="text" id="myusername" style="height:15px; width:120px;">

		</div>	

		<div style="position:absolute; top:30px; left:150px;">

		Password:

		</div>	

		<div style="position:absolute; top:45px; left:150px;">

		<input name="mypassword" type="password" id="mypassword" style="height:15px; width:120px;">

		</div>	

		<div style="position:absolute; top:45px; left:280px;">

		<input type="image" src="http://www.ezegaming.com/SiteDevelopment/Images/submit.png" name="Submit" value="Login">

		</div>	

		</form>

		<div style="position:absolute; top:75px; left:10px;">

		  <a href="http://www.ezegaming.com/Forum/index.php?act=Reg&CODE=00">Join EzEGaming</a> | <a href="#">Forgot Login</a> | <a href="#">Help</a>		

		</div>

			<?php } 

				//If a session, allow logout

					if($login=='no'){

					unset($_SESSION['myusername']);

					}

				?>

	</div>

			<?php

		echo "<pre>";

		var_dump($_SESSION);

		echo "</pre>";

		?>

Open in new window

0
Comment
Question by:EzEApostle
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 8

Expert Comment

by:CoyotesIT
ID: 21860210
Can you make sure that in your code somewhere you are not killing the session. i.e session_destroy()

I took a look and saw that after I navigate away from "Home" and go back the login box is back. and the session var is empty. This would seem like the session is being killed.

0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21860263
I have pasted the code above and there is no destroy session only:

                              unset($_SESSION['myusername']);
 when the login=no i.e. clicking log out
0
 
LVL 4

Expert Comment

by:albuitra
ID: 21860437
Try with the libraries of pear
http://pear.php.net/
0
 
LVL 29

Expert Comment

by:fibo
ID: 21863267
[not directly related to topic] As a safety routine , I would probably replace

                            unset($_SESSION['myusername']);
with
                            $_SESSION['myusername'] = '';
                            unset($_SESSION['myusername']);

0
 
LVL 29

Expert Comment

by:fibo
ID: 21863279
Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?
0
 
LVL 29

Expert Comment

by:fibo
ID: 21863289
Oops... seems this post duplicates post Q_23512402.html
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:EzEApostle
ID: 21864271
I have removed the unset function in the logout and the problem still persits
Thanks
Tim
0
 
LVL 29

Expert Comment

by:fibo
ID: 21864306
Hi Tim
<<Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?>>
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21865787
I have already changed my password but thanks for amending the question, could I also ask you amend this topic:-

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/Q_23512402.html

As a further matter, I cannot understand why the author of a question cannot edit the original question? When I noticed I had copy and pasted my code without realising the database credentials where still in the script I couldnt amend the question OR get in contact with any mods on the site, this really needs to be addressed.

Thanks
Tim
0
 
LVL 8

Accepted Solution

by:
CoyotesIT earned 500 total points
ID: 21867264
Took another look throgh your code, one thing not related would be some repetative code that you may consider moving into an include for the member information that you are pulling i.e. messages, awards, and so on.

another here try adding this in place of your logout test

<?php }
      //If a session, allow logout
      if(isset($login) && ($login=='no')){
            //unset($_SESSION['myusername']); Not sure why you just don't end the session...
            session_destroy();
      }
?>
0
 
LVL 1

Author Comment

by:EzEApostle
ID: 21867653
Thanks for the advice but the problem is still there, I feel I may need to start from scratch and test it bit by bit

Thanks for the help though

Tim
0
 
LVL 29

Expert Comment

by:fibo
ID: 21868411
Not sure you noticed my question...
[[Hi Tim
<<Is the session problem present just with this script, while the use of sessions in other scripts prsent no problem?>>
]]
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now