[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 354
  • Last Modified:

How can I register a session based on a field from my MySQL table?

I have a simple login form that does a fine job of registering a session allowing the user to login based on the email and password in the USERS table.  My checklogin.php does this:

// username and password sent from signup form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE Email='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION["ClientID"] = $row['ClientID'];

and redirects to my welcome page.  However, it doesn't seem to be creating the session that I want (ClientID).  Am I doing something wrong?

Thanks!
Kevin
0
Kevin Smith
Asked:
Kevin Smith
1 Solution
 
Ray PaseurCommented:
Are you using session_start() on every page?
0
 
Ray PaseurCommented:
Might be helpful if you posted the entire script.  The segments above omit error handling and reporting that is required if you want to diagnose an issue like this.  Perhaps if we see the entire script we can help you put in some diagnostic code to find out where the issue lies.

Best, ~Ray
0
 
Cornelia YoderArtistCommented:
Is the webpage you are redirecting to in the same domain as the one creating the clientid session variable?  If not, that might be your problem.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
rameshfromindCommented:
insert first line as seesion_start() function like below.

If you want to maintain the keep the session value in all the pages you should insert session_start() function or otherwise you create the seprate page and include the all pages.

session_start();
// username and password sent from signup form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE Email='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION["ClientID"] = $row['ClientID'];
0
 
Ray PaseurCommented:
@yodercm: Good point!  Or even in the same subdomain or directory path!  The default session handling sets a cookie that can be quite confusing.  But my guess is that there is something more prosaic, like a failing query that is not recognized.  If only we could get everyone here to learn about var_dump() we could take the weekend off!

Best regards, ~Ray
0
 
Ray PaseurCommented:
@rameshfromind: just a thought.  What do you think will happen if I post to your script with a password field that says, "Foo OR 1=1" ?  It might be good to see the OP's actual complete code so we can help with things like unescaped or malicious form input, too.  Alas, there are so many ways to make just a little mistake that can create a world of nightmares!
0
 
Kevin SmithAuthor Commented:
domain is the same, so that's not the issue.
0
 
Ray PaseurCommented:
Please show us the "real code" -- we can show you how to put in some diagnostics that will make this easy to find and fix.  Thanks, ~Ray
0
 
Kevin SmithAuthor Commented:
Wow...it was just adding the session_start to the login code.  I was not aware that it had to be in the login code itself, I just thought it had to be on actual pages.

Learn something new and simple every day :)

Thanks all!
Kevin
0
 
Ray PaseurCommented:
Great!

Here is a thought you might want to consider going forward.  Create a "config.php" script and include it as the first statement of all your PHP scripts.  Inside that you can do all the basic stuff you need, such as session_start(), DB connections, etc.

Your scripts will all start something like this:
<?php // MY SCRIPT TO SHOW CONFIG
require_once('config.php');

A teaching sample for a config.php script is shown here:
<?php // RAY_sample_config.php
 
// DO NOT RUN THIS SCRIPT STANDALONE
if (count(get_included_files()) < 2) { header("HTTP/1.1 301 Moved Permanently"); header("Location: /"); exit; }
 
// SEE ALL ERRORS
error_reporting(E_ALL);
 
// ALWAYS START THE SESSION
session_start();
 
// CONNECTION AND SELECTION VARIABLES FOR THE DATABASE
$db_host = "localhost"; // PROBABLY THIS IS OK
$db_name = "??";        // GET THESE FROM YOUR HOSTING COMPANY
$db_user = "??";
$db_word = "??";
 
// CONNECT TO THE DATA BASE SERVER
if (!$db_connection = mysql_connect("$db_host", "$db_user", "$db_word"))
{
   $errmsg = mysql_errno() . ' ' . mysql_error();
   echo "<br/>NO DB CONNECTION: ";
   echo "<br/> $errmsg <br/>";
}
 
// SELECT THE DATA BASE
if (!$db_sel = mysql_select_db($db_name, $db_connection))
{
   $errmsg = mysql_errno() . ' ' . mysql_error();
   echo "<br/>NO DB SELECTION: ";
   echo "<br/> $errmsg <br/>";
   die('NO DATA BASE');
}
 
// LOCAL CONSTANTS DEFINITIONS
DEFINE("TOKEN", "PuhCIz8dbaC6JEvtjO7SHy1JZ2CdS");
 
// LOCAL FUNCTIONS DEFINITIONS
function get_clean_integer_string($string)
{
   return trim(ereg_replace("[^0-9\-]", "", $string)); // FORCE IT ALL NUMERIC
}
 
// INITIALIZATION CODE
list ($x, $y) = explode(" ", microtime());
$script_start_time = $x + $y;
 
 
 
// ETC ETC ETC...

Open in new window

0
 
Kevin SmithAuthor Commented:
Thanks to everyone!  Great tip ray!  I'll do that from now on.
0
 
Ray PaseurCommented:
@ksmithscs, at EE it is considered good form to award at least SOME of the points to the first correct answer you receive, such as the one I posted five minutes after your question arrived.  You can use the "request attention" button to ask a moderator to help you change this.  Thank you for your consideration, ~Ray
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now