admin.php

<?php
// connection to MySQL server
mysql_connect('localhost','root','');
mysql_select_db('administration');


if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $loginPassword=$_POST['password']; 
  $MM_redirectLoginSuccess = "validated.php";
  $MM_redirectLoginFailed = "admin.php";
  $MM_redirecttoReferrer = true;
  
  $errors = array();
  
	 if(empty($_POST['username'])) {
		$errors[] = 'You think whom going to fill up the USERNAME for you?';
	 }	
	 if(empty($_POST['password'])) {
		$errors[] = 'You think whom going to fill up the PASSWORD for you?';
	 }	
	if (empty($errors)) {
	
  $loginUsername = get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername);
  $password = get_magic_quotes_gpc() ? $password : addslashes($password);
  $LoginRS_query = "SELECT username, password FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'";
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  
  if ($loginFoundUser) {
    
	session_name ('YourVisitID');
	session_start();
	$_SESSION['user_id'] = $loginFoundUser[0];
	$_SESSION['first_name'] = $loginFoundUser[1];
	$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
	
    echo "<script type='text/javascript'>location.href='$MM_redirectLoginSuccess';</script>";
	exit();
	}
  else {
  
    echo "<script type='text/javascript'>location.href='$MM_redirectLoginFailed';</script>";
}
}
mysql_close();
}

?>

validated.php

<?php

session_name ('YourVisitID');
session_start(); // Start the session.
$MM_redirectLoginFailed = "admin.php";
$MM_redirecttoReferrer = true;

// If no session value is present, redirect the user.
if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {

	echo "<script type='text/javascript'>location.href='$MM_redirectLoginSuccess';</script>";
	exit(); // Quit the script.
}

?>

I've two pages as displayed above. I wanted to enable sessions so that the user can not go to validated.php straight without any validation. But the the code above does not create any sessions at all. The codes in validated.php is working fine and the codes in admin.php is working fine without the line 32 - 36. This line did not create/store any sessions when executed. Each time, after I log in using the correct username and password, it will redirect me bak to the index.php. Please help.

Where should I place this code, before/after session start? thx

When I paste the code as directed, the page validated.php was blinking, similar to an infinity loop. Like the page try to load, but can't. Finally, I stopped that page. Advise pls.

Have 2 pages.

<?php //page1.php
session_start();
$_SESSION['name']="test";
header("location: page2.php");
?>

In page2.php, write this.

<?php
session_start();
print_r($_SESSION);
?>

See if it prints test in page2.

So, session exists.

Redirect to a dummy page, for eg, page2.php and have print_r($_SESSION) in it. Check if session is being passed !

I get output like this:

Array ( )

It can't create the the session rite? But why. All my syntax was correct rite?

Strange! Are you sure, $loginFoundUser[0], $loginFoundUser[1], md5($_SERVER) have values ? I think nothing is assigned to session variables.

$_SESSION['user_id'] = $loginFoundUser[0];
$_SESSION['first_name'] = $loginFoundUser[1];
$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);

I took this code from a php book and modified it. The content of my table in my database is,

user_id
first_name
last_name
email
contact
username
password

So I thought, since user_id in the first row and the first_name in the second row, I define it [0] and [1]. I've actually no idea why the book used $_SESSION. Kindly, please advise me on how to modify the codes to make the session works.

Just to say that, I wont be available for the next 7-8 hours. I will back for your reply. Please don't ignore this thread till it marks unsolved. This is my kind request. Thanks a lot.

Ah! i see. Thats wrong. You aren't fetching any record from the table. You are trying to assign null value to the session, because, there will be nothing in $loginFoundUser[0] and $loginFoundUser[1]. Use this instead of your query.

$LoginRS_query = "SELECT userid, firstname, username, password FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'"; // Here, userid and firstname are the columns of the table. Change it to whatever columnnames you have in your table. 
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $record_row = mysql_fetch_array($LoginRS);
  $_SESSION['user_id'] = $record_row[0];
  $_SESSION['first_name'] = $record_row[1];
$LoginRS_query = "SELECT user_id, first_name FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'";
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $record_row = mysql_fetch_array($LoginRS);
  
  if ($loginFoundUser) {
    
	session_name ('YourVisitID');
	session_start();
	$_SESSION['user_id'] = $record_row[0];
	$_SESSION['first_name'] = $record_row[1];

Just wanted to confirm with. Is this the way you want me to do?
or

$LoginRS_query = "SELECT user_id, first_name FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'";
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $record_row = mysql_fetch_array($LoginRS);
  
  if ($record_row>0) {
    
	session_name ('YourVisitID');
	session_start();
	$_SESSION['user_id'] = $record_row[0];
	$_SESSION['first_name'] = $record_row[1];

And another thing is, if I remove the 'AGENT' from this page and I have also remove it from validated.php

<?php

session_name ('YourVisitID');
session_start(); // Start the session.
//print_r($_SESSION);
$MM_redirectLoginFailed = "admin.php";
$MM_redirecttoReferrer = true;

// If no session value is present, redirect the user.
if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {

	echo "<script type='text/javascript'>location.href='$MM_redirectLoginSuccess';</script>";
	exit(); // Quit the script.
}

?>

So what kind of session validation should I place here. Please advise.

$LoginRS_query = "SELECT user_id, first_name FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'";
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $record_row = mysql_fetch_array($LoginRS);
  
  if ($loginFoundUser) {
    
	session_name ('YourVisitID');
	session_start();
	$_SESSION['user_id'] = $record_row[0];
	$_SESSION['first_name'] = $record_row[1];

This is correct. And yes, in validated.php, you just can check if the session variables is set.
So, instead of if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) { , you can check,

if(! isset($_SESSION['user_id']) || ! isset($_SESSION['first_name'])) { // sesssion not set, redirect to error page
}

I've tried the both methods above with the dummy page to print out the sessions, not working.

Do one thing. Before assigning it to the session, print out its value. ie.,

$LoginRS_query = "SELECT user_id, first_name FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'";
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $record_row = mysql_fetch_array($LoginRS);
$user_id = $record_row['user_id'];
$first_name = $record_row['first_name'];
  print "User id is :". $user_id;
print "First name is :". $first_name;

See what it prints ! Then assign $user_id and $first_name to the session.

When i pasted the code above, I've temporarily disabled the sessions loop. After I've inputted the correct username and password, at the top left of admin.php I get a msg like this,

User id is :c13964First name is :Lord

and this matches my id and first name in the table. But why can't the session work?

$LoginRS_query = "SELECT user_id, first_name FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'";
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $record_row = mysql_fetch_array($LoginRS);
  //$user_id = $record_row['user_id'];
  //$first_name = $record_row['first_name'];
  //print "User id is :". $user_id;
  //print "First name is :". $first_name;
  
  if ($loginFoundUser) {
    
	session_name ('YourVisitID');
	session_start();
	$_SESSION['user_id'] = $record_row['user_id'];
	$_SESSION['first_name'] = $record_row['first_name'];

Even this not working.

Great.. Now comment this line and assign $user_id and $first_name value to session variables. Then just to check if this works, redirect to a dummy script and just print out the session values in the dummy script.
And, you can't say session doesn't work, because, in the other example you tried out, sessions worked. So, I believe something is wrong with the script.
P.S, Can you post the latest code of both the scripts ?

$LoginRS_query = "SELECT user_id, first_name FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'";
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $record_row = mysql_fetch_array($LoginRS);
  //$user_id = $record_row['user_id'];
  //$first_name = $record_row['first_name'];
  //print "User id is :". $user_id;
  //print "First name is :". $first_name;
  
  if ($loginFoundUser) {
    
	session_name ('YourVisitID');
	session_start();
	$_SESSION['user_id'] = $record_row['user_id'];
	$_SESSION['first_name'] = $record_row['first_name'];

Even this not working.

It HAS to work. Is it entering the loop if($loginFoundUser) ? Soon after you assign the values to the session variables print it out. print_r($_SESSION). Tellme if its assigning the values to the session variables. :S

LATEST CODE

admin.php

<?php
// connection to MySQL server
mysql_connect('localhost','root','');
mysql_select_db('administration');


if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $loginPassword=$_POST['password']; 
  $MM_redirectLoginSuccess = "test2.php";
  //$MM_redirectLoginSuccess = "validated.php";
  $MM_redirectLoginFailed = "admin.php";
  $MM_redirecttoReferrer = true;
  
  $errors = array();
  
	 if(empty($_POST['username'])) {
		$errors[] = 'You think whom going to fill up the USERNAME for you?';
	 }	
	 if(empty($_POST['password'])) {
		$errors[] = 'You think whom going to fill up the PASSWORD for you?';
	 }	
	if (empty($errors)) {
	
  $loginUsername = get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername);
  $password = get_magic_quotes_gpc() ? $password : addslashes($password);
  $LoginRS_query = "SELECT user_id, first_name FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'";
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $record_row = mysql_fetch_array($LoginRS);
  //$user_id = $record_row['user_id'];
  //$first_name = $record_row['first_name'];
  //print "User id is :". $user_id;
  //print "First name is :". $first_name;
  
  if ($loginFoundUser) {
    
	session_name ('YourVisitID');
	session_start();
	$_SESSION['user_id'] = $record_row['user_id'];
	$_SESSION['first_name'] = $record_row['first_name'];
	//$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
	
    echo "<script type='text/javascript'>location.href='$MM_redirectLoginSuccess';</script>";
	exit();
	}
  else {
  
    echo "<script type='text/javascript'>location.href='$MM_redirectLoginFailed';</script>";
}
}
mysql_close();
}

?>

validated.php

<?php

session_name ('YourVisitID');
session_start(); // Start the session.
//print_r($_SESSION);
$MM_redirectLoginFailed = "admin.php";
$MM_redirecttoReferrer = true;

// If no session value is present, redirect the user.
if(! isset($_SESSION['user_id']) || ! isset($_SESSION['first_name'])) {

	echo "<script type='text/javascript'>location.href='$MM_redirectLoginFailed';</script>";
	exit(); // Quit the script.
}

?>

dummy page - test2.php

<?php
session_start();
print_r($_SESSION);
?>

Still the dummy page prints out empty Array. e.g. Array (). &

If I use the loop to redirect to validated.php, it will bounce back to admin.php.

Well, It has to work. I don't know/see why its not working. Try replacing location.href with header. See if values are assigned to session variables in page1 itself. Print $_SESSION and $_SESSION in page 1 before redirecting.

I've modified as stated above and the error I get,

User id is :c13964First name is :Lord.
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\cycle\admin.php:1) in C:\xampp\htdocs\cycle\admin.php on line 39

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\cycle\admin.php:1) in C:\xampp\htdocs\cycle\admin.php on line 39

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\cycle\admin.php:1) in C:\xampp\htdocs\cycle\admin.php on line 43

Changes:

$LoginRS_query = "SELECT user_id, first_name FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'";
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $record_row = mysql_fetch_array($LoginRS);
  $user_id = $record_row['user_id'];
  $first_name = $record_row['first_name'];
  print "User id is :". $user_id;
  print "First name is :". $first_name;
  
  if ($loginFoundUser) {
    
	session_name ('YourVisitID');
	session_start();
	$_SESSION['user_id'] = $record_row['user_id'];
	$_SESSION['first_name'] = $record_row['first_name'];
	//$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
	header( "Location: validated.php" );
    //echo "<script type='text/javascript'>location.href='$MM_redirectLoginSuccess';</script>";
	exit();
$LoginRS_query = "SELECT user_id, first_name FROM adminprofile WHERE username='$loginUsername' AND password='$loginPassword'";
  $LoginRS = mysql_query($LoginRS_query) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $record_row = mysql_fetch_array($LoginRS);
  $user_id = $record_row['user_id'];
  $first_name = $record_row['first_name'];
  print "User id is :". $user_id;
  print "First name is :". $first_name;
  
  if ($loginFoundUser) {
    
	session_name ('YourVisitID');
	session_start();
	$_SESSION['user_id'] = $record_row['user_id'];
	$_SESSION['first_name'] = $record_row['first_name'];
echo $_SESSION['first_name'];
echo $_SESSION['user_id'];
	//$_SESSION['agent'] = //md5($_SERVER['HTTP_USER_AGENT']);
	//header( "Location: validated.php" );
    //echo "<script type='text/javascript'>location.href='$MM_redirectLoginSuccess';</script>";
	exit();

Does this print the values ?

Printing but with error

User id is :c13964First name is :Lord.
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\cycle\admin.php:1) in C:\xampp\htdocs\cycle\admin.php on line 39

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\cycle\admin.php:1) in C:\xampp\htdocs\cycle\admin.php on line 39
c13964Lord.

I'm going to class now and will be back in 5 hours time. Please help till I solve this session problem. This is my humble request. Hope to see your reply. Thanks a lot.

Strange. Its storing the values in the session variable. But its not passing it to the next page ? I am lost !

This article has been dead for over six months. Start a new discussion instead.