Member Avatar for headfirst

Hi php gurus. newbie here needs help.

I m having a problem with my login script. Basically it works 95% of the time, but once and a while it doesn't. The session variable doesn't get set, or remembered, and the next referred page fails on the isset check. I tried a number of things, Please any suggestions would be great. My code is pretty messy...at the moment... but I've been going nuts with this. I recently added the session_regenerate_id and the session_write function to no avail.

snipplet from login.php.

//Start session
session_start();
sql="SELECT login,id FROM tblDealer WHERE login='".$email."' and password='".$password."'"; 
				$r = mysql_query($sql); 
				$row=mysql_fetch_array($r);
				
				if($r) {
					if(mysql_num_rows($r)>0) {
						//Login Successful
						session_regenerate_id();
						//$member=mysql_fetch_assoc($r);
						//$_SESSION['dealer_id']=$member['id'];
						$_SESSION['dealer_id']=$row["id"];
						session_write_close();
						//header("location: client.php");
						$dealer_id = $row["id"];
						print 'success,client.php,dealer='.$dealer_id; // maybe add it to the url ? just for now.
						exit();
					}else {
						//Login failed
						//header("location: login-failed.php");
						print "no such login in the system. please try again."; 
						exit();
					}
				}else  {
					die("Query failed");
				}

Next Page. Client.php
I use this check to confirm the session is there.

session_start();


   if(!isset($_SESSION['dealer_id'])) {
	echo '<p>Security Violation ';
	exit();
 }
  • 4 Contributors
  • 8 Replies
  • 164 Views
  • 22 Hours Discussion Span
  • Latest Post Latest Post by R0bb0b
Member Avatar for camilojvarona

Hi,

I am as newbie to PHP as you but in this line you missed teh '$' symbol.

sql="SELECT login,id FROM tblDealer WHERE login='".$email."' and password='".$password."'";

in front of the sql variable

$sql

Although you can go to this link

http://us2.php.net/manual/en/function.mysql-query.php

Hope this help,
Camilo

Member Avatar for headfirst

Thanks Camilo, I missed that character when pasting into this thread but it is there in my code...

Member Avatar for camilojvarona

Hi,

What program are you using for debugin your application?. I am using PHP Designer. I think that it would be useful to see what warnings does it give you.

Camilo

Member Avatar for headfirst

nothing really.... I guess I should really start using something.
But like I said it works 95% of the time, I can't reproduce the problem consistently, it seems to happen randomly.....thx

Member Avatar for headfirst

..anyone have any ideas...???

Member Avatar for R0bb0b

Try eliminating one problem at a time. create a page with just this code in it and refresh it several times, if it resets to zero then you have a problem, if not, I'm pretty sure that it is not a problem with the session.

<?
session_start();
if(!isset($_SESSION['sesstest']) || !is_numeric($_SESSION['sesstest']))
{
	$_SESSION['sesstest'] = 0;
}
else
{
	$_SESSION['sesstest']++;
}
echo $_SESSION['sesstest'];
?>
Member Avatar for php-lover 
//Start session
session_start();
$sql="SELECT login,id FROM tblDealer WHERE login='".$email."' and password='".$password."'"; 
				
if($result = mysql_query($sql)) {
	
   if(mysql_num_rows($result)>0) {
	
		list($login,$id) = mysql_fetch_array($result);
      
      $_SESSION['dealer_id']= $id;
		
		print 'success,client.php,dealer='.$id; // maybe add it to the url ? just for now.
		exit();
		
	}else {
		
		print "no such login in the system. please try again."; 
		exit();
	}//else
	
} else{

	die("Query failed");
}
Member Avatar for R0bb0b

actually, I really don't see much difference, but it looks much cleaner.
:-/

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.