not display the information in $ _SESSION, why?

Question

pilucho 0 Newbie Poster

8 Years Ago

in all pages will code with "session_start ();"
but does not display all the information,
as "First name, Last name"
But if the user is connected,
and when browsing pages,
only shows the nick, and the other names disappear

on the first page to connect,
if it shows all the user information
but when clicking to another page disappears

please help, how to solve
or correct the problem.

"$cedula" is the nickname,
"$clave" is the password

Here, the full code

Funtions.php

<?
function loginuser()
{

    $cedula = $_POST['cedula'];
    $clave = $_POST['clave'];
    $nombres = $_POST['nombres'];
    $nombres = $_GET['nombres'];
    if ($cedula && $clave)
    {
        include_once('adodb/adodb.inc.php');
        include_once('conn.php'); // Coneción 
        $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
        $conn = &ADONewConnection('mysql'); 
        $conn->Connect($dbhost,$dbuser,$dbpass,$dbdatabase);
        $pass = md5($clave);
        $uname = capotexto($cedula);
        $sqlstmt = "SELECT role FROM personas WHERE cedula='$uname' AND clave='$pass'";
        $recordSet = &$conn->Execute("$sqlstmt");
        $numResults = $recordSet->RecordCount();
        $userRole = $recordSet->fields['role'];

        if ($numResults > 0)
            {
                $_SESSION['auth_user'] = $cedula;
                $_SESSION['auth_role'] = $userRole;
            }
        else
            {
                $page = new pagebuilder('../');
                //
                echo "<div align=center> $cedula. no es correcto <a href='javascript:history.go(-1);'>Volver</a></div>";
                exit;
            }
    }
    else 
    {
        $page = new pagebuilder('../');
        //
        echo "<div align=center>  Usuario y Contrase&ntilde;a. <a href='javascript:history.go(-1);'>Volver</a></div>";
        exit;
    }
}

function checkUser($check='')
{

    if (!isset($_SESSION['auth_user']))
    {
        $page = new pagebuilder('../');
        //
        echo "<div align=center> aun no se ha logeado </div><br>";
        echo "<div align=center> <a href='javascript:history.go(-1);'>Volver</a></div>";
        exit;
    }
    if ($check)
    {
        if ($_SESSION['auth_role'] != $check)
        {
            $page = new pagebuilder('../');
            //
            echo "<div align=center> no tienes permiso!<br></div>";
            exit;   
        }
    }
}
?>

PagesHome1.php, PageHome2.php etc.

<?php 
session_start();
if (!isset($_SESSION['auth_user'])) loginuser();
include_once('funtion.php');
include_once('conn.php'); // Coneción 
mysql_connect($dbhost,$dbuser,$dbpass) or die(mysql_error());
mysql_select_db($dbdatabase) or die(mysql_error());
// Esto por si las dudas
$_SESSION['cedula'] = $_POST['cedula'];
$_SESSION['personasid'] = $_POST['personasid'];
$_SESSION['nombres'] = $_POST['nombres'];
$_SESSION['apellidos'] = $_POST['apellidos'];

$result = mysql_query("SELECT * FROM personas WHERE cedula='".$_SESSION["cedula"]."' ");
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))  {
        $personasid = $row['personasid'];
        $nombres = $row['nombres']; 
        $apellidos = $row['apellidos']; 
} 
//
?>
<?php  if (isset($_SESSION['auth_user'])) {  ?>
 Welcome! <? echo  $nombres; ?> <? echo   $apellidos;  ?>  
 Nick <? echo ' '.$_SESSION['auth_user']; ?> 
 ID <? echo  $personasid; ?> 

<? } ?>

`<form action="PagesHome1.php" method="POST">
<input name="cedula" type="text" />
<input name="clave" type="password" />
<input name="Entrar" type="submit">
</form>

SQL Table
Código HTML:
CREATE TABLE personas (
personasid int(11) NOT NULL AUTO_INCREMENT,
cedula varchar(40) NOT NULL DEFAULT '',
clave varchar(40) NOT NULL DEFAULT '',
email varchar(60) DEFAULT NULL,
role varchar(20) default NULL,
nombres varchar(100) NOT NULL DEFAULT '',
apellidos varchar(100) NOT NULL DEFAULT '',
PRIMARY KEY (personasid),
UNIQUE KEY cedula (cedula)
) ;`

display login mysql php session

2 Contributors
4 Replies
271 Views
3 Days Discussion Span
Latest Post 8 Years Ago Latest Post by pilucho

All 4 Replies

broj1 356 Humble servant

8 Years Ago

Nowhere you check if password and username have been entered which is not a good practice and might be a reason for your error. You should do it this way:

if(!isset($_SESSION['auth_user']) && isset($_POST['cedula']) && isset($_POST['clave'])) {
    loginuser();
}

Also use curly brackets even if you have only one statement, to avoid coding errors.

$result = mysql_query("SELECT * FROM personas WHERE cedula='".$_SESSION["cedula"]."' ");

Using raw uncleansed form input is extremely dangerous (sql injection). Do filtering, cleansig, whitelisting, casting etc. before using form data in queries.

In your function you use ADO and in your code you use deprecated mysql extension. Was this your intention or just blind copying of example code? It might be another possible cause for errors. Also avoid mysql extension completely since it is outdated and deprecated.

$recordSet = &$conn->Execute("$sqlstmt");

Referencing object is also deprecated.

Using functions to render HTML is not a good practice (in my personal view). I prefer functions to process something and return result or FALSE. This way HTML is not hard coded and I can easily change it.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

pilucho 0 Newbie Poster · Answer 1 · 2015-11-09T15:20:37+00:00

It has reason to be deprecated use ADO mysql
but still the same,
I tried this way,
on the first page appears the first name, last name,
to enter PageHome2.php
disappears the first name, last name,

<?php 
session_start();
//if (!isset($_SESSION['auth_user'])) loginuser();
if(!isset($_SESSION['auth_user']) && isset($_POST['cedula']) && isset($_POST['clave'])) {
    loginuser();
}
include_once('funtion.php');
include_once('conn.php'); // Coneción 
mysql_connect($dbhost,$dbuser,$dbpass) or die(mysql_error());
mysql_select_db($dbdatabase) or die(mysql_error());
// Esto por si las dudas
$_SESSION['cedula'] = $_POST['cedula'];
$_SESSION['personasid'] = $_POST['personasid'];
$_SESSION['nombres'] = $_POST['nombres'];
$_SESSION['apellidos'] = $_POST['apellidos'];
$result = mysql_query("SELECT * FROM personas WHERE cedula='".$_SESSION["cedula"]."' ");
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))  {
        $personasid = $row['personasid'];
        $nombres = $row['nombres']; 
        $apellidos = $row['apellidos']; 
} 
//
?>
<?php  if (isset($_SESSION['auth_user'])) {  ?>
 Welcome! <? echo  $nombres; ?> <? echo   $apellidos;  ?>  
 Nick <? echo ' '.$_SESSION['auth_user']; ?> 
 ID <? echo  $personasid; ?> 
<? } ?>

broj1 356 Humble servant Featured Poster · Answer 2 · 2015-11-09T17:00:20+00:00

In each script that uses session variables you have to have the session_start function on the very top of the script. It is important that no HTML or other output is sent before this function. Make sure there is not even a space before the first opening <?php tag.

pilucho 0 Newbie Poster · Answer 3 · 2015-11-11T17:46:30+00:00

Yes "session_start();"
no spaces
at the beginning of all code
yet disappears the first name, last name, :-(

not display the information in $ _SESSION, why?

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers