how to fix this code

What code are you using to store the session?

I am no expert and the way I do it may be wrong but........

I use the following code to verify the log in

#CHECK BOTH USERNAME AND PASSWORD FIELDS HAVE BEEN ENTERED
if(!empty($_POST['Lname']) AND !empty($_POST['Lpassword']))
 {//Username and password have both been entered so check against dbase
  $username = mysql_escape_string($_POST['Lname']);  
  $password = mysql_escape_string(md5($_POST['Lpassword'])); 
			   
  $search = mysql_query("
  SELECT 
  id, username, password, active, userlevel 
  FROM 
  users 
  WHERE
  username like binary '".$username."' 
  AND password='".$password."' 
  AND active='1'
  ") 
  or die(mysql_error());  
			  
  $match  = mysql_num_rows($search);  
  $level = mysql_fetch_assoc($search);
			  
  if($match > 0) //The username and password is correct
  {//START MANUAL LOGIN & SET SESSION VARIABLES  
  $_SESSION['user'] = $username;
  $_SESSION['level'] = $level['userlevel'];
  $_SESSION['loggedin'] = '1';
  $_SESSION['id'] = $level['id'];
				  
  #CHECK IF USER HAS CHECKED 'REMEMBER ME'			
  if(isset($_POST['remember']))
  {//'Remember me' was checked so store cookies to autologin next time
    setcookie('username', $username, time()+60*60*24*365, "/");
    setcookie('password', $password, time()+60*60*24*365, "/");
  }
  header( 'Location: '. $thispage.'' ) ;

  //User is logged in so show welcome, logout and profile links
  echo $hello_user;
  }

If the user has successfully logged in $_SESSION equals 1. That way, I only have to check the $_SESSION value.

if( $_SESSION['loggedin'] == 1)
{
echo $_SESSION['user']
}

Regards
Steve

Iam Using Old Code Coz Iam Still Beginner

<?php
include('Admin/config.php');
session_start();
$username = addslashes($_POST['username']);
$password = addslashes($_POST['password']);
if($username != null && $password != null){

$query = "SELECT `password` FROM `users` WHERE `username` = '$username'";
$result = mysql_query ($query) or die ("Query failed");
$answer = 'false';
while($n=mysql_fetch_array($result))
{

if($n['password'] == ($password)){
$_SESSION['username'] = $username;
$_SESSION['password'] = $n['password'];
$answer = 'true';
mysql_close($connect);
}

}

if($answer == 'true'){

include('Log_Success.php');

}else{

echo "Bad";

}

}else{

echo "You Must Fill The Username & Password Fields";

}
?>

Iam Sorry I think I Didnt Explain My problem Will

The Session Is Working Ok And Evrything Is Cool

But This Code

$query = "SELECT * FROM users WHERE username='$_SESSION[username]'";
    $result = mysql_query($query);
    while($row = mysql_fetch_array($result))
    {
    echo "$row[username]";
    }

Does Not Show The Name Of Username Thats All The problem

Something Wrong In this Code

I need To Show Some Information Inside This Code If The Session is Logged In

Now Session Is Ok And Logged In But The Code Dont Show Anything

I am just going out but will take a look when I get back if no-one more clued up has solved it!!

One thing I will ask though, do you have a session_start() on the page? If the log in is successful the session needs to be started. Also ob_start() (I believe) clears any residual data to give each page a fresh start.

I have got into the habit of, on any page where session variables are used, including

<?php ob_start(); session_start();?>

on the very first line of code with no white space before it and

<? ob_flush(); ?>

after the final </html>

Once again, these may not be best practices but they did solve a lot of my session based problems.

Steve

I am just going out but will take a look when I get back if no-one more clued up has solved it!!

One thing I will ask though, do you have a session_start() on the page? If the log in is successful the session needs to be started. Also ob_start() (I believe) clears any residual data to give each page a fresh start.

I have got into the habit of, on any page where session variables are used, including

<?php ob_start(); session_start();?>

on the very first line of code with no white space before it and

<? ob_flush(); ?>

after the final </html>

Once again, these may not be best practices but they did solve a lot of my session based problems.

Steve

Thanks So Much I Started The Session As i mentioned In The First Post

This Is Row Number 1 In My page

<?session_start();?>

The Session Started Ok And Everything Going Fine Just One Thing

If The Session Is Ok Username + Password

I Need To Show The Username (( Name ))

Thats Only What I Need

I Used This Code But Its Not Working And Give Me Blank Area

<?
if ($_SESSION['username'] || $_SESSION['password'])
{

$query = ("SELECT * FROM users WHERE username='$_SESSION[username]'");
$result = mysql_query($query);
while($row = mysql_fetch_array($result))
 {
    echo "$row[username]"; 
    }

}else{

echo "<img src='Zimg/Login.Png' alt='Login' /><br/><br/>";
echo "You Must Register To See This Page :(";
echo "<META HTTP-EQUIV='refresh' CONTENT='2; URL=index.php'>";

}
?>

Why This (( echo "$row[username]"; ))

Dont Show The Name ?

as i can see from your code that you have echo the value from the table $row; Does your table has a field name like 'username'. Otherwise if you want to show the username you can just echo it by using the session value.

$query = "SELECT * FROM users WHERE username='$_SESSION[username]'";
    $result = mysql_query($query);
    $numRows=musql_num_rows($result);
    if($numRows!=0)
    {
          echo "$_SESSION[username]";
    }

as i can see from your code that you have echo the value from the table $row; Does your table has a field name like 'username'. Otherwise if you want to show the username you can just echo it by using the session value.

$query = "SELECT * FROM users WHERE username='$_SESSION[username]'";
    $result = mysql_query($query);
    $numRows=musql_num_rows($result);
    if($numRows!=0)
    {
          echo "$_SESSION[username]";
    }

Thanks You Got What I Mean

I Tried And Got This

Fatal error: Call to undefined function musql_num_rows() In Line 33

Thats The Code

<?
if ($_SESSION['username'] || $_SESSION['password'])
{

    $query = "SELECT * FROM users WHERE username='$_SESSION[username]'";
    $result = mysql_query($query);
    $numRows=musql_num_rows($result);
    if($numRows!=0)
    {
    echo "$_SESSION[username]";
    }

}else{

echo "<img src='Zimg/Login.Png' alt='Login' /><br/><br/>";
echo "Reg Plz";
echo "<META HTTP-EQUIV='refresh' CONTENT='2; URL=index.php'>";

}
?>

And Thats The Line

$query = "SELECT * FROM users WHERE username='$_SESSION[username]'";

Ok Got It There's

musql_num_rows($result)

Should Be

mysql_num_rows($result)

No Erros Now But It Not Show The Username

I Dont Know Why

I knew someone more clued up would spot something I hadn't!

Although my example had 'echo $_SESSION' I never noticed that you were echoing a row value!

Steve

I knew someone more clued up would spot something I hadn't!

Although my example had 'echo $_SESSION' I never noticed that you were echoing a row value!

Steve

I Tried This

echo $_SESSION['username'];

But Return Nothing Blank Space

Iam Sure I Forget Something :(

This Is The Full Code

<?session_start();?>

<?php
include('func.php');
include('Admin/config.php');
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="rtl" lang="ar">

<head>
<title>Profile</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256" 

/>
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="Style.Css" />

</head>

<body>

<?php include "header.html" ?>

<div id="wrap">

<div class="Log_Content"> 

<?
if ($_SESSION['username'] || $_SESSION['password'])
{

    $query = "SELECT * FROM users WHERE username='$_SESSION[username]'";
    $result = mysql_query($query);
    $numRows=mysql_num_rows($result);
    if($numRows!=0)
    {
    echo $_SESSION['username'];
    }

}else{

echo "<img src='Zimg/Login.Png' alt='Login' /><br/><br/>";
echo "Reg Plz";
echo "<META HTTP-EQUIV='refresh' CONTENT='2; URL=index.php'>";

}
?>

</div>

<div class="linksfooter">
<?php include "links.html"; ?>
</div>

</div>

<?php include "tags.html" ?>

<center>
<?php include "under.html" ?>
</center>

</body>
</html>

Just a guess but narrow it down to which part is not working.

Instead of

if ($_SESSION['username'] || $_SESSION['password'])

try

if (isset($_SESSION['username']))

If that works then just try

if (isset($_SESSION['password']))

If they both work then the session variables are being collected. If one or both do not work, then that is where the problem somehow lies.

Just a guess but narrow it down to which part is not working.

Instead of

if ($_SESSION['username'] || $_SESSION['password'])

try

if (isset($_SESSION['username']))

If that works then just try

if (isset($_SESSION['password']))

If they both work then the session variables are being collected. If one or both do not work, then that is where the problem somehow lies.

Iam Sorry For Late

Its Still Dont Show Anything I Dont Know Whats The Problem :(

Hi Zero,
Try adding this on line 30 (based on the complete code you added above):

<?php echo ( isset($_SESSION['username']) ) ? "Username is: $_SESSION['username']" : "Username not found!"; ?>

Then let us know what this snippet outputs.

Its Still Dont Show Anything I Dont Know Whats The Problem :

That suggests to me that the session variables are not being set. EvolutionFallen's code should confirm this.

Steve

Hi Zero,
Try adding this on line 30 (based on the complete code you added above):

<?php echo ( isset($_SESSION['username']) ) ? "Username is: $_SESSION['username']" : "Username not found!"; ?>

Then let us know what this snippet outputs.

First Thanks For Help

I Put The Code You gave Me And Got This Error

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

That suggests to me that the session variables are not being set. EvolutionFallen's code should confirm this.

Steve

I Think I Didnt Set The Variable Of Session But This Code Give Me Error

Try changing

$query = "SELECT * FROM users WHERE username='$_SESSION[username]'";

to

$sessuser = $_SESSION['username'];
$query = "SELECT * FROM users WHERE username='".$sessuser."'";

Hey I Tested This Code On My Page

<?php
session_start();
if(isset($_SESSION['Username']))
{
echo "<div id='User'>Welcome : " . $_SESSION['Username'] . " </div>";
}
else
{
echo "no";
}
?>

It Works And Give Me

Welcome : ط²ط§ط¦ط±

Why The Username Show Like This ?

Try changing

$query = "SELECT * FROM users WHERE username='$_SESSION[username]'";

to

$sessuser = $_SESSION[username];
$query = "SELECT * FROM users WHERE username='".$sessuser."'";

Thanks For Help

Thats The Code

<?
if ($_SESSION || $_SESSION)
{
$sessuser = $_SESSION[username];
$query = "SELECT * FROM users WHERE username='".$sessuser."'";
$result = mysql_query($query);
$numRows=mysql_num_rows($result);
if($numRows!=0)
{
echo $_SESSION;
}

Unfortunately It Show White Space No Error And Nothing To Show

Plz See My Last Post I Tested Another Code In The First Of The Page

It Showed The Username With Something Wrong On Encoding

Forgive my ignorance but that looks like Arabic to me. If so, it could be something to with the html tag in the page. Once again this is guess work on my part.

The html tag I use on all pages is
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
if you have a standard <html> tag near the top of the page, this may be what needs changing.

on the last bit of code you posted, instead of

if ($_SESSION['username'] || $_SESSION['password'])

maybe try

if (isset($_SESSION['username']))

to see if the password part is the problem or all of it.

Forgive my ignorance but that looks like Arabic to me. If so, it could be something to with the html tag in the page. Once again this is guess work on my part.

The html tag I use on all pages is
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
if you have a standard <html> tag near the top of the page, this may be what needs changing.

Np Sir Iam Happy For Helping Me

The Encoding Not A Problem I Can Fix It Soon

Now I need To Know

How Can I Use The Code I Tested To Show The Info For The Username

I Need To Get All Rows

I Tested The Other Code And All Is Problem Not Just The Password

I Dont Know How To Thank Everyone Helped Me Specially

MargateSteve

Thanks So Much Mar For Your Help

Finally I Fixed The Code

And For Anyone May Have My Problem Thats The Final Code

<?
if(isset($_SESSION['username']))
{

echo "<div id='User'>Welcome : " . $_SESSION['username'] . " </div>";
echo "<div id='User'>Your ID : " . $_SESSION['id'] . " </div>";
 
}else{
 
echo "<img src='Zimg/Login.Png' alt='Login' /><br/><br/>";
echo "Reg Plz";
echo "<META HTTP-EQUIV='refresh' CONTENT='2; URL=index.php'>";
 
}
?>

Ignore - posted after you posted!

Ignore - posted after you posted!

Iam Sorry I Fixed Everything

But Something Very Weired

I Got

Welcome: Guest

And I Didnt Define The Word Guest In Any Page

From Where This Word Come ?? !!!

Is there any other code other than what you posted? I noticed in your first post you included a file (Admin.php?) are there any settings in there?

I the code I use I specify it to show Hello $username when someone is logged in and Hello Guest when not.

My guess is that there must be something somewhere telling it to say guest.

Actually, there are two includes you have - Admin/config.php and LogSuccess.php. Do any of these have any references to the word 'Guest'?

Is there any other code other than what you posted? I noticed in your first post you included a file (Admin.php?) are there any settings in there?

I the code I use I specify it to show Hello $username when someone is logged in and Hello Guest when not.

My guess is that there must be something somewhere telling it to say guest.

Admin/config.php

Its Only Config File To Connect To DB

Iam Sure 100% i Didnt Use This Word In Any Page

Its Not Guest In English

Its Arabic Word But Mean In English (( Guest )) And I Didnt Use This Word

Iam Sure

All I Need Now Is One Thing

I Need If The Session Is Registered As User To Access The table users

And Grab All Data In It

The guest thing is a bit strange as it must be coming from somewhere I think.

To show all fields for a member try the following code, assuming that the id field is called 'id'. If it does not work, could you post your table fields please.

Note that this will only (if it works) show the username and id. If it works, the other fields can be added afterwards.

<?
if(isset($_SESSION['username']))
{
echo "<div id='User'>Welcome : " . $_SESSION['username'] . " </div>";
echo "<div id='User'>Your ID : " . $_SESSION['id'] . " </div>";

$sessuser = $_SESSION['username'];
$userquery = "SELECT * FROM users WHERE username='".$sessuser."'";
$userresult = mysql_query($userquery);
while($userrow = mysql_fetch_array($userresult))
 {
    echo $userrow ['username'].", ".$userrow ['id']; 
}else{
 
echo "<img src='Zimg/Login.Png' alt='Login' /><br/><br/>";
echo "Reg Plz";
echo "<META HTTP-EQUIV='refresh' CONTENT='2; URL=index.php'>";
 
}
?>