I'm trying to build a login script that works with sessions so that I can pass a variable on after the login is complete. Here's my code in its current state: <?php include("config.php"); include("opendb.php"); $company = mysql_escape_string($_POST['company']); $password = mysql_escape_string(md5($_POST['password'])); $query = "SELECT * FROM customers WHERE company='$company' AND password='$password'"; $result = mysql_query($query); if(mysql_num_rows($result) == 1) { session_register("company"); session_register("password"); header("Location: member.php"); } else { echo 'Incorrect login name or password. <a href=login.php>Please try again</a>.'; } include("closedb.php"); ?> PHP: For some reason, the script always returns the incorrect login name or password. I double checked that I spelled the names of the database fields correctly and everything... Member.php contains the session_start() and checks to make sure the $company has been passed. Also, the password is MD5'd in the database - so that's not the issue either. I've been through a million of these session-login tutorials too, and I can't seem to get one to work... does anyone know what the problem could be? Thanks, Justin
I could be wrong, but I'd have thought that you needed to start the session before registering session variables... Plus, I also believe that you need to run session_start on each page that is going to use the session variables. So... in theory, what happens if you add a call to session_start() at the top of this page? If you're going to be using session variables across the site, it might pay to put the call in your config.php file, for example, assuming every page will include it...
Is register_globals on or off on your server? If they are off add this code to the top of your page. <? foreach($_REQUEST as $key => $val) { $$key = $val; } foreach($_SESSION as $key => $val) { $$key = $val; } ?>
I'm a little confused myself, but here's my question for now: by "returns the incorrect login", do you mean it's returning someone else's info, or is it returning bad info, like empty results? If it's the first, sounds like your SQL query is wrong, if it's the second, then it's possibly the session handling.
You have to use session_start(); at the top (first line of your php) for every single page that uses the sessions in anyway, that includes pages were you destroy and create sessions variables.
By "returns the incorrect login", I mean it is returning empty results. I ran the query, and tried the mysql_num_rows($results) way of doing it too, and there were no rows returned. I'll give the ideas mentioned above a try today and see if any of those fixes things.
in PHP4 or greater, you don't need to register session variables - just set them. Setting session vars: -------------------- session_start(); // has to precede any and all session uses. $_SESSION['var1'] = $var1; $_SESSION['var2'] = $var2; Retrieving session vars (in another page) --------------------------------------- session_start(); $var1 = $_SESSION['var1']; $var2 = $_SESSION['var2']; Also, read up on session_write_close(), if you're doing a lot of potentially concurrent mods in the session variables. rickb
I've had similar problems before and it was just a case of either comparing the wrong value or the wrong kind of comparison. Here's a couple of easy things I'd try out before hacking up the code. First, instead of mysql_num_rows($result) == 1, try mysql_num_rows($result) <= 1 ... using == 1 sometimes means "is true", not necessarily that it equals the number 1. Another way of proving the same case is to use === 1, which means "is the same thing as and is equal to the number 1"
There's no need to use mysql_escape_string if you have encoded it with md5, SELECT * is never good, specify what you want to select. Try to use SELECT COUNT(something) as total instead of mysql_num_rows. SELECT COUNT will count in mysql which is faster than if you count it in php.
I double checked all of the spelling and everything, and set the "mysql_num_rows > 0" instead of using "=", but still to no avail... I will look into the "SELECT COUNT(something) as TOTAL", but will this count the rows? The idea behind mysql_num_rows is to check if there is at least one (and hopefully no more than one) result returned when the username and password's match. Finally, I added the session_start() to the top, and also the session vars, but that didn't help either. The problem has to be in the SQL statement or PHP before that though because it's the "else" that's being tripped... therefore, the if statement result (if true) portion isn't even executing at all. Maybe it's a server setting or something, but I haven't had trouble using other people's scripts in the past on the same server...
I don't know if you've solved your problem, but try this (I was just working on a login script myself and had the exact same problem). After querying the database, instead of fetching the number of rows affected, get the result (using mysql_result($query) ), then check with if ($result !== false) { . It's an extra line but like I said, it worked for me
You guys know what the deal is with myspace login problems? I cleaned up my computer and than I was unable to log in to myspace. I can browse and everything but I just cant login, look at the help page, or change anything connected to my acct from my computer, I am able to logon from other computers just not mine...any help would be appreciated.