cookie problem

markster · 04-17-2007, 07:16 AM

^^^ Post title is wrong, this question relates to sessions ^^^

My scripts dont seem to like sessions. I use sessions to handle a login/logout system on my site. at the top of each page it includes header.php (for easy design mods). at the top of header.php it includes mysql_connect.php.

for some reason, values stored in sessions dont seem to be there. Then when i go to the next page that checks for sessions to see if in logged in, i am told that i am not.

i have added the code of the relevant files and a link to the demo site

Demo site:
WeddingsVermont.com Home Page

Demo login:
WeddingsVermont.com Home Page
email = mark@stuff4web.co.uk
pass = test

visitor_login.php

PHP Code:


			
<?php

include("mysql_connect.php");

$errors[0] = "<p>Sorry, you are not logged in.</p>\n";

$errors[1] = "<p>You are now logged out.</p>\n";

$errors[2] = "<p>Your account has been deleted.</p>\n";

$errors[3] = "<p>System error. Please try again.</p>\n";

if (isset($_POST['email']) AND isset($_POST['pass']) AND isset($_POST['sent']) AND !isset($_SESSION['id'])) {

    $email = stripslashes(trim($_POST['email']));

    $pass = stripslashes(trim($_POST['pass']));

    $query = "SELECT first_partner, second_partner, id, last_login FROM visitors WHERE email = '$email' AND pass = SHA('$pass') LIMIT 1;";

    $result = mysql_query($query);

    if (mysql_num_rows($result)==1) {

        $rightcol = "no";

        include("header.php");

        $row = mysql_fetch_array($result,MYSQL_ASSOC);

        $first = $row['first_partner'];

        $second = $row['second_partner'];

        if ($row['last_login']=="0000-00-00 00:00:00") {

            $last = "Never";

        } else {

            $last = $row['last_login'];

        }

        $id = $row['id'];

        $_SESSION['first'] = $first;

        $_SESSION['second'] = $second;

        $_SESSION['id'] = $id;

        echo("<strong><br>Hello ".$_SESSION['first']." and ".$_SESSION['second'].".</strong><br>\n

Last login attempt: $last<br><br>\n

<div align=\"right\"><span class=\"red\"><a href=\"visitor_home.php\">Click here to go to your member home page...</a></span></div>\n");

        $query = "UPDATE visitors SET last_login = NOW() WHERE id = ".$_SESSION['id']." LIMIT 1;";

        mysql_query($query);

        include("footer.php");

        exit();

    } else {

        include("header.php");

        echo("Incorrect email/password combination.<br>");

    }

} elseif (isset($_SESSION['id'])) {

    $rightcol = "no";

    include("header.php");

    echo("You are already logged in ".$_SESSION['first']." and ".$_SESSION['second']."<br><br>\n\n

<div align=\"right\"><span class=\"red\"><a href=\"visitor_home.php\">Click here to go to your member home page...</a></span></div>\n");

    include("footer.php");

    exit();

} else {

    include("header.php");

    echo($errors[$errormsg]);

}

?>

<p>To login to your visitor account, please fill in your details below.</p>

<form action="visitor_login.php" method="post"><input type="hidden" name="sent" value="TRUE">

<table>

<tr><td>Email ID</td><td>&nbsp;&nbsp;</td><td><input type="text" name="email"></td></tr>

<tr><td>Password</td><td>&nbsp;&nbsp;</td><td><input type="password" name="pass"></td></tr>

<tr><td colspan="3"><input type="submit" value="Login"></td>

</table>

</form>

<?php

include("footer.php");

?>

header.php

PHP Code:


			
<?php

session_start();

include("mysql_connect.php");

if ($memberonly) {

    if (isset($_SESSION['id']) AND isset($_SESSION['first']) AND isset($_SESSION['second'])) {

        $id = $_SESSION['id'];

        $first = $_SESSION['first'];

        $second = $_SESSION['second'];

        $loggedin = true;

    } elseif (isset($_SESSION['vid']) AND isset($_SESSION['company']) AND isset($_SESSION['user'])) {

        $id = $_SESSION['vid'];

        $user = $_SESSION['user'];

        $company = $_SESSION['company'];

        $loggedin = true;

    } else {

        $rightcol = "yes";

        $loggedin = false;

        

    }

}

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">



// DESIGN STUFF //



<?php

if (!$loggedin AND $memberonly) {

    echo("<p>Sorry, you are not logged in.</p>\n<p><a href=\"visitor_login.php\">Visitor Login</a><br><a href=\"vendor_login.php\">Vendor Login</a></p>");

    include("footer.php");

    exit();

}

?>

mysql_connect.php

PHP Code:


			
<?php

session_start();

mysql_connect("####","####","####");

@mysql_select_db("####");

?>

Please help me or give me a point in the right direction. thanks

markster · 04-17-2007, 07:36 AM

Nevermind, fixed it! I just move including the header in visitor_login.php to AFTER i declared the session

sde · 04-17-2007, 08:28 AM

right, session stuff generally has to be before anything is printed (echoed) to the screen unless the page is buffered.

it also looks like you're including your mysql script twice. once will do.

it's probably good practice to make an 'app_top.php' or something to that effect which includes your mysql connect, sets up your session, and anything else that is required to initialize your web page that doesn't print to the screen.