Hi guys, this post is very

DarkLight — Thu, 10 May 2012 11:43:24 +0000

Hi guys, this post is very old. I am lightyears from this now Feel free to stay open for others needing help on this subject, but I myself don't require it anymore.

Just a note.

You can tell the server to

Greg K — Thu, 10 May 2012 07:34:07 +0000

You can tell the server to automatically start the session for every PHP call by setting

session.auto_start = 1
(you can try putting this in a php.ini file in the root of your site, or look up how to set PHP settings via .htaccess)

I prefer just having all scripts for a site calling a global configuration file that calls session_start() at the top of it.

-Greg

I know this is an old post

gtuges — Tue, 24 Apr 2012 10:49:19 +0000

I know this is an old post but can I ask a question? Do we really have to have

<?php
session_start();
?>

on all our page to have it working and if we need to have it on only one page, where do we place it?

Thanks

Reece S — Wed, 12 Dec 2007 22:35:35 +0000

nm. i should have notice, i was trying to force a cookie into the script, but then stopped, and thought, why the hell do i need a cookie for something this small. i just use sessions. i never actually DIRECTLY write cookies on here with "setcookie".
anyway, thanks for your help.

pr0gr4mm3r — Wed, 12 Dec 2007 22:29:27 +0000

Oops, forgot about that. I always have that in a header php file in my day-to-day coding so I forget that it's needed.

Reece S — Wed, 12 Dec 2007 22:27:24 +0000

AHHAH!!!
I sorted it.
all i did was add...

<?php
session_start();
?>

to every page i wanted the code to work on, it simply reminds the browser that it has a session in progress. thanks for your help. Very much appreciated your help

pr0gr4mm3r — Wed, 12 Dec 2007 03:43:54 +0000

First thing is that I can't stress enough how important it is to escape your user inputs. You will leave your site vulnerable to SQL injection otherwise.

I think the main problem you were having is you forgot to fetch your row. I added that in and changed your session assignment. See the code below as I made some other comments (comments in /* */).

<?php
$host=\"localhost\";
$username=\"USERNAME\";
$password=\"PASSWORD\";
$db_name=\"DATABASE\";
$tbl_name=\"TABLE\";

// Connect to server and select databse.
/* variables do not need to be in quotes */
mysql_connect($host, $username, $password)or die(\"cannot connect\");
mysql_select_db($db_name)or die(\"cannot select DB\");

// username and password sent from signup form
/* always escape strings that are going from a user input to a SQL query */
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

/* added 'LIMIT 1' - we know that there is only one result, but adding the limit tells MySQL to stop looking after it finds one */
$sql=\"SELECT * FROM $tbl_name WHERE username='$username' and password='$password' LIMIT 1\";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file \"login_success.php\"
/* forgot to fetch the row */
$row = mysql_fetch_assoc($result);
/* Use of session_register() is deprecated */
$_SESSION['username'] = $row['username']; /* 'username' should be the field in the DB that contains the user name */

header('location:http://pcgenius.pcriot.com/members/basic/login/login_success.php');
}
else {
header('location:http://pcgenius.pcriot.com/members/basic/login/login_failed.php');
}
?>

Reece S — Tue, 11 Dec 2007 20:41:56 +0000

I cannot seem to get it to work, here is my "checklogin.php" script...

<?php
$host=\"localhost\";
$username=\"USERNAME\";
$password=\"PASSWORD\";
$db_name=\"DATABASE\";
$tbl_name=\"TABLE\";

// Connect to server and select databse.
mysql_connect(\"$host\", \"$username\", \"$password\")or die(\"cannot connect\");
mysql_select_db(\"$db_name\")or die(\"cannot select DB\");

// username and password sent from signup form
$username=$_POST['username'];
$password=$_POST['password'];

$sql=\"SELECT * FROM $tbl_name WHERE username='$username' and password='$password'\";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file \"login_success.php\"
session_register(\"username\");
session_register(\"password\");
header('location:http://pcgenius.pcriot.com/members/basic/login/login_success.php');
}
else {
header('location:http://pcgenius.pcriot.com/members/basic/login/login_failed.php');
}
?>

What would I need to do to display the content of the created cookie on a different page?
Thanks you so much in advance, i am fed up of this now, i cannot seem to get the right script.

pr0gr4mm3r — Tue, 11 Dec 2007 16:50:38 +0000

On my sites, if a user signs in, I place their profile in $_SESSION['profile']. Then, I use something like this:

<?php
    if (isset($_SESSION['profile']))
    {
        echo 'You are signed in as ' . $_SESSION['profile']['user'];
    }
    else
    {
        echo '<a href=\"login.php\">Sign In</a>';
    }
?>

Reece S — Tue, 11 Dec 2007 16:04:16 +0000

thank you, i will take a look now. i have just found a script, but it does not look too stable.
thanks for your help.