User Authentication and Session problem!!!

askme · #1 (**permalink**) 02-06-04, 04:24 AM

Here is the simple user authentication I have made and try to verify the name and password from MySql database. The problem is that I cannot pass the session variable between pages, I mean to SUCCESS.PHP page.
All pages codes are given below, It has 3 pages,
1. LOGIN.PHP
2. AUTHENTICATE.PHP
3. SUCCESS.PHP

Here are the codes:

LOGIN.PHP ------------CODES---------------------------------------------------------------

<html>

<head>
<title>login Page</title>
</head>
<body>

<form method="POST" action="authenticate.php">

<p>Name:<input type="text" name="name" size="20"></p>
<p>Password:<input type="password" name="password" size="20"></p>
<p><input type="submit" value="Submit"><input type="reset" value="Reset"></p>

</form>
</body>
</html>

AUTHENTICATE.PHP --------------------------------CODES------------------------------

<?php
session_start();
$name = $HTTP_POST_VARS['name'];
$password = $HTTP_POST_VARS['password'];

$HTTP_SESSION_VARS['name']=$name;
$HTTP_SESSION_VARS['password']=$password;

//connect to the database...

mysql_connect(HOST, USER, PASS);
mysql_select_db(DB);

//...and get number of result matched

$result = mysql_query("SELECT from login WHERE name='{$HTTP_POST_VARS['name']}' AND password='{$HTTP_POST_VARS['password']}'");

$rows=mysql_mun_rows($result)

if ($rows > 0)
{

//Redirect the user to success page to prompt him

session_register('$name');
require('success.php');
exit;

}
else
{

//unsuccessful login

echo 'sorry, you are not allowed, try again';
require('login.php');
exit;

}
?>

SUCCESS.PHP---------------------------------CODES---------------------------------------------

<?php

session_start();
echo 'Welcome to Autherized Area';
echo 'you are logged as';
echo $HTTP_SESSION_VARS['name'];

?>

--------------------------------------------------------------------------------------------------------

Please let me know, What is the problem, I could not get the session variable at SUCCESS.PHP page.

wheezy360 · #2 (**permalink**) 02-06-04, 10:10 AM

Whenever you want to use a session variable, you must first register the variable with the session.

I did some modifications to your AUTHENTICATE.PHP file.. Please note that $_POST is equivalent to $HTTP_POST_VARS, same with $_SESSION.. it's just less typing.

PHP Code:


			
<?php 

session_start(); 



// You should verify the name/password BEFORE you add it to the session



//connect to the database... 

mysql_connect(HOST, USER, PASS); 

mysql_select_db(DB); 



//...and get number of result matched 

// Added the * to your SELECT query

$result = mysql_query("SELECT * from login WHERE name='" . $_POST['name'] . "' AND password='" . $_POST['password'] . "'"); 



$rows=mysql_mun_rows($result);



if ($rows > 0) 

{ 



// Redirect the user to success page to prompt him 

// You don't want to register '$name', you want to register 'name'

// Registering $name would create a variable like $_SESSION['some_users_name'], not $_SESSION['name']



session_register('name');

$_SESSION['name'] = $_POST['name'];

// Instead of using require('success.php'), you might be better suited to redirect to the success page



header("Location: success.php");

exit; 



} 

else 

{ 



//unsuccessful login 

header("Location: login.php");

exit; 



} 

?>