Sessions in php and mySQL?

Jack

New Member
No one seems to know how to do this.. and I NEED to know how to do this.<br />
<br />
On my site, the person registers, they login.<br />
<br />
As soon as they click login after entering their email and password.<br />
It grabs their data from the members database, and pretty much logs them in.<br />
In order to keep them logged in basically, I of course would start a session.<br />
<br />
i'm not that great with sessions.. i know how to set a variable on one page in a session, start a session on the next page, and read the variable..<br />
<br />
so if i name the variable 'name' and make it equal to 'Jack', and read the variable on the next page, "Jack" will show up.<br />
<br />
okay.. but i'm not trying to do that because if someone logs in.. they're not always going to be Jack.. they're going to be wahetver they entered their name as when they first registered to become a member.<br />
<br />
So..<br />
<br />
here.. look at the code i'm using..<br />
<br />
on the login.php page, that's where the enter their email and password to login, which gets sent to the login2.php page.<br />
<br />
login2.php<br />
--------------<br />
<?php<br />
include("config.php");<br />
<br />
$tbl_name1="registered_members";<br />
<br />
$match = "select id from $tbl_name1 where email = '".$_POST['email']."'<br />
and password = '".$_POST['password']."';"; <br />
<br />
$qry = mysql_query($match)<br />
or die ("Could not match data because ".mysql_error());<br />
$num_rows = mysql_num_rows($qry);<br />
<br />
if ($num_rows <= 0) { <br />
echo "Sorry, there is no email $email with the specified password.<br>";<br />
echo "<a href=login.php>Try again</a>";<br />
exit; <br />
} else {<br />
<br />
session_start();<br />
$_SESSION['name'] = $name;<br />
<br />
include("index2.php");<br />
}<br />
?><br />
<br />
it includes config.php in which is what starts mysql ordeal.<br />
it grabs the id's from the registered memebers table "email" and "password" and it basically confirms that they're there..<br />
<br />
then after that.. i start my session to keep them logged in.<br />
<br />
you can see how i started my session.<br />
<br />
you can then see that they're redirected (basically) to index2.php [which for now is the members area until i can fix my problem]<br />
<br />
i now have a page called logged.php, the coding for it is<br />
<br />
<?php<br />
session_start();<br />
echo $_SESSION['email']<br />
?><br />
<br />
<br />
and on index2.php [the supposed redirect page[members area]]<br />
i have "Welcome <?php include("logged.php");?><br />
<br />
so that it continues the session from the login2 page and comes up with "Welcome 'users name'"<br />
<br />
okay.. now see.. that doesn't work.<br />
i'm basically telling you what my idea and my goal is.. but that's not working.<br />
<br />
i tried using the whole<br />
select id from $tbl_name1 where name<br />
<br />
so that it'll call from the same table.. but then i get an error.<br />
<br />
so i tried to go without it, and in the starting session, i replaced both "name"s with "email" so that maybe it would say "Welcome 'users email'" in which it doesn't do that... but it atleast comes up with index2 without giving me an error.. but it just says "Welcome" and that's it..<br />
<br />
what do i do?<br />
<br />
how do i have a user enter their email and password to login, and once done, have them get redirected to the members area [index2.php] and have it say "Welcome 'their name'"<br />
<br />
how does it grab the name they entered during registration from the database in the process of login them in with their email and password..<br />
<br />
does ANYONE know?!?!<br />
sorry, logged.php is <br />
<?php<br />
session_start();<br />
echo $_SESSION['name']<br />
?><br />
<br />
i accidentally put 'email'<br />
Chris G, i sent an email to you.<br />
also<br />
so all of my code is correct as shown above other than the redirect problem right?<br />
 
The way that I do that is to log the session ID and UserID associated with that session ID in a table. Then I add the session ID at the end of the URL for all subsequent pages so that I can use it as a variable to look up the user information by joining the UserID in the session log table with the table that I have with the name associated with the UserID. Hope this helped!
 
When you include a php file in your current script it's included, not processed separately, thus it's still within the same page and the current page hasn't finished processing.

Thus, session is not set yet. This is the expected behavior.

If you need to load a page after setting session data, you should set session data and then send a redirection or refresh header (remember not to send anything, not even whitespace before sending headers).

Always consider session data to be updated after the next page load (as in http request completed).

To clarify, in login2.php you are including index2.php at the bottom, where you should be redirecting the page to index2.php upon user login.

Edit
Lucys method will work, but it is incredibly unsecure.
 
Back
Top