Session Not Being Created

MySQL database
#1

I was able to locate a script that checks a user’s login credentials and then creates a session or denies login. Once the user is authenticated and the session is created, the page redirects to the home page. Unfortunately, I am getting an access denied error, and I think it’s because the session isn’t being created or carried over to the next page. Can someone help me out?

[php]<?php
//Start session
session_start();

//Include database connection details
require_once('config.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Sanitize the POST values
$mid = clean($_POST['mid']);
$zip = clean($_POST['zip']);

//Input Validations
if($mid == '') {
	$errmsg_arr[] = 'My ID missing';
	$errflag = true;
}
if($zip == '') {
	$errmsg_arr[] = 'ZIP Code missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: login-form.php");
	exit();
}

//Create query
$qry="SELECT * FROM users WHERE mid='$mid' AND zip='$zip'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
		session_write_close();
		header("location: member-index.php");
		exit();
	}else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}
}else {
	die("Query failed");
}

?>[/php]

I’m not familiar with the $member variable, so I’m not sure if it has something to do with that? Does that need to be a field in my DB or is it just a function?

Upon successful login, the top of each page has the following start before the HTML begins…

[php]<?php
require_once(‘auth.php’);
?>[/php]

The auth.php file is…

[php]<?php
//Start session
session_start();

//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
	header("location: access-denied.php");
	exit();
}

?>[/php]

#2

Make sure that the login script sets the correct session id

Add this after line 67 in login php
[php]var_dump($_SESSION[‘SESS_MEMBER_ID’]);[/php]

Make sure the session is reachable in your other script

Line 4 in auth php, add:
[php]echo ‘

’;

var_dump($_SESSION);[/php]
#3

Thanks for your response. I added it here…

[php]if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION[‘SESS_MEMBER_ID’] = $member[‘member_id’];
var_dump($_SESSION[‘SESS_MEMBER_ID’]);
session_write_close();
header(“location: member-index.php”);
exit();
}[/php]

and that returns error: “Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent”…

THEN I realized that what appears as line 67 in the script as displayed by this forum (//Login Successful) is not the same as line 67 on my file from my client ($_SESSION[‘SESS_MEMBER_ID’] = member[‘member_id’]; ), so I don’t think I put it in the correct place.

Can you clarify where it needs to be placed (before/after “…” line)? Thanks again.

#4

Help!

Sponsor our Newsletter | Privacy Policy | Terms of Service