Session variables not storing on first attempt

Security and PHP
#1

I am having problems with my login script. The first time i try and log in the session variable is not getting stored. When i try a second time it works without a problem. Please help its driving me mad! :slight_smile:

Check Login Page
[php]

<?php // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die(""); mysql_select_db("$db_name")or die(""); // username and password sent from form $_POST['mypassword']=md5($_POST['mypassword']); $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername=stripslashes($myusername); $mypassword=stripslashes($mypassword); $myusername=mysql_real_escape_string($myusername); $myusername=strtolower($myusername); $mypassword=mysql_real_escape_string($mypassword); $sql=mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1' LIMIT 0,1")or die(); while($ids = mysql_fetch_array( $sql )){ $id=$ids['id']; $familyid=$ids['family_id']; $login1=$ids['login']; } $login=$login1 +1; $logindate=date('d/m/Y'); $count=mysql_num_rows($sql); if($count==1){ $sql2 = "UPDATE family_users SET login='$login', login_date='$logindate' WHERE id='$id'"; if (@mysql_query($sql2)){ } else { exit(); } session_start(); $_SESSION['valid_user'] = $id; echo "Login"; } else { $link = "login.php"; $error = "Wrong Username or Password, Please try again"; require('../error.php'); } ob_flush(); ?>[/php]

Main Page, after login

[php]<?php
session_start();
$sesid=$_SESSION[‘valid_user’];

// Connects to your Database
mysql_connect(“db104.oneandone.co.uk”, “dbo197162027”, “woodlands”) or die(mysql_error());
mysql_select_db(“db197162027”) or die(mysql_error());

if (isset($_SESSION[‘valid_user’]))
{
$check = mysql_query(“SELECT * FROM family_users WHERE id = ‘$sesid’ LIMIT 0,1”)or die(mysql_error());
while($info = mysql_fetch_array( $check )) {

$family=($info[‘family_id’]);
}
if ($sesid == $id & $family == $familyid) {
?>

<?php $check = mysql_query("SELECT * FROM family_users WHERE id = '$id'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { $fname=($info['fname']); $lname=($info['lname']); $aid=($info['id']); $sex=($info['sex']); } ?>

Extra Code

<?php } else { $link = "logout.php"; $error = "You can't view this page
Please make sure you are logged in!"; require('../error.php'); } } else { require('../failed.php'); } ?>[/php]
#2

I know this is an old question but I hate seeing things go unanswered here ya go:
[php]

<?php session_start(); // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die(""); mysql_select_db("$db_name")or die(""); $_POST['mypassword']=md5($_POST['mypassword']); $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $myusername=stripslashes($myusername); $mypassword=stripslashes($mypassword); $myusername=mysql_real_escape_string($myusername); $myusername=strtolower($myusername); $mypassword=mysql_real_escape_string($mypassword); $sql=mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1' LIMIT 0,1")or die(); while($ids = mysql_fetch_array( $sql )){ $id=$ids['id']; $familyid=$ids['family_id']; $login1=$ids['login']; } $login=$login1 +1; $logindate=date('d/m/Y'); $count=mysql_num_rows($sql); if($count==1){ $sql2 = "UPDATE family_users SET login='$login', login_date='$logindate' WHERE id='$id'"; if (@mysql_query($sql2)){ $_SESSION['valid_user'] = $id; echo "Login"; } } else { $link = "login.php"; $error = "Wrong Username or Password, Please try again"; require('../error.php'); exit(); } ob_flush(); ?>[/php]
Sponsor our Newsletter | Privacy Policy | Terms of Service