0

I have a problem with my PHP session variables, which do not seem to be saving in my login and header scripts. I have tried a few minor fixes (mainly from StackOverflow questions), none of which have worked and I've tested this in IE, Firefox, Chrome and Safari - none of them work. Here are my scripts:

login.php

<div id="wrapper">
    <div id="header"><?php include "header.php"; ?></div>
    <div id="content">
    <img src='images/login.png' alt='Login' height="100px" /><br />
    <form method="POST" action="login.php">
      <table class='invisitable'><tr><td><label for='username' style='font-size: 18pt;'>Username: </label></td><td><input type='text' name='username' /></td></tr>
      <tr><td><label for='username' style='font-size: 18pt;'>Password: </label></td><td><input type='password' name='password' /></td></tr></table><br />
      <input type='submit' name='submit' value='Login' />
    </form>
    <?php
      if (isset($_POST['submit'])){
        $username = mysql_real_escape_string(strip_tags($_POST['username']));
        $password = mysql_real_escape_string(strip_tags($_POST['password']));
        if ($username != "" && $password != ""){
          $hash = '$2a$07$Hf74GHfahoAH43sdhuvJThistleo4gBGJKRWQaa423hi2Ho1';
          $userDetails = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$username'", $db));
          $hashedPassword = $userDetails['password'];
          if(crypt($password, $hashedPassword) == $hashedPassword){
            $passwordIsCorrect = true;
          } else { $passwordIsCorrect = false; }
          $loginQuery = mysql_query("SELECT * FROM users WHERE username = '$username'", $db)
            or die("Error with database: ".mysql_error($db));
          if (mysql_num_rows($loginQuery) > 0 && $passwordIsCorrect){
            $userDetails = mysql_fetch_array($loginQuery);
            session_start();
            ini_set(' session.save_path','/');
            $_SESSION['readometerUserID'] = $userDetails['id'];
            echo $_SESSION['readometerUserID'];
            echo "<p>Logged in</p>";
            // echo "<script language='Javascript'>setTimeout('location.href = \"http://www.readometer.co.uk/\";',100);</script>";
          } else{
            echo "<p>Incorrect details</p>";
          }
        }
      }
    ?>
    </div>

    <?php include "footer.php"; // includes footer
      include "closeConnection.php"; // closes connection
      ?>


  </div>

header.php 

<?php
  function redirect() {
    header('location:index.php');
    exit;
  }
  ini_set(' session.save_path','/');
  ?>

<?php include_once("analyticstracking.php") ?>

<?php 
  session_start();
  $db = mysql_connect("db580486371.db.1and1.com","dbo580486371","unthank/327");
  mysql_select_db("db580486371", $db);
  if (isset($_SESSION['readometerUserID'])){
    $userDetails = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE id = ".$_SESSION['readometerUserID'], $db));
  }
  if ($_SERVER['HTTP_HOST'] == "www.jamesthistlewood.co.uk" || $_SERVER['HTTP_HOST'] == "jamesthistlewood.co.uk"){
    header("Location: http://readometer.co.uk/");
  }
?>

<script src="//code.jquery.com/jquery-1.10.2.js"></script>
<script src="//code.jquery.com/ui/1.11.4/jquery-ui.js"></script>
<script>
$(document).ready(function(){
$( ".navbtn" ).mouseover(function() {
     $(this).animate({
          backgroundColor: "#FF4A4A"
     }, 300 );
});
 $( ".navbtn" ).mouseout(function() {
     $(this).animate({
          backgroundColor: "#222222"
     }, 300 );
});


});
</script>
<div id='navbar'>
<a href='index.php'><div id='navbtn' class='navbtn' style='min-width: 80px; background: url(/images/home.png); background-size: auto 80px; background-repeat: no-repeat;  background-position: 50% 20%;'></div></a>
  <?php echo "<a href='choosebook.php'><div id='navbtn' class='navbtn' style='min-width: 80px; background: url(/images/test.png); background-size: auto 80px; background-repeat: no-repeat;  background-position: 50% 20%;'></div></a>"; //if (isset($userDetails))
    ?>
  <a href='about.php'><div id='navbtn' class='navbtn' style='min-width: 80px; background: url(/images/about.png); background-size: auto 80px; background-repeat: no-repeat;  background-position: 50% 20%;'></div></a>
  <?php if ( ! isset($userDetails)) echo "<a href='signup.php'><div id='navbtn' class='navbtn' style='min-width: 80px; background: url(/images/signupBtn.png); background-size: auto 80px; background-repeat: no-repeat;  background-position: 50% 20%;'></div></a>"; ?>
   <?php if ( ! isset($userDetails)) echo "<a href='login.php'><div id='navbtn' class='navbtn' style='min-width: 80px; background: url(/images/loginBtn.png); background-size: auto 80px; background-repeat: no-repeat;  background-position: 50% 20%;'></div></a>"; ?>
  <a href='leaderboard.php'><div id='navbtn' class='navbtn' style='min-width: 80px; background: url(/images/leaders.png); background-size: auto 80px; background-repeat: no-repeat;  background-position: 50% 20%;'></div></a>
  <?php if (isset($userDetails)) echo "<a href='settings.php'><div id='navbtn' class='navbtn' style='min-width: 80px; background: url(/images/settings.png); background-size: auto 80px; background-repeat: no-repeat;  background-position: 50% 20%;'></div></a>"; ?>
  <?php if (isset($userDetails)) echo "<a href='signout.php'><div id='navbtn' class='navbtn' style='min-width: 80px; background: url(/images/logout.png); background-size: auto 80px; background-repeat: no-repeat;  background-position: 50% 20%;'></div></a>"; ?>
  <?php if (isset($userDetails) && $userDetails['id'] <= 3) echo "<a href='database.php'><div id='navbtn' class='navbtn'><div id='navbtnText'>Database management</div></div></a>"; ?>

</div>

I realise that this does use MySQL instead of MySQLi, but I will start changing that throughout my website. Some of the code is a bit shoddy as well, so forgive me.

My php configuration regarding sessions:

PHP Configuration for settings

I really appreciate any help, thanks!

  • 1
    has the session been started for login.php ? – Funk Forty Niner Oct 06 '15 at 16:06
  • `session_start();` needs to be at the very start of every page involved in sessions. – Digital Chris Oct 06 '15 at 16:06
  • You've tried Stack Overflow's amazing consultant services, but is still using `mysql_` functions? It's most unfortunate :( – al'ein Oct 06 '15 at 16:07
  • @DigitalChris - Does this need to be right at the start, or just before a session is created or modified? Edit: I already have it, just not at the start of the page. –  Oct 06 '15 at 16:08
  • *...slowly pulling myself out of the loop* – Funk Forty Niner Oct 06 '15 at 16:09
  • 1
    http://php.net/manual/en/function.session-start.php states " Note: To use cookie-based sessions, session_start() must be called before outputing anything to the browser. " – Digital Chris Oct 06 '15 at 16:11
  • @DigitalChris I'll try this and report back –  Oct 06 '15 at 16:12
  • If there is output before, then error reporting will tell you that. *Here it comes...* --- Add error reporting to the top of your file(s) right after your opening PHP tag for example ` – Funk Forty Niner Oct 06 '15 at 16:16
  • I get this error: `Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /homepages/5/d594858889/htdocs/readometer/login.php:17) in /homepages/5/d594858889/htdocs/readometer/openConnection.php on line 2` @Fred-ii- –  Oct 06 '15 at 16:18
  • Aha. Fixed it. All I needed to do was add make sure the `session_start()` was at the start of each page that used it before the output. Thanks everyone for your help. –  Oct 06 '15 at 16:21

1 Answers1

0

Fixed it. All I needed to do was add make sure the session_start() was at the start of each page that used it before the output, other wise it wouldn't work.