session variable needs page refresh?

[shakeuk]

hi, i have this script included on my page which checks the session to see if the customer is logged in and also when the users name is.

this is the login script. youll see then once everything has been validated it changes the session variables

PHP Code:

<?PHP //LOGIN PAGE

if(!isset($_SESSION['username']) || !isset($_SESSION['loggedin']))
{
    $_SESSION['username']='Guest';
    $_SESSION['loggedin']=0;
}

//IF LOGGED IN, LOGIN AGAIN IS NOT ALLOWED
if($_SESSION['loggedin']!=0){
    echo '<p class="warning">You are already logged in.</p>';
    exit();
    }

$home_page_link = '<a href="index2.php" target="_self">click here</a>';

//CREATE FORM TO BE USED WHEN NEEDED
$login_form='<form method="post">'."\n";
$login_form.='<fieldset class="login">'."\n";
$login_form.='<dl>'."\n";
$login_form.='<dt><label>Username:</label></dt>'."\n";
$login_form.='<dd><input name="username" id="username" type="text" maxlength="15" value="" /></dd>'."\n"; 
$login_form.='<dt><label>Password:</label></dt>'."\n";
$login_form.='<dd><input name="password" id="password" type="password" maxlength="15" value="" /></dd>'."\n"; 
$login_form.='<input name="submit" id="submit" type="submit" value="Submit" />'."\n";
$login_form.='</dl>'."\n";
$login_form.='</fieldset>'."\n";
$login_form.='</form>'."\n";

if(isset($_POST['submit'])){
    
    //ASSAIGN DATA FROM FORM TO A VARIABLE
    $user_name = $_POST['username'];
    $user_pword = $_POST['password'];
    
    //CHECK FOR ANY BLANK UNPIT FIELDS
    if (!$user_name || !$user_pword) {
                
        $login_warn_msg='You have left a one of the login field\'s blank';
        $login_warn='<p class="warning">'.$login_warn_msg.'</p>'."\n";
            
        echo $login_warn.$login_form;
        exit();
    }
    //CHECK USERNAME AND PASSWORD FOR VALID CHARICTERS
    if (preg_match('/[^\w.-]/', $user_name)) {
        
        $login_warn_msg='You have entered invalid characters in the username field.';
        $login_warn='<p class="warning">'.$login_warn_msg.'</p>'."\n";
        
        echo $login_warn.$login_form;
        exit();
    }
    if (preg_match('/[^\w.-]/', $user_pword)) {
            
        $login_warn_msg='You have entered invalid characters in the password field.';
        $login_warn='<p class="warning">'.$login_warn_msg.'</p>'."\n";
        
        echo $login_warn.$login_form;
        exit();
    } 

    //DATABASE STUFF STARTS HERE
    include 'db/config.php';
    include 'db/opendb.php';
    
    //CHECK TO SEE IF USERNAME EXISTS
    $dbunames = mysql_query('SELECT * FROM `monkeyu_tournament`.`users` WHERE `username`="'.$user_name.'"');
    if(mysql_num_rows($dbunames) < 1 ) {

        $login_warn_msg=$user_name.' does not exist';
        $login_warn='<p class="warning">'.$login_warn_msg.'</p>'."\n";
    
        echo $login_warn.$login_form;
        exit();        
    }    

    //THIS GETS THE USER ID USING VALIDATOR CODE AND ALSO GENERATES THE VALIDATE LINK
    $login_query = 'SELECT id, username, password FROM `monkeyu_tournament`.`users` WHERE `username`="'.$user_name.'"';
    $find_user = mysql_query($login_query) or die('Error, insert query failed');
    
    while($value = mysql_fetch_assoc($find_user))
    {
        $user_pass = $value['password'];
        $user_id = $value['id'];
    }
    include 'db/closedb.php';
    
    //VALIDATE LOGIN DETAILS WITH DETAILS ON DATABASE
    if(sha1($user_pword)!=$user_pass){
        
        $login_warn_msg='Your user name or password do not match any on our database.';
        $login_warn='<p class="warning">'.$login_warn_msg.'</p>';
        
        echo $login_warn.$login_form;
        exit();
    }

    //IF USER LOGGED IN REDIRECT THEM OR MAKE THEM CLICK LINK
    
    $_SESSION['username']=$user_name;
    $_SESSION['id']=$user_id;
    $_SESSION['loggedin']=1;

    echo '<p id="test">Thank you for signing in, you will now be redirected in 5 seconds,<br />';
    echo 'If this doesnt happen '.$home_page_link.'</p>'."\n";
    
    exit();
}
echo $login_form;

?>

and here is the included status box.

PHP Code:

<?PHP //STATUS PAGE

if(!isset($_SESSION['username']) || !isset($_SESSION['loggedin']))
{
    $_SESSION['username']='Guest';
    $_SESSION['loggedin']=0;
}

//VARIABLES FOR TOP LOGIN SECTION
$guest_links='<a href="index2.php?page=signup" target="_self">Register</a> / ';
$guest_links.='<a href="index2.php?page=login" target="_self">Sign-in</a>';

$member_links ='<a href="index2.php?page=logout" target="_self">Log out</a>';

//IF SESSION SAYS USER IS NOT LOGGED IN SHOW LOGIN FORM ELSE JUST WELCOME THE USER
switch($_SESSION['loggedin']){
    case 0:
        echo 'Welcome '.$_SESSION['username'].', '.$guest_links;
    break;
    case 1:    
        echo 'Welcome '.$_SESSION['username'].', '.$member_links;
    break;
}

?>

when the customer does log in it doesn updete the username on the page and the page has to be manually refreshed to see the change, is there anyway of getting around this, thanks.

hope the notes on the code are sufficiant.

[broncozr]

You might make sure the session is started at the top of each page. That has gotten me in the past.

Code:

<?php
if(!session_id())session_start();
?>

[shakeuk]

as far as i am aware the session has started because i have:

PHP Code:

session_start(); 


at the top of the index page, remember the status code is brought in using includes.

do u reckon it could still be my problem?

[shakeuk]

*bump*

[peppy]

bump

I am having some of the same exact problems and can't find any other solutions on Google or anywhere.

[NogDog]

One thing to watch out for is if you access the site initially as "http://example.com/page.php", but then you do a header/meta redirect or have links that use "http://www.example.com/page.php", then the browser may not send the session cookie to the "www." pages unless you ensure that the session.cookie_domain setting is explicitly set to ".example.com" (note the leading ".") in order to associate the cookie with any sub-domain of the site.