www.webdeveloper.com
Results 1 to 5 of 5

Thread: [RESOLVED] PDO Session Handiling

  1. #1
    Join Date
    Jun 2009
    Location
    Chi town. IL68 ICAO code home airport, literally.
    Posts
    157

    resolved [RESOLVED] PDO Session Handiling

    Good evening all!

    Hope is all well and that someone can help me out here. I am writing a login script for a website of mine here, and I am new to the whole PDO thing along with sessions. This being said, I have successfully tested this code, and it is not throwing any errors, and executes the way I want to. Thing is, I don't know how to carry over the session from page to page. I have
    Code:
    session_start();
    at each page but I know I am doing something wrong, and I am nearly 99.99% sure I am setting the session incorrectly or not at all.

    Here is the login script:
    PHP Code:
    <?php 
    session_start
    ();
    //pull variables
    $User $_POST['user_name'];
    $Pass $_POST['password'];
    $ENC sha1($Pass);
    $ERRmsg "";

        
    //Checks to see if login button was pressed
        
    if(isset($_POST['Login']))
            {
                
    //Checks to see if user actually put in data
                
    if(empty($User)) $ERRmsg .= '<p>You did not enter a user name, please go back and enter your user-name. </p>';
                if(empty(
    $Pass)) $ERRmsg .= '<p>You did not enter a password, please go back and enter your password. </p>';
                
                    
    //Checks to see if error message is empty, if true, then proceeds with rest of code
                    
    if(empty($ERRmsg))
                    {
                        
    //Uses the input from the from to match the username and password and checks it against the 'Users' table
                        //Opens the connection to MySQL
                            
    try {
                                
    $LGC = new PDO('mysql:host=localhost; dbname=******''**********''*********');
                                
    $LGC->setAttribute(PDO::ATTR_ERRMODEPDO::ERRMODE_EXCEPTION);
                                    
    //Prepares the SQL Statement
                                    
    $SLU $LGC->prepare(
                                    
    "SELECT
                                    Username,
                                    Password,
                                    Active,
                                    UID
                                    FROM
                                    Users
                                    WHERE
                                    Username = :Uname
                                    AND
                                    Password = :DbPass
                                    "
    );
                                        
    //Binds the variables for security
                                        
    $SLU->bindParam(':Uname'$User);
                                        
    $SLU->bindParam(':DbPass'$ENC);
                                        
                                            
    //Executes the SQL Statement matching the information given
                                            
    $SLU->execute();
                                            
                                                
    //Sets the results into an array
                                                
    $result $SLU->fetch(PDO::FETCH_ASSOC);
                                                    
    $Uname $result['Username'];
                                                    
    $Active $result['Active'];
                                                    
    $UID $result['UID'];
                                }
                                catch (
    PDOException $ex) {
                                
    $msg $ex->errorInfo;
                                
    error_log(var_export($msgtrue));
                                die(
    "<h1 style='color:red'>Error LG_01, Please contact the administrator!</h1>");
                                }
                                    
    //Checks if account is a valid account
                                    
    if($Active == 0$ERRmsg .="You Need to confirm you account first before you log-in";
                                    if(
    $Active == 3$ERRmsg .="Your account has been disabled for security reasons, contact the administrator for more information";
                                        
                                        
    //Checks to see if error message is empty
                                        
    if(empty($ERRmsg))
                                        {
                                        
    $_SESSION['Username'] = true;
                                        
    $_SESSION['Password'] = true;
                                        echo 
    'Successfully logged-in';
                                        }
                                        
    //Shows you error message
                                        
    else
                                        {
                                        echo 
    $ERRmsg;
                                        die;
                                        }
                    }
                    else
                    {
                        echo(
    "<div id=posts>"$ERRmsg."</div>");
                    }
            
            }
        else
        {
            echo(
    "You cant do that!");
        }
    ?>
    and here is the page where the first session should come into play if you are logged in, but the session doesn't carry over to the page. Can anyone help me out?
    PHP Code:
    <?php
    session_start
    ();
    ?>

    <body>
    <?
    //if the user is logged in show the downloads page
    if( isset($_SESSION['true']) )  {?>
    <p>Thank you for logging in</p>
    <?
    }else{
    ?>
    <div id="bg-cyan">
        <div id="body body-s">
            <form method="post" action="loginscript.php" id="register-form" class="sky-form">
            <h1>Please Login</h1>
                <fieldset>
                    <section>
                        <label class="input">
                            <i class="icon-append fa fa-user"></i>
                            <input type="text" name="user_name" id="user_name" placeholder="User Name">
                            <b class="tooltip tooltip-bottom-right">Please enter your User Name"</b>
                        </label>
                    </section>
                    
                    <section>
                        <label class="input">
                            <i class="icon-append fa fa-lock"></i>
                            <input type="password" name="password" id="password" placeholder="Password">
                            <b class="tooltip tooltip-bottom-right">Please enter your password</b>
                        </label>
                    </section>
                </fieldset>
                <button type="submit" class="button" name="Login">Submit</button>
            </form>
                <p>If you are not registered, please <a href="http://www.wartachicago.org/test/ssignup.php">register</a> here.</p>
                
        </div>
    <? ?>
    </div>
    </body>
    </html>
    Thanks!
    Last edited by NogDog; 08-18-2014 at 10:33 PM. Reason: changed CODE tags to PHP tags
    For want of a nail...the horseshoe was lost. For want of a horseshoe, the steed was lost. For want of a steed...the message was not delivered. For want of an undelivered message.....the war was lost.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,338
    In the second section of code, where you have this...
    PHP Code:
    if( isset($_SESSION['true']) ) 
    ...I think you really want this...
    PHP Code:
    if(!empty($_SESSION['Username']) ) 
    Also, I would recommend saving the actual user name in $_SESSION['username'], not Boolean true -- otherwise it's kind of confusing.

    Also also, you do not appear to check if the DB query actually finds a match. After this line...
    PHP Code:
    $result $SLU->fetch(PDO::FETCH_ASSOC); 
    ...you could check if $result is false, and if so, handle the case where the login/password combo did not match.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    This is such a really nice and useful information friends.

  4. #4
    Join Date
    Jun 2009
    Location
    Chi town. IL68 ICAO code home airport, literally.
    Posts
    157
    Thanks NogDog! That worked! Do you have any links or such for a good explanation of sessions? Because the only stuff I found did basic sessions through text files and really didnt cover much ground.
    For want of a nail...the horseshoe was lost. For want of a horseshoe, the steed was lost. For want of a steed...the message was not delivered. For want of an undelivered message.....the war was lost.

  5. #5
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,338
    Well, I usually start with the official info: http://php.net/manual/en/book.session.php
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles