Login Issue (with session ID)

Hello,

I am the current web admin of JigStop.com. It’s the online storefront for a small fishing tackle store in Dana Point, California. We recently switched from a Windows shared host (Web.com) to a Linux shared host (Godaddy), and a number of issues have come up. I appear to have tackled most of them myself over the last few days, but this one really has me stumped:

When I (or any other users) attempt to log in, it shows the “login successful” page with account-related links. However, it then reloads the index page (as is normally expected) and shows that the user is no longer logged in. There is no evidence of an error on the mySQL tables affected, and there are no errors posted on the pages themselves.

Here is the code for the dologin.php page:
[php]<?

require (“main.js.php”);
$PageTitle = “$domainname Login”;

//-------------------
// Validate User
$query = "
SELECT U_LoginName,U_LoginPassword,U_Groups
FROM js_users
WHERE U_LoginName = ‘$LoginName’
";
$sth = $dbh -> do_query($query);

list ($UserLoginName,$UserLoginPassword,$Groups) = $dbh -> fetch_array($sth);

if ($UserLoginName == ‘’) {

include "includes/header.php";

include "includes/home.menu.php";

echo "<br /><br /><table align=\"center\" cellspacing=\"1\" width=\"90%\" class=\"tableborder\"><tr><td><table cellspacing=\"0\" cellpadding=\"3\" width=\"100%\"><tr>";
echo "<td class=\"tableheader\" align=\"left\"><font class=\"tabletextheader\">Logging In</font></td></tr>";
echo "<tr><td class=\"tablebody\" align=\"left\"><br /><br />";
echo "<p><font class=\"tabletext\">Invalid user name!</font></p><br /><br />";

} else {

if (strcasecmp($UserLoginPassword, $Password) == 0) {

  session_start();
  $time = time();
  if (strstr($Groups, '4') != FALSE) {
    setcookie("SID",session_id(),$time+120000,"/",false,0);
  } else {
    setcookie("SID",session_id(),$time+7200000,"/",false,0);
  }
  $SID = session_id();

// Update SID in User database
$query = "
UPDATE js_users
SET U_SID = ‘$SID’
WHERE U_LoginName = ‘$UserLoginName’
";
$dbh -> do_query($query);

// Update SID in order database
$query = "
UPDATE js_orders
SET O_SID = ‘$SID’
WHERE O_LoginName = ‘$UserLoginName’
";
$dbh -> do_query($query);

  include "includes/header.php";
    
  include "includes/left.menu.php";

  echo "<br /><br /><table align=\"center\" cellspacing=\"1\" width=\"90%\" class=\"tableborder\"><tr><td><table cellspacing=\"0\" cellpadding=\"3\" width=\"100%\"><tr>";
  echo "<td class=\"tableheader\" align=\"left\"><font class=\"tabletextheader\">Logging In</font></td></tr>";
  echo "<tr><td class=\"tablebody\" align=\"left\"><br /><br />";
  echo "<p><font class=\"tabletext\">Welcome $UserLoginName, your login was successful!</font></font></p><br />";
  
  echo "<meta http-equiv=\"Refresh\" content=\"1;url=/index.php\" />";
} else {

  include "includes/header.php";

  include "includes/left.menu.php";

  echo "<br /><br /><table align=\"center\" cellspacing=\"1\" width=\"90%\" class=\"tableborder\"><tr><td><table cellspacing=\"0\" cellpadding=\"3\" width=\"100%\"><tr>";
  echo "<td class=\"tableheader\" align=\"left\"><font class=\"tabletextheader\">Logging In</font></td></tr>";
  echo "<tr><td class=\"tablebody\" align=\"left\"><br /><br />";
  echo "<p><font class=\"tabletext\">Incorrect Password!<br /><br />Please use the back button and try again.</font></p><br />";
}

}

if (($LoginName != ‘’) && ($Password != ‘’)){
if ($Password == $UserLoginPassword) {
$Password = ‘*’;
}
$LoginNameS = addslashes($LoginName);
$PasswordS = addslashes($Password);

$query = "
INSERT js_login
SET L_Name = ‘$LoginNameS’,
L_Password = ‘$PasswordS’,
L_IP = ‘$IP’,
L_Date = ‘$NOW’
";
$dbh -> do_query($query);

}

echo “”;

include “includes/footer.php”;

?>
[/php]

I would really appreciate any input you guys might have. I’ll continue to poke at it, because we need this site back in working condition ASAP.

PS: I didn’t create the website, and I know that the code is an absolute mess. The guy credited with building the site did little more than slap together some outdated free PHP packages, dotting the Ts and crossing the Is with his own sloppy designs.

Hi there,

Try moving the “session_start();” to the top, above the inclusion of main.js.php

No dice. =/

hmm, I think the problem may be here:
[php] $query = "
INSERT js_login
SET L_Name = ‘$LoginNameS’,
L_Password = ‘$PasswordS’,
L_IP = ‘$IP’,
L_Date = ‘$NOW’
";[/php]

In linux terms, SET can only be used for update, for insert you must use ‘value’ as far as I am aware.

EDIT - JUST NOTICED YOU ARE USING <?, CHANGE THIS TO <?php BEFORE ANYTHING ELSE!
Alo, add this line after each query:
[php]if(!$query){
echo mysql_error();}[/php]

This will let you know if your queries are running or not

The following url can help you understand what herghost is talking about: http://dev.mysql.com/doc/refman/5.5/en/insert.html. Now I’ve never seen SET used in syntax of an INSERT statement but upon looking at the page, you can use it… just not in the way you want to use it here so, yes, I agree with herghost. Also, you forgot the word INTO in that syntax which would make the statement not work by default. Do the following changes:

[php]
$query = “INSERT INTO js_login (‘L_Name’, ‘L_Password’, ‘L_IP’, ‘L_Date’)
VALUES (’$LoginNameS’, ‘$PasswordS’, ‘$IP’, ‘$NOW’)”;[/php]

Finally, progress! You are both lifesavers. Unfortunately, I’m still getting an error that I can’t figure out. After a login attempt, this error shows under the whole “your login was successful” and before the refresh to index:

SQL ERROR: Database error only visible to forum administrators You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "L_Name', 'L_Password', 'L_IP', 'L_Date') VALUES ('Name', 'password' at line 1

That’s word for word. Some weird typos in an error message. Is this the indicator of a conflicting MySQL server version?

That’s a MySQL syntax error which I believe was caused due to my new code. Try replacing it with the following:

[php]
$query = “INSERT INTO js_login (L_Name, L_Password, L_IP, L_Date)
VALUES (’$LoginNameS’, ‘$PasswordS’, ‘$IP’, ‘$NOW’)”;

[/php]

What I did was remove the ’ that surrounds the column names listed in the ( ) before the VALUES. Try this and tell me if that works for you =D.

Well, the error went away, and thanks again. However, we are still back to not being logged in after refresh. =/

Are all of your pages starting with session_start()?

Sort of, and maybe this is the issue. I have my pages set to include a header.php page. The beginning of the header runs an SID process of some weird sort. Again, I definitely did not write this. xD

[php]$SID = $_COOKIE[“SID”];
$IP = $_SERVER[‘REMOTE_ADDR’];
$RequestURI = $_SERVER[‘PHP_SELF’];
set_time_limit(60);
$SiteDown = “No”;

if ($SID == “”) {
session_start();
setcookie(“SID”,session_id(),time()+7257600,"/",false,0);
}[/php]

You are using cookies to determine sessions on your site. I, in my personal opinion, do not recommend this as some people and computers disable cookies making using this this type of session control not useful. I would advise you keeping session information via the $_SESSION variables and starting ALL pages via the session_start() command.

I appreciate your help so far, I really do. However, I’m not in a position to rewrite a lot of how the site works right now. I actually intend to create a new site with Zencart soon. I just need to get this one working again for the moment.

Thanks to that debug script, I was able to track it down to a typo in a query. All fixed now. Thanks SO MUCH for your help, guys. :slight_smile:

Sponsor our Newsletter | Privacy Policy | Terms of Service