PHP User SQL Not staying in Session

Hello guys and girls.
We tactician Studios are having trouble with our website staying in Session. You can visit and see the problem at: http://www.tacticianstudios.com/Beta/
When you go to toolbar>Pages>About. it wants you to sign back in and redirects you to the dashboard.

Here’s the code and hope you can help.

index.php
[php]

<?php session_start(); /** * @package php-login * @author Panique * @link https://github.com/panique/php-login/ * @license http://opensource.org/licenses/MIT MIT License */ // include the configs / constants for the database connection require_once("config/db.php"); // load the login class require_once("classes/Login.php"); // create a login object. when this object is created, it will do all login/logout stuff automatically // so this single line handles the entire login process. in consequence, you can simply ... $login = new Login(); // ... ask if we are logged in here: if (isset($_SESSION['user_name'])) { // the user is logged in. you can do whatever you want here. // Main Toolbar include("views/header.php"); // for demonstration purposes, we simply show the "you are logged in" view. if(!$_SERVER['QUERY_STRING']){ include("dashboard.php"); }else if($_SERVER['QUERY_STRING']==Dashboard){ include("dashboard.php"); }else if($_SERVER['QUERY_STRING']==About){ include("about.php"); } } else { // the user is not logged in. you can do whatever you want here. // for demonstration purposes, we simply show the "you are not logged in" view. include("views/not_logged_in.php"); } [/php] Login.php [php] <?php /** * class Login * handles the user login/logout/session * * @author Panique * @version 1.2 */ class Login { private $db_connection = null; // database connection private $user_name = ""; // user's name private $user_email = ""; // user's email private $user_password_hash = ""; // user's hashed and salted password private $user_is_logged_in = false; // status of login public $errors = array(); // collection of error messages public $messages = array(); // collection of success / neutral messages /** * the function "__construct()" automatically starts whenever an object of this class is created, * you know, when you do "$login = new Login();" */ public function __construct() { // create/read session session_start(); // check the possible login actions: // 1. logout (happen when user clicks logout button) // 2. login via session data (happens each time user opens a page on your php project AFTER he has sucessfully logged in via the login form) // 3. login via post data, which means simply logging in via the login form. after the user has submit his login/password successfully, his // logged-in-status is written into his session data on the server. this is the typical behaviour of common login scripts. // if user tried to log out if (isset($_GET["logout"])) { $this->doLogout(); } // if user has an active session on the server elseif (!empty($_SESSION['user_name']) && ($_SESSION['user_logged_in'] == 1)) { $this->loginWithSessionData(); // if user just submitted a login form } elseif (isset($_POST["login"])) { $this->loginWithPostData(); } } private function loginWithSessionData() { // set logged in status to true, because we just checked for this: // !empty($_SESSION['user_name']) && ($_SESSION['user_logged_in'] == 1) // when we called this method (in the constructor) $this->user_is_logged_in = true; } private function loginWithPostData() { // if POST data (from login form) contains non-empty user_name and non-empty user_password if (!empty($_POST['user_name']) && !empty($_POST['user_password'])) { // create a database connection, using the constants from config/db.php (which we loaded in index.php) $this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); // if no connection errors (= working database connection) if (!$this->db_connection->connect_errno) { // escape the POST stuff $this->user_name = $this->db_connection->real_escape_string($_POST['user_name']); // database query, getting all the info of the selected user $checklogin = $this->db_connection->query("SELECT user_name, user_email, user_password_hash FROM users WHERE user_name = '".$this->user_name."';"); // if this user exists if ($checklogin->num_rows == 1) { // get result row (as an object) $result_row = $checklogin->fetch_object(); // using PHP's crypt function to // this is currently (afaik) the best way to check passwords in login processes with PHP/SQL if (crypt($_POST['user_password'], $result_row->user_password_hash) == $result_row->user_password_hash) { // write user data into PHP SESSION [a file on your server] $_SESSION['user_name'] = $result_row->user_name; $_SESSION['user_email'] = $result_row->user_email; $_SESSION['user_logged_in'] = 1; // set the login status to true $this->user_is_logged_in = true; } else { $this->errors[] = "Wrong password. Try again."; } } else { $this->errors[] = "This user does not exist."; } } else { $this->errors[] = "Database connection problem."; } } elseif (empty($_POST['user_name'])) { $this->errors[] = "Username field was empty."; } elseif (empty($_POST['user_password'])) { $this->errors[] = "Password field was empty."; } } /** * perform the logout */ public function doLogout() { $_SESSION = array(); session_destroy(); $this->user_is_logged_in = false; $this->messages[] = "You have been logged out."; } /** * simply return the current state of the user's login * @return boolean user's login status */ public function isUserLoggedIn() { return $this->user_is_logged_in; } } [/php] And the Header.php [php]
Af_logo

This may be nothing, but session_start() must be the very first thing to happen on the page. You seem to have a newline before your opening PHP <? tag.

If you want to know what happens, error_reporting(E_ALL) as the very first instruction. If you are getting a “Headers already sent”, you have something bugging it out (usually, a newline before the first PHP block)

Also, if you have defined session_start() right at the start of your code, you don’t need to re-call it in your Login class.

Finally, +1 for using crypt, but -1 for not using prepared statements/parametrization, and -1 for mysql_real_escape_string(), which is jukable by character encoding.

Okay,
I did not really understand what you said but here’s the problem. When I go to the next page it makes me have to sign back in. The Session does not continue for some reason.
Here some additional information;
Host: ipage.com
PHP Version: 5.3.13
MySQL Version: 5.0.91-log

Sponsor our Newsletter | Privacy Policy | Terms of Service