SESSION HELP

bhavin12300 · July 9, 2007, 11:13am

HI
I AM LITTLE NEW TO PHP
I AM HAVING SOME PROBLEM REGARDING THE SESSION IN PHP.
HERE IS MY PROBLEM.

AS LIKE ALL WEBSITE MY AIM IS TO ASK FOR ID AND PASSWORD FROM USER AND AFTER CHECKING THE ID AND PASSWORD I CREATE ONE SESSION AND STORE USER ID IN ONE VARIABLE TO REFER TO OTHER PAGE.
AND I AM REDIRECTING TO HOME PAGE AFTER SETTING SESSION AND AT THAT HOME PAGE I AM UNABLE TO RETRIEVE THAT SESSION VARIABLE DATA.
MEANS MY SESSION IS NOT PERSISTENCE.

CAN ANYONE HELP ME

WAITING FOR REPLY.
IF CODE REQUIRE ASK ME

I AM dingING THIS ON SERVER LOT LOCAL SERVER

i an adding code too
first code is where i am setting my session.
and second is where i am retrieving.
1)

<?php

    $mydb=mysql_connect('mysql3.freehostia.com:3306','bhapit_database',' ');

	
 	if(mysql_select_db('bhapit_database',$mydb))

            {
	 	 
      	    }
        else
	    {
		echo("databse not connected");
	    }
 
  
   $userid = $_POST['userid'];
   $password = $_POST['password'];
   $submit="select * from user where userid like '$userid' and password like '$password'";
   $result=mysql_query($submit);
       $num=1;
     while($row=mysql_fetch_array($result))
		{
 		  session_start();
		  $SESSION['username'] =$userid;
		  mysql_close($mydb);
		   header("Location: index.php");

 
 		}
   
 
   
 ?>
 <html>
<head>
</head>
<body>
<table  >
<tr><td  > <?php include("header.php"); ?></td></tr>
<tr><td  > <?php include("nevigator.php"); ?></td></tr>
<tr>
<td>Registration Done Sucessfully.<br>Login Here<?php include("login_user.php"); ?> </td>
 
</tr>
<tr><td> <?php include("footer.php"); ?></td></tr>
<table>

</body>
</html>

[code]

<?php session_start(); $MYNAME=$_SESSION['USERNAME']; //retrieve data echo $MYNAME; ?> <?php if($MYNAME=="") { } else { echo("WELCOME!!"); echo $MYNAME; echo(" Sign Out"); } ?>

<?php include("header.php"); ?>

<?php include("nevigator.php"); ?>

<?php include("center.php"); ?>

<?php include("footer.php"); ?>

[/code]

andrewlondon · July 9, 2007, 11:45am

I would suggest removing the database username and password from your post.

Q1712 · July 9, 2007, 5:23pm

i guess this is ur prob:
$SESSION[‘username’] is neither the the same as $_SESSION[‘USERNAME’]
nor the tame as $_SESSION[‘username’]

don’t use like to check for the password!!!
ANYBODY can login to any account by using the password %

Zyppora · July 10, 2007, 11:20am

First of all, fix your security. If I fill in the following:

Login name: your_admin_account
Password: %

or:

Login name: anything
Password: ’ OR username = 'your_admin_account

Then I’m hijacking your admin account and I can do whatever I want with it. Read up on the security chapter in the PHP Manual.

Second, it’s considered rude to ‘shout’, which basically comes down to type in all caps. Don’t do that, you won’t make friends.