Cannot login php session does not start

Question

Is there anything going on? I can not log in using php session. The password and username all match but the thing does not create a session. Is there anything wrong?

   if (isset($_POST['submit'])) {

    $sql = "select * from user where email='" . fixstr($_POST['email'])
         . "' and password='" . fixstr($_POST['password']) . "' and active = 1 ";

    $res = mysql_query($sql);
    $rs = mysql_fetch_array($res);
    if ($rs) {
        $_SESSION['user_id'] = $rs['user_id'];
        $_SESSION['email'] = $rs['email'];
        $_SESSION['type'] = $rs['type'];

        if($_SESSION['type']=="Manager"){

            updateLastSignIn();
            redirect("");

        } else if($_SESSION['type']=="Admin"){

            updateLastSignIn();
            redirect('main.php?status=open');               
        } else {

            updateLastSignIn();
            redirect('main.php?status=open');
        }

    } else {
        $msg2 = 'Invalid email or password';
}
}


 <table align="center" border="0" cellpadding="2" cellspacing="2" >
 <tr valign="middle">
 <td align="left" style="font-size:16px;"></td>
  </tr>
  </table>
 <form id="form" method="post" class=''>
 <table border="1" align="center" cellspacing="0" cellpadding="0">
 <tr valign="top">
 <td class="boxtitle" align="center">Login portal</td>
  </tr>
 <tr>
 <td>
  <table width="300" border="0" cellpadding="2" cellspacing="1">
    <tr><td colspan="2">&nbsp;</td></tr>
    <tr><td align=right width="100">Username:</td><td align=left width="200"><input type="text" id="email" name="email" class="input-large" placeholder="Type email"/></td></tr>
    <tr><td align=right>Password:</td><td align=left><input type="password" id="password" name="password" class="input-large" placeholder="Type password" /></td></tr>
    <tr><td align="center">&nbsp;</td><td><button type="submit" id="submit" name="submit" class="">&nbsp;&nbsp;&nbsp;&nbsp;Sign in&nbsp;&nbsp;&nbsp;&nbsp;</button></td>   </tr>
    <tr><td colspan="2">&nbsp;</td></tr>
    <tr><td colspan="2" align="center">Registered users may sign in here.</td></tr>
    <tr><td colspan="2" align="center">Register an account click <a href="http://live-freecams.com/sign_up-member.php">here</a></td></tr>        
    <tr><td colspan="2">&nbsp;</td></tr>
  </table>
  </td>
 </tr>
 </table>
</form>

Just add a connection and it should work. Why does my code not work??????

we don't have majic glass to find problem, so post your code .... — user1844933, Feb 22 '14 at 06:23
why you don't try to put another condition to check weather the values are coming or not ? you just have fetched values and than you are directly assigning them am I right — Aitazaz Khan, Feb 22 '14 at 06:33

score 0 · Answer 1 · answered Feb 22 '14 at 06:25

0

its maybe PHP cannot start the session automatic. what you need to do is add

session_start()

at you coding header.

answered Feb 22 '14 at 06:25

chen

407
2
9

What do you mean "it does not work"? Could you please explain? Try and give us some sort of debug error or fatal/warning exception? – Alex L Feb 22 '14 at 06:44

score 0 · Answer 2 · answered Feb 22 '14 at 06:28

0

first start the session before create session

@session_start();
if(!isset($_SESSION['user_id'], $_SESSION['email'], $_SESSION['type'] ))
{
        $_SESSION['user_id'] = $rs['user_id'];
        $_SESSION['email'] = $rs['email'];
        $_SESSION['type'] = $rs['type'];
}

answered Feb 22 '14 at 06:28

wild

340
1
3
14

@user1844933 http://stackoverflow.com/questions/4151418/why-use-before-variable-can-someone-pls-explain – wild Feb 22 '14 at 06:34

score 0 · Answer 3 · answered Feb 22 '14 at 06:40

Try this and see if it is gona work I hope it will work. And please do not forget to start the session.

<?php
session_start();

if (isset($_POST['submit'])) {

    $sql = "select * from user where email='" . fixstr($_POST['email'])
         . "' and password='" . fixstr($_POST['password']) . "' and active = 1 ";

    $res= mysql_query($sql);
    $rs = mysql_fetch_array($res);
    if ($_SESSION['user_id'] == $rs['user_id'] && $_SESSION['email'] == $rs['email'] && $_SESSION['type'] == $rs['type']){

            if($_SESSION['type']=="Manager"){

                updateLastSignIn();
                redirect("");

            } else if($_SESSION['type']=="Admin"){

                updateLastSignIn();
                redirect('main.php?status=open');               
            } else {

                updateLastSignIn();
                redirect('main.php?status=open');
            }

        } else {
            $msg2 = 'Invalid email or password';
    }
    }
    ?>

score 0 · Answer 4 · answered Feb 22 '14 at 08:44

You have a few things that could be improved on your code, plus you should use, at least, some var_dumps() to know what is happening with your code.

Try this few changes to your code, which make it more readable and a bit more capable to cope with lack of results.

    // initialize variables
    $email = false;
    $password = false;
    $user = false;
    $sql = false;
    $res = false;
    $msg2 = false;
    // if you are sure that you will get the whole set of results from the database, use this for $rs
    $rs = false;
    // if you may not get some of the results, or they may be null, use this for $rs
    // $rs = array();
    // $rs['user_id'] = false;
    // $rs['email'] = false;
    // $rs['type'] = false;
// var_dump( $_POST );
// var_dump( $_SESSION );


    // Assign values if tey exist
    if ( isset( $_POST['email'] ) !== false ) {
        if ( empty( $_POST['email'] ) === false ) {
            $email = $_POST['email'];
        }
    }
    if ( isset( $_POST['password'] ) !== false ) {
        if ( empty( $_POST['password'] ) === false ) {
            $password = $_POST['password'];
        }
    }



    // if you have something to look for, start working
    if ( ( $email !== false ) && ( $password !== false ) ){
        $sql = "select * from user where email='" . fixstr( $_POST['email'] ) . "' and password='" . fixstr( $_POST['password'] ) . "' and active = 1 ";
        $res = mysql_query( $sql );
        $rs = mysql_fetch_array( $res );
    }



    // If you have results from the query, do something with them
    if ( $rs !== false ) {
        // reconnect/start session
        session_start();
// var_dump( $_POST );
// var_dump( $_SESSION );

        // store values
        if ( $rs['user_id'] !== false ) {
            $_SESSION['user_id'] = $rs['user_id'];
        }
        if ( $rs['email'] !== false ) {
            $_SESSION['email'] = $rs['email'];
        }
        if ( $rs['type'] !== false ) {
            $_SESSION['type'] = $rs['type'];
            switch ( $rs['type'] ) {
                case "Manager":
                    updateLastSignIn();
                    redirect("");
                    break;
                case "Admin":
                    updateLastSignIn();
                    redirect('main.php?status=open');  
                    break;
                default:
                    // whatever is right for you here
            }
        } else {
            $msg2 = 'Invalid email or password';
        }
    }
// var_dump( $_POST );
// var_dump( $_SESSION );

Of course you still should be doing some checking and sanitizing on the variables received from $_POST before using them on the database. Also, there are other options to improve the code, but what I wrote is just some little changes that may help to detect problems.

About the start of the session, you can move it up or down, we don't know the whole code of your project, but considering what you have, where I put it, seems to be a good option.

Cannot login php session does not start

4 Answers4