I need help with PHP sessions

Question

I want to create a personalized dashboard for every user and have created a login system.

I am using this code to redirect different users to different pages, but no matter what the username or password is, it is taking me into file1.php.

<?php
session_start();

if ($_SESSION['username'] == "google") {
    header("location:file1.php");
}
else if ($_SESSION['username'] == "apple") {
    header("location:page2.php");
}
else {
    header("location:default.php");
}
?>

Here, Apple and Google are the usernames.

Here's the code that sets the session data.

$connect = @mysql_connect ($host, $username, $password) or die ('error');
$select = @mysql_select_db($db_name, $connect) or die('check');
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password' ";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1) {
    session_register("username");
    session_register("passsword");
    header("location:dashboard.php");
} else {
    echo "Username/Password does not match. Try Again.";
}

---

<?php

$host = "localhost";
$username = "USERNAME OF PHPMYADMIN";
$password = "PASS OF PHPMYADMIN";
$db_name = "membership";
$tbl_name = "users";

$connect = @mysql_connect ($host, $username, $password) or die ('error');
$select = @mysql_select_db($db_name, $connect) or die('check');

$username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT  * FROM $tbl_name WHERE username='$username' and password='$password' ";

$result = mysql_query($sql);

$count = mysql_num_rows($result);

if($count==1) {
    session_register("username");
    session_register("passsword");
    header("location:dashboard.php");
}
else
{
    echo "Username/Password does not match. Try Again.";
}


?>

tHIS IS THE Other code im using.

Answer 1

Wouldn't you need session_start(); on the page where you query for the username?

Assuming this code is in a separate page.

<?php

session_start();

$connect = @mysql_connect ($host, $username, $password) or die ('error');
$select = @mysql_select_db($db_name, $connect) or die('check');
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password' ";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1) {
    session_register("username");
    session_register("passsword");
    header("location:dashboard.php");
} else {
    echo "Username/Password does not match. Try Again.";
}
?>

Answer 2

make double sure you are using two = signs. a single one will assign as opposed to eval.

also switch would be better

switch ($_SESSION['username']) {
case 'google':
$file='file1.php';
break;
case 'google':
$file='file2.php';
break;
default:
$file='default.php';
break;
}
header("location: $file');

Answer 3

尝试在会话变量上执行print_r，您的会话可能存在其他问题。

<?= print_r($_SESSION['username']) ?>

Answer 4

First of all, you really shouldn't be storing passwords in the database in plaintext. At very least, md5() them or something.

Second of all, you should escape the values you put into the SQL query (or even better, use MySQLi 's prepared statements, if your server has MySQLi enabled) to avoid SQL injections.

Third of all, debug statements do wonders. Have you tried printing out the value of $_SESSION['username'] immediately before the conditional? I have a hard time believing PHP's conditional processing or equality tests would mess up, so the value must be "google" for some reason. I think you'll need to track down assignments to $_SESSION['username'] in your code to try and figure out why.

Answer 5

You should be calling session_start() before putting the username and password in session, and shouldn't be using session_register() (as it's deprecated), just use the $_SESSION global like so

session_start();
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

then on the next page do a start_session() and var_dump($_SESSION); and you can see what has been set in session