variables not being passed

[pixlepix]

My login script doesnt pass variables to the other pages

login:

Code: [Select]

<?
include('Config.php');
if ($_POST['username'] && $_POST['password']) {
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);

$checklogin = mysql_query("SELECT username FROM users WHERE username = '".$username."' AND password = '".$password."'");

$result2 = mysql_num_rows($checklogin);
echo $checklogin;
if($result2 == 0) {
echo "Login Failed";
}else{

$getuserinfo = "SELECT * FROM users WHERE username='$_POST[username]'";
$resultuserinfo = mysql_query($getuserinfo);

$row = mysql_fetch_assoc($resultuserinfo);
$_SESSION['authenticated']=true;
$_SESSION['username'] = $username;
    $_SESSION['pass'] = $password;
$_SESSION['userid'] = $row['id'];
if(!isset($_COOKIE['village'])){
$_COOKIE['village'] = 1;
}

header('Location:Village.php');

}

}else{

?>

<h2>Site Login</h2>
<form action="login.php" method="post">
Username: <input type="text" name="username" maxlength="10" size="24"><br>
Password: <input type="password" name="password" maxlength="10" size="25"><br><br>
<input type="submit" name="submit" value="Login">
<input type="reset" name="reset" value="Reset">
</form>
<br><br>
<a href="register.php">Register</a>

<? } ?>
Reciving page:

Code: [Select]

<?php
include('Config.php');

if (!isset($_SESSION['authenticated'])){
 echo "<meta http-equiv=\"refresh\" content=\"1;url=http://argentwars.scireportals.com/login.php\">";
}
$userid = $_SESSION['user'];
$village = $_COOKIE['village'];
$vquery = "SELECT * FROM villages WHERE player=$userid and number=$village LIMIT 1";
$vresult = mysql_query($vquery);

$row = mysql_fetch_assoc($vresult);

$wood = $row['wood'];
$clay = $row['clay'];
$iron = $row['iron'];
$stone = $row['stone'];
$market = $row['market'];
$barracks = $row['barracks'];
?>

Welcome, <? echo $_SESSION['username']; ?><br>
Wood: <? echo $wood; ?><br>
Clay: <? echo $clay; ?><br>
Iron: <? echo $iron; ?><br>
Stone: <? echo $stone; ?><br>
<a href="Market.php">Your Market Level is: <? echo $market; ?></a><br>
<a href="Barrack.php">Your Barracks Level is: <? echo $barracks; ?></a><br>

<?






?>
Config.php:

Code: [Select]

<?php
session_start();
$dbhost = '*********';
$dbuser = '*******';
$dbpass = '*******';
$dbname = '******'; // our database settings
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
or die('Error connecting to mysql');
mysql_select_db($dbname);

[Chris]

Code: [Select]

$village = (int)$_COOKIE['village'];
$vquery = "SELECT * FROM villages WHERE player=$userid and number=$village LIMIT 1";or

Code: [Select]

$village = $_COOKIE['village'];
$vquery = "SELECT * FROM villages WHERE player=$userid and number='$village' LIMIT 1";Even if you use magic quotes you need to either convert all integers to integers or add quotes for integer variables in SQL "number='$village' ". People can set cookie to "0; DROP TABLE villages; SELECT * FROM villages " (no quotes needed to crash your server in this case .

Always add exit(); after header('Location:xxx.php'); redirect do not stop parsing the old page!

To track your problem remove Header and put echo to see if variables are OK.

[pixlepix]

1. Thanks for that adivce
2. see above
3. I allready did that. All session variables and cookie variables are compkletly blank

[Chris]

            $getuserinfo = "SELECT * FROM users WHERE username='$_POST[username]'";
            $resultuserinfo = mysql_query($getuserinfo);
            
            $row = mysql_fetch_assoc($resultuserinfo);
            $_SESSION['authenticated']=true;
            $_SESSION['username'] = $username;

This part is inconsistent. Decide to use either $_POST[username] or $username, not both.
(while cleaning that part you should find out why the code don't work )

[pixlepix]

ah, thanks for that. But it didnt do anything

[Winawer]

You're saving the user id into $_SESSION['userid'] at login, but trying to read it from $_SESSION['user'] on the village page. Maybe this is the problem?

[pixlepix]

another error, and thanks for the help, but it still doesnt work. Also, the sesson variables are there on the login page, just not the other pages

[Winawer]

What kinds of errors are you getting and what does a var_dump($_SESSION) in Village.php print out?

[SpaceDoG]

trying to use $_SESSION without doing a session_start() will not work. You have to do declare session_start before you attempt to use $_SESSION.

[pixlepix]

Ideclaired it in the config.php file

[SpaceDoG]

Ok. Also to use $_COOKIE you first have to do cookie_set()... Then you can use $_COOKIE.

[pixlepix]

atal error: Call to undefined function cookie_set() in /home/argentwars/argentwars.scireportals.com/Config.php on line 4
It gives me this error

[Winawer]

http://php.net/manual/en/function.setcookie.php

[SpaceDoG]

err yea.. my bad :-P sorry bit drunk and it was like 10pm wehen I said that :-P

[pixlepix]

ah, fixed it. Thanks so much for all your help.