Variable $_SESSION does not want to be setted

1
votes

So this is the code for page index.php: the $_SESSION["username"] variable seems to be not setted and I dunno why becuase in the login page I am using the isset control and the login is successful if I'm entering the right values;it is not if I am entering wrong username and password. I know I should "code" the password with md5 but right now that is not my problem :( As you can see I'm redirecting to the index page after the login. From the index page I'm redirecting to the "home.php" page if the user already logged in. The problem is that after been doing the login,it keeps showing the login form and it is not redirecting me to home.php..

<?php session_start(); 
        require_once "dbConn.php"; dbconnect();
        if(isset($_SESSION["username"])){
        echo $_SESSION["username"]; // TEST it never enters THERE!!!
        echo'<p>Trasferimento alla home page</p>';
    header("Refresh: 2; URL = home.php");
    }

    else{
    echo'<div id=\"container\">';
    echo' 
        <div id=\"content\">
        <h2> You need to login :</h2>
        <br/>
        <form id="form1" name="form1" method="post" action="login.php">
        <input type="text" name="username" id="username" />
        <input type="password" name="password" id="password" />
        <input type="submit" name="accedi" id="accedi" value="Accedi" /> 
        </form>
        <br/>
        </div>';
    include 'Footer.php';
    echo'</div>';
    }?>

And this is the login.php page:

<?php
require_once "dbConn.php"; dbconnect();
if(isset($_POST['username']) && isset($_POST['password'])) {
    $username=mysql_real_escape_string($_POST['username']);
    $pwd = mysql_real_escape_string($_POST['password']);
    $query = mysql_query("SELECT * FROM user WHERE username='$username' AND password ='$pwd';");  

    if(mysql_num_rows($query) == 1){
    $sessione =mysql_fetch_array($query);
    $_SESSION["username"] = $sessione["username"];  
    echo $_SESSION["username"]; //TEST - it prints what I want: my username
    $_SESSION["logged"] = true;
    echo'Login effettuato con successo!';
    header("Refresh: 2; URL = index.php");
    }
    else if((mysql_num_rows($query) == 0)){
        echo'Utente non registrato o password errata';
        header("Refresh: 2; URL = index.php");
    }
}
?>  

Thx all ;)
1
phpsessionlogin

1 Answers

2
votes

You forgot to call session_start() on your login page

<?php
require_once "dbConn.php"; dbconnect();

should be

<?php
session_start()
require_once "dbConn.php"; dbconnect();