1

I had already used this code 2 times, but now doesn't work and i don't know why. Below is the code from the file process_login.php. The code works fine, but when i get to admin.php can´t echo $_SESSION['USER'] and the same isn´t set. Thanks in advance. 

<?php
    session_start(); 
    mysql_connect('localhost','root','root');   
    mysql_select_db('user_db'); 

    $user=$_POST['user']; 
    $password=$_POST['password'];

    $sql="SELECT * FROM users WHERE username='".$user."' AND password='".$password."'";     
    $res=mysql_query($sql); 

    if (mysql_num_rows($res)>0) 
    {           
        $row=mysql_fetch_array($res); 
        $_SESSION['USER']=$row['username']; 
        header("location: admin.php");                              
    }   
    else
    {   
        header("location: login.php");
    }   

?>
joao
  • 11
  • 1
  • 1
    http://stackoverflow.com/questions/21797118/deprecated-mysql-connect : you may have to edit your code a little, you shouldn't be using those mysql_* functions anymore – sodawillow Jan 04 '15 at 21:13
  • Did you started your session in the other file too? – Rizier123 Jan 04 '15 at 21:15
  • **Off topic:** You should be using PDO or Mysqli instead of the old deprecated Mysql extension. – Get Off My Lawn Jan 04 '15 at 21:29
  • yes, i forgot to say, i started the session on the other file – joao Jan 04 '15 at 21:29
  • where does the page take you? `admin.php` or `login.php`? – Get Off My Lawn Jan 04 '15 at 21:31
  • if user and pass are correct takes me to admin.php, i've done a if statement in this same file: process_login.php wich let me know that it can set the $_SESSION but only on this file, when i go to admin.php session isn't set – joao Jan 04 '15 at 21:42
  • i've just tried mysqli configuration, still the same thing... – joao Jan 04 '15 at 21:43
  • I am asking where the redirect takes you if it is `login.php`, then your query is probably wrong, or you're supplying a wrong username/password. – Get Off My Lawn Jan 04 '15 at 21:46
  • it should be `if(mysql_num_rows($res) == 1) ` because there should be only one person with that specific username and password combo – Dev Man Jan 04 '15 at 21:52
  • the redirect takes me to admin.php, where session and sql conection are started – joao Jan 04 '15 at 21:52
  • Without the source of `admin.php` we can't really help you. – Get Off My Lawn Jan 04 '15 at 21:54
  • if(mysql_num_rows($res) == 1) isn't the issue also because when i echo $_SESSION['USER'] i get the msg undefined index USER – joao Jan 04 '15 at 21:56
  • for now the code of admin.php is only: – joao Jan 04 '15 at 21:57
  • `mysql_fetch_array` is numerical data for each column, `mysql_fetch_assoc` uses the column names. – Get Off My Lawn Jan 04 '15 at 22:00
  • Another off topic: Looks like you store passwords in plain text in your database. Don't. Hash them with a random salt, and when comparing, re-hash the user input with a previously determined salt and compare the hashes. – Karel Kubat Jan 04 '15 at 22:03
  • @KarelKubat crypt() would be the best way to store them, or the password functions in the newer versions of php – Get Off My Lawn Jan 04 '15 at 22:04
  • start the session_start(); after the db connection in both files – Arun Jan 05 '15 at 05:23

1 Answers1

0

Using mysql_fetch_array will return an array with id numbers while mysql_fetch_assoc will return textual representation of the columns.

//mysql_fetch_array()
$myarray = array(
    [0] => "BILLYBOB"
);

//mysql_fetch_assoc()
$myarray = array(
    ["USER"] => "BILLYBOB"
);
Get Off My Lawn
  • 34,175
  • 38
  • 176
  • 338
  • still get the same thing and i've used this code 2 other times successfuly, just in other webservers. im thinking is there maybe a session funtion i might have to use i se no reason for this to happen – joao Jan 04 '15 at 22:18