Jump to content
Larry Ullman's Book Forums

Recommended Posts

I am having trouble getting my scripts to work when it coes to sessions without cookies. I have amended the login.php script as per the book and then amended the remaining scripts header.html, loggedin.php and logout.php as described in the book but find when entering a valid email address and password I am returned straight to the index.php page. Please can you assist me in understanding what I am doing wrong, I have been trying to work through it and resolve it my self for the last 2 days. I have MySQL Server 5.5, php 5.3.6 and Windows 7 Home 64bit running on my own computer using the localhost server. Please find attached my scripts.



<?php # Script 9.16 - login.php

// Send nothing to the browser before session_start() line!

// Check if the form has been submitted.

if (isset($_POST['submitted'])) {


require_once ('../secure/mysql_connect.php'); // Connect to the db.

$errors = array(); // Initialise error array.

// Check for an email address.

if (empty($_POST['email'])) {

$errors[] = 'You forgot to enter an email address.';

} else {

$e = escape_data($_POST['email']);


// Check for a password.

if (empty($_POST['password'])) {

$errors[] = 'You forgot to enter a password.';

} else {

$p = escape_data($_POST['password']);


if (empty($errors)) { // If everything is OK.


/* Retrieve the user_id and first name for the email/password combination */

$query = "SELECT user_id, first_name FROM users WHERE email='$e' AND password=SHA('$p')";

$result = @mysql_query($query); // Run the query.

$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.

if ($row) { // A record was pulled from the database.

// Set the session data and redirect.

session_name ('YourVisitID');

ini_set('session.use_cookies', 0); // Don't use cookies.


$_SESSION['user_id'] = $row[0];

$_SESSION['first_name'] = $row[1];

// Redirect the user to the loggedin.php page.

// Start defining the URL.

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for trailing slash.

if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {

$url = substr($url, 0, -1); // Chop off the slash.


// Add the page.

$url .= '/loggedin.php?' . SID; // Add the session name & ID.

header("Location: $url");

exit(); // Quit the script.


} else { // No record matched the query.

$errors[] = 'The email address and password entered do not match those on file.'; // Public message.

$errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message.


} // End of if(empty($errors)) if.

mysql_close(); // Close the database connection.

} else { // Form has not been submitted.

$errors = NULL;

} // End of main submit conditional.

// Begin the page now.

$page_title = 'Login';


if (!empty($errors)) { // Print any error messages.

echo '<h1 id="mainhead">Error!</h1>

<p class="error">The following error(s) occurred:<br />';

foreach ($errors as $msg) { // Print each error.

echo "- $msg<br />\n";


echo '</p><p>Please try again.</p>';


// Create the form.



<form action="login.php" method="post">

<p>Email Address: <input type="text" name="email" size="20" maxlenght="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></p>

<p>Password: <input type="password" name="password" size="20" maxlength="20"/></p>

<p><input type="submit" name="submit" value="Login"/></p>

<p><input type="hidden" name="submitted" value="TRUE"/>



include ('./includes/footer.html');




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">



<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />


<title><?php echo $page_title; ?></title>

<style type="text/css" media ="all">@import "./includes/layout.css";</style>



<div id="wrapper"><!-- Goes with the CSS layout. -->

<div id="content"><!-- Goes with the CSS layout. -->


<div id="nav"><!-- Links section -->



<li class="navtop"><a href="index.php?<?php SID; ?>" title="Go to Home Page">Home</a></li>

<li><a href="register.php" title="Register?<?php SID; ?>">Register</a></li>

<li><?php // Create a login/logout link.

if ((isset($_SESSION['user_id'])) && (!strpos($_SERVER['PHP_SELF'], 'logout.php'))) {

echo '<a href="logout.php?<?php SID; ?>" title="Logout">Logout</a>';

} else {

echo '<a href="login.php?<?php SID; ?>" title="Login">Login</a>';





<!-- Script 9.8 - header.html -->

<!-- Start of page specific content -->



<?php # Script 9.17 - loggedin.php

# User is redirected here from login.php.

session_name ('YourVisitID');

ini_set('session.use_cookies', 0);

session_start(); // Start the session.

// If no session value is present redirect the user.

if(!isset($_SESSION['user_id'])) {

// Start defining the url.

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for a trailing slash.

if ((substr($url, -1) == '/') OR (substr($url, -1) =='\\')) {

$url = substr($urll, 0, -1); // Chop off the slash.


$url .= '/index.php'; // Add the page.

header ("Location: $url");

exit(); // Quit the script.


// Set the page title and include the HTML header.

$page_title = 'Logged In!';

include ('./includes/header.html');

// Print a customised message.

echo "<h1>Logged In!</h1>

<p>You are now logged in, {$_SESSION['first_name']}!</p>

<p><br /><br /></p>";

include ('./includes/footer.html');




<?php # Script 9.18 - logout.php

// This page lets the user log out.


ini_set('session.use_cookies', 0);

session_start(); // Access the existing session.

// If no cookie is present, redirect the user.

if(!isset($_SESSION['user_id'])) {

//Start defining the url.

$url = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for a trailing slash.

if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {

$url = substr($url, 0, -1); // Chop of the slash.


$url .= '/index.php'; // Add the page.

header("Location, $url");


} else { // Cancell the session.

$_SESSION = array(); // Destroy the variables.

session_destroy(); // Destroy the session itself.


// Set the page title and include the HTML header.

$page_title = 'Logged Out!';

include ('./includes/header.html');

// Print a customised message.

echo "<h1>Logged Out!</h1>

<p>You are now logged out!</p>

<p><br /><br /></p>";

include ('./includes/footer.html');


Share this post

Link to post
Share on other sites

You should start by confirming the value of SID. Use exit() to terminate a script prior to it redirecting, so that you can see what's going on.

  • Upvote 1

Share this post

Link to post
Share on other sites

I found another session variable session.use_only_cookies once I set this to off as well as session.use_cookies my sessions worked fine. Thank you for your direction and I woul also like to note that I am loving the book.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now