allowing users to log into my website

I'm trying to create the necessary framework to allow users to log
into my website. I have already created the backend using a MySQL
database. The part that I'm hung up on is being able to pass the
username from one page to the next. I've been reading about sessions,
and I can get them to work if I embed the SID into the URL, but I
really dislike that method. I've read that cookies can be used
instead, but I cannot get these to work. I've been changing values
like session.use_only_cookies = 1, session.save_handler = files,
session.save_path = "C:\Temp", etc. but none of them are helping. I
can see the files being created in C:\Temp, and they are populated
with the username that I'm assigning to $_SESSION['username'], but
it's not available on the next page. I'm running Apache 2 and PHP
5.2.5 on a Windows XP SP2 Home machine. Any ideas?

<?php

session_start();

include("UserFunctions.php");

$mode = "";
$username = "";
$password = "";

if (!isset($_POST['mode']))
{
unset($mode);
}
else
{
echo "setting mode to ".$_POST['mode']."<br>\n";
$mode = $_POST['mode'];
}

if (!isset($_POST['username']))
{
unset($username);
}
else
{
//echo "setting username to ".$_POST['username']."<br>\n";
$username = $_POST['username'];
}

if (!isset($_POST['password']))
{
unset($password);
}
else
{
//echo "setting password to ".$_POST['password']."<br>\n";
$password = $_POST['password'];
}

if (!isset($mode))
{
if (!isset($_SESSION['username']))
{
echo "session user = ".$_SESSION['username']."<br>\n";
echo "<FORM name=login method=post action='login2.php?
mode=confirm'>";
echo "<INPUT type=hidden name=mode value=confirm>";
echo "<TABLE align=center>";
echo "<TR>";
echo "<TD>Username:</TD>";
echo "<TD><INPUT type=text name=username></TD>";
echo "</TR>";
echo "<TR>";
echo "<TD>Password:</TD>";
echo "<TD><INPUT type=password name=password></TD>";
echo "</TR>";
echo "<TR>";
echo "<TD colspan=2 align=center><INPUT type=submit value='Log In'></
TD>";
echo "</TR>";
echo "</TABLE>";
echo "</FORM>";
}
else
{
$firstname = getFirstName($_SESSION['username']);
echo "Welcome, ".$firstname.".";
}
}
else if (strcmp($mode,'confirm') == 0)
{
if (!isset($username) || !isset($password) || strcmp($username,"") ==
0 || strcmp($password,"") == 0)
{
echo "Please provide a username and password.<br>\n";
}
else
{
if (!confirmLogin($username, $password))
{
echo "Username and/or password is invalid.<br>\n";
}
else
{
//openSession($username);
$_SESSION['username'] = $username;
//echo "session username = ".$_SESSION['username']."<br>\n";
//echo "<a href='login2.php'>login2.php</a><br>\n";
//header("Location: main.php");
header("Location: login2.php");
}
}
}

?>

halamazoo wrote:
> I'm trying to create the necessary framework to allow users to log
> into my website. I have already created the backend using a MySQL
> database. The part that I'm hung up on is being able to pass the
> username from one page to the next. I've been reading about sessions,
> and I can get them to work if I embed the SID into the URL, but I
> really dislike that method. I've read that cookies can be used
> instead, but I cannot get these to work. I've been changing values
> like session.use_only_cookies = 1, session.save_handler = files,
> session.save_path = "C:\Temp", etc. but none of them are helping. I
> can see the files being created in C:\Temp, and they are populated
> with the username that I'm assigning to $_SESSION['username'], but
> it's not available on the next page. I'm running Apache 2 and PHP
> 5.2.5 on a Windows XP SP2 Home machine. Any ideas?
>


First thing - edit your php.ini file to enable error reporting for all
errors and display the errors:

error_reporting=E_ALL
display_errors=on

(leave the second one off in a production environment).

See what errors you get.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================