We Keep Coding

Need help figuring out why my php code whit sessions inst working

Im currently trying to do a login code by myself and i cant figure out how ot work whit session. If anyone can examine my code and say were are the errors i would be much obliged.
Sorry for the lack of organization first time posting here.
Sorry for my english(not my native language), im portuguese.
-index.php
<html>
<head>
<?php session_start(); ?>
<title> Login Page </title>
</head>
<body>
<form action="login2.php" method="post">
<table width="200" border="0">
<tr>
<td> UserName</td>
<td> <input type="text" name="user" > </td>
</tr>
<tr>
<td> PassWord </td>
<td><input type="password" name="pass"></td>
</tr>
<tr>
<tr>
<td> Email </td>
<td><input type="email" name="email"></td>
</tr>
<tr>
<td> <input type="submit" name="login" value="LOGIN"></td>
<td>Logout</td>
</tr>
</table>
</form>
</body>
</html>
Home.php
<?php
require_once 'database.php';
$res=mysql_query("SELECT * FROM users WHERE id=".$_SESSION['user']);
$userRow=mysql_fetch_array($res); ?>
<html>
<head>
<title> Home </title>
</head>
<body>
<?php
if(!isset($_SESSION['use']))
{
header("Location:Login.php");
}
echo $userRow['userEmail'];
echo "Login Success";
echo "<a href='logout.php'> Logout</a> ";
?>
</body>
</html>
logout.php
<?php
session_start();
echo "Logout Successfully ";
session_destroy(); // function that Destroys Session
header("Location: Login.php");
?>
database.php
<?php
// this will avoid mysql_connect() deprecation error.
error_reporting( ~E_DEPRECATED & ~E_NOTICE );
// but I strongly suggest you to use PDO or MySQLi.
define('DBHOST', 'localhost');
define('DBUSER', 'root');
define('DBPASS', '');
define('DBNAME', 'database_sof');
$conn = mysql_connect(DBHOST,DBUSER,DBPASS);
$dbcon = mysql_select_db(DBNAME);
?>
login2.php
<?php
require_once 'database.php';
if(isset($_SESSION['user'])) {
header("Location:home.php");
}
if(isset($_POST['login'])) {
$user = $_POST['user'];
$pass = $_POST['pass'];
$email = $_POST['email'];
if(empty($user)){
echo "Please enter your username.";}
if(empty($pass)){
echo "Please enter your passoword.";}
if(empty($email)){
echo "Please enter your email.";}
$res=mysql_query("SELECT id, username, password FROM users WHERE email='$email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res);
if( $count == 1 && $row['password']==$pass ) {
$_SESSION['user'] = $row['id'];
session_start();
header("Location: home.php");} else {
echo $user;
echo "<br>";
echo $pass;
echo "<br>";
echo $email;
echo "<br>";
echo $count;
echo "<br>";
echo $row['password'];
echo "<br>";
echo "Incorrect Credentials, Try again...";
}}?>

(sorry for my english)
if you want to use $_SESSION variable in your file, you must write session_start() at the beginning of that file AND before any output (as Koala Yeung said).
somefile.php:
<?php
session_start();
...
//now you can read or edit $_SESSION
$_SESSION['bar'] = "bar";
$foo = $_SESSION['foo'];

PHP header not working on local server

Here is each one of my .php pages. I can get it to register and go onto my local server. However when I go to the login page and actually login it will not redirect to the members page. I am not sure what the issue it. I am pretty new to PHP and the code looks decent. Very simple but I am trying to get this to work. Any help is appreciated. Thanks.
config.php
<?php
$host = "localhost";
$username = "root";
$password = "root";
$db = "motofoto";
//Connect to MySQL Server
$con = mysqli_connect($host,$username,$password,$db) or die("Can not connect to Server.");
?>
Login.php
<?php
session_start();
require "config.php"; //Connection Script, include in every file!
//Check to see if the user is logged in.
if(isset($_SESSION['username'])){
header( "Location: members.php" ); //isset check to see if a variables has been 'set'
}
if(isset($_POST['submit']))
{
//Variables from the table
$user = $_POST['user'];
$pass = $_POST['pass'];
//Prevent MySQL Injections
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysqli_real_escape_string($con, $user);
$pass = mysqli_real_escape_string($con, $pass);
//Check to see if the user left any space empty!
if($user == "" || $pass == "")
{
echo "Please fill in all the information!";
}
//Check to see if the username AND password MATCHES the username AND password in the DB
else
{
$query = mysqli_query($con,"SELECT * FROM members WHERE username = '$user' and password = '$pass'") or die("Can not query DB.");
$count = mysqli_num_rows($query);
if($count == 1){
//YES WE FOUND A MATCH!
#$_SESSION['username'] = $user; //Create a session for the user!
header ("Location: members.php");
}
else{
echo "Username and Password DO NOT MATCH! TRY AGAIN!";
}
}
}
?>
<html>
<table>
<tr>
<form name="register" method="post" action="login.php">
<td>
<table>
<tr>
<td colspan="3"><strong><center>Login </center></strong></td>
</tr>
<tr>
<td>Username</td>
<td>:</td>
<td><input autofocus name="user" type="text" id="user"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" id="pass"></td>
</tr>
<tr>
<td></td>
<td></td>
<td><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<table>
<tr>
<td>Not a Member? Register</td>
</tr>
</table>
</html>
register.php
<?php
session_start(); //Must Start a session.
require "config.php"; //Connection Script, include in every file!
//Check to see if the user is logged in.
//'isset' check to see if a variables has been 'set'
if(isset($_SESSION['username'])){
header("location: members.php");
}
//Check to see if the user click the button
if(isset($_POST['submit']))
{
//Variables from the table
$user = $_POST['user'];
$pass = $_POST['pass'];
$rpass = $_POST['rpass'];
//Prevent MySQL Injections
$user = stripslashes($user);
$pass = stripslashes($pass);
$rpass = stripslashes($rpass);
$user = mysqli_real_escape_string($con, $user);
$pass = mysqli_real_escape_string($con, $pass);
$rpass = mysqli_real_escape_string($con, $rpass);
//Check to see if the user left any space empty!
if($user == "" || $pass == "" || $rpass == "")
{
echo "Please fill in all the information!";
}
else
{
//Check too see if the user's Passwords Matches!
if($pass != $rpass)
{
echo "Passwords do not match! Try Again";
}
//CHECK TO SEE IF THE USERNAME IS TAKEN, IF NOT THEN ADD USERNAME AND PASSWORD INTO THE DB
else
{
//Query the DB
$query = mysqli_query($con,"SELECT * FROM members WHERE username = '$user'") or die("Can not query the TABLE!");
//Count the number of rows. If a row exist, then the username exist!
$row = mysqli_num_rows($query);
if($row == 1)
{
echo "Sorry, but the username is already taken! Try again.";
}
//ADD THE USERNAME TO THE DB
else
{
$add = mysqli_query($con,"INSERT INTO members (id, username, password) VALUES (null, '$user' , '$pass') ") or die("Can't Insert! ");
echo "Successful! <a href='members.php'> Click Here </a> to log In.";
}
}
}
}
?>
<html>
<table width="300" align="center" cellpadding="0" cellspacing="1" border="1px solid black">
<tr>
<form name="register" method="post" action="register.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong><center>Registration</center></strong></t
d>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="user" type="text" id="user"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="pass" type="password" id="pass"></td>
</tr>
<tr>
<td>Repeat Password</td>
<td>:</td>
<td><input name="rpass" type="password" id="rpass"></td>
</tr>
<tr>
<td></td>
<td></td>
<td><input type="submit" name="submit" value="Register"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</html>
members.php
<?php
session_start();
require "config.php";
//Check to see if the user is logged in.
if(isset($_SESSION['username'])){
echo "Hello ".$_SESSION['username'].", you are logged in. <br /> This the member's page! Nothing here :(. <a href='logout.php'>Click Here </a>to log out.";
}
else{
echo "Please <a href='login.php'>Log In </a> to view the content on this page!";
}
?>
logout.php
<?php
session_start();
require "config.php";
session_destroy();
echo "You have successfully logged out. <a href='login.php'> Click here </a> to login!";
?>

1)try to add session close function, this may help as session is possibly not saved yet.
#$_SESSION['username'] = $user; //Create a session for the user!
session_write_close();
header ("Location: members.php");
2) And as Fred mentioned try to debug with php error reporting.
3) Small note: register.php => change link to Login.php not members.php
echo "Successful! <a href='Login.php'> Click Here </a> to log In.";
PS: I tested your script and it worked fine even without session_write_close();

Alternatively you can use following function to redirect through java script. It's not the solution but you can use as alternative.
function redirect($url)
{
echo $data= "<script type='text/javascript'> window.location.href = '".$url."'; </script>";
break;
}

SESSION array does not print there content after page submission

I have a login section in my main page I called this section as a seperated part it contains the following code :
<?php
if($_POST['submit'])
{
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
$password = md5($password);
$users = $GLOBALS['db']->query("SELECT * FROM users WHERE email='$email' AND password='$password'") or $GLOBALS['db']->raise_error(); // Leaving 'raise_error()' blank will create an error message with the SQL
$users_number = $GLOBALS['db']->num_rows($users);
if(!empty($users_number))
{
while($users_sql = $GLOBALS['db']->fetch_array($users))
{
$is_banned = $users_sql['is_banned'];
// To check blocked users
if($is_banned == 1)
{
$_SESSION['login_error_msg'] = "this users is blocked.";
header('Location:./');
}
else
{
$_SESSION['first_name'] = $users_sql['first_name'];
$_SESSION['id'] = $users_sql['id'];
$_SESSION['logged_in'] = 'true';
header('Location:./');
}
}
}
else
{
$_SESSION['login_error_msg'] = "Wrong username or password";
header('Location:./');
}
}
else
{
?>
<table class="fast_login_container">
<tr>
<td>
<form name="login_form" action="./" method="post">
<table class="fast_login" border="0">
<tr>
<colspan="3">
<?php
if($_SESSION['login_error_msg'])
{
echo $_SESSION['login_error_msg'];
}
?>
</td>
</tr>
<tr>
<td>
<input name="email" type="email" placeholder="Kullanıcı adı" />
</td>
<td>
<input name="password" type="password" placeholder="Parola"/>
</td>
<td >
<input name="submit" type="submit" value="Giriş"/>
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php
}
?>
This code create the login form and when the user enters the email and password I check them in the same page in the php part.
My problem If I have a wrong email or password I should show an error message for that I save the error message in a session variable and call it in the html part after redirecting to the main page(where the login form is).
I can not show the error message. I print the session array befor the header('location:./') and after it ; befor it prints the error message after it does not print any thing.
PS: the session_start() is in the header file which I include it as following :
<?php
session_start();
?>
<body>
<table class="body_table" border="1">
<tr><td><?php include_once("include-parts/header_parts.php")?></td></tr>
The login part is in header_parts.php .
what should I edit here to get the error messages???

The problem is php unables to set session just before redirect to other page. You should use session_write_close() before each header("") function. e.g.
$_SESSION['first_name'] = $users_sql['first_name'];
$_SESSION['id'] = $users_sql['id'];
$_SESSION['logged_in'] = 'true';
session_write_close();
header('Location:./');

Login error message in php

I am new to PHP code and here I want to display an error message in login.php if the user entered incorrect userid or password.below I have written two-page code. login.php page submits the username and password to the check.php page. if username and password are correct then it redirects to the xyz.php else to the login page.
login.php //login page
<form name="login" enctype="multipart/form-data" action="checkpage.php" method="post">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<th>Username</th>
<td><input type="text" name="username" value="sandeep" onfocus="this.value=''" class="login-inp" /></td>
</tr>
<tr>
<th>Password</th>
<td><input type="password" name="password" class="login-inp" /></td>
</tr>
<tr>
<th></th>
<td valign="top"><input type="checkbox" class="checkbox-size" id="login-check" /><label for="login-check">Remember me</label></td>
</tr>
<tr>
<th></th>
<td><input type="submit" class="submit-login" /></td>
</tr>
<tr><th></th><td>w want to display error message here..</td></tr>
</table></form>
checkpage.php //connection page
<?php
session_start();
//connecting to db
$username=$_POST['username'];
$pwd=$_POST['password'];
$q="select *from xyz where username='$username' AND password='$pwd'";
$qry=mysql_query($q);
if(mysql_num_rows($qry)>0)
{
$_SESSION['username']=$username;
echo "<script>window.open('xyz.php','_self')</script>";
}
else{
header("location:login.php");
}
?>
the above code work fine but i want to display the error message how could i display the error message. please guide me.

You can set the message to session in your check.php script and then unset immediately after getting it for display (AKA "read once"):
$_SESSION['message'] = 'Your message';
and then (in login.php, where you want the message to be displayed):
if (isset($_SESSION['message']))
{
echo $_SESSION['message'];
unset($_SESSION['message']);
}

Give a space between * and from in query.
$q="select * from xyz where username='$username' AND password='$pwd'";
For error message you can set a flag like error= 1
header("location:login.php?error=1");
and in login.php you can check this flag and display a message like
<?php If(isset($_GET['error']) && $_GET['error'] == 1){ ?>
<h3>Invalid username or password</h3>
<?php } ?>
You can set a session of error and display it in login.php and unset it after displaying.
but donot forget to use session_start in both pages
session_start(); //on top of page
before header code add $_SESSION['error'] = "you message here"
in login.php
<?php if(isset($_SESSION['error'])) {
echo $_SESSION['error'];
}
?>

else {
echo 'invalid username or password';
header("location:login.php");
}

if ($result->num_rows > 0)
{
$result = $result->fetch_assoc();
$_SESSION['id_admin'] = $result['id_admin'];
$_SESSION['email'] = $result['email'];
$_SESSION['name'] = $result['name'];
$_SESSION['surname'] = $result['surname'];
$_SESSION['pass'] = $result['pass'];
header('Location: http://localhost/admin/dashboard.php');
exit();
}
else
{
echo '<div class="alert alert-danger">
Close X
<p><strong>Alerta!</strong></p>
Email or password wrong! Please try again!.
</div>';
}
$conn->close();
}
?>

Use Echo and include it at last thing on your page !!
<?php
//put it in the end of your php code
else {
echo 'your message ';
}
?>

Here is the code that how you can display error messages in your code.
<?php
if(isset($_POST['Username'])){
//session_start();
$username = $_POST['Username'];
$password = $_POST['Password'];
//$r = mysqli_num_rows(mysqli_query($conn,"select * from user where u_nm='".$username."' and password='".$password."'"));
$rs = mysqli_query($conn,"select * from user where Username='".$username."' and Password='".$password."'");
$cnt = mysqli_num_rows($rs);
//echo $username;
//echo $password;
//echo $cnt;
if($cnt >= 1)
{
$_SESSION['username'] = $username;
header("Location:lessons.php");
}
else
{
$msg = "<center><h4>Username or Password are not correct, try again.</center></h4>";
header("Location:login.php?msg=$msg");
}
}
?>

Login doesn't work in 1st attempt on live server

I am new in PHP and I made a simple login page.It works fine on local server but doesn't works on first attempt on live server. After the 1st attempt then does works. I think the problem is in sessions, but I unable to figure out the exact problem. Once again describe in detail (In any Browser after 1st attempt it shows same login page instead of redirect on main.php. then after 2nd attempt it redirects on main.php page and works fine until browser has been running. Next day again it needs 2 attempts when wrong credentials works fine from the 1st attempt but with correct credentials it requires 2 attempt.)
**login.php**
<form action="login.php" method="post" onsubmit="return loginvalidate()" name="loginfrm">
<table width="600" border="0">
<tr>
<td>User Name</td>
<td><input name="txtusername" type="text" maxlength="15" id="txtusername"/></td>
<span id="message"></span>
</tr>
<tr>
<td></td>
<td><span style="color:#FF0000">*</span> Minimum 5 alphanumeric letters (a-z A-Z 0-9)</td></tr>
<tr>
<td>Password</td>
<td><input name="txtpass" type="password" maxlength="7" />
<span style="color:#FF0000">*</span> Minimum 5 alphanumeric letters (a-z A-Z 0-9)</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit"/></td>
</tr>
<tr>
<td>Forget password?</td>
<td>New Register</td>
</tr>
</table>
</form>
<?PHP
session_start();
function login()
{
include ("includes/dbConfig.php");
$uname = $_POST["txtusername"];
$pass = $_POST["txtpass"];
$uname = stripslashes($uname);
$pass = stripslashes($pass);
$uname = mysql_real_escape_string($uname);
$pass = mysql_real_escape_string($pass);
$log = mysql_query("SELECT * FROM logininfo WHERE username = '$uname' and password = '$pass'");
if(mysql_num_rows($log)==1)
{
$_SESSION["username"] = $uname;
//header("location: main.php");
echo ("<script type='text/javascript'>window.location.href='main.php'</script>");
}
else
{
echo "<script type='text/javascript'>alert('Login Fail - Check Username and password')</script>";
}
mysql_close($ms);
}
if(isset($_POST['submit']))
{
login();
}
?>
main.php
<?php
session_start();
$temp = $_SESSION["username"];
echo "$temp";
if (!isset($_SESSION["username"]))
{
header('Location: admin.php');
}
?>

You put session_start(); at top of page but not in login function.use this code.
**login.php**
<?PHP
function login()
{
include ("includes/dbConfig.php");
$uname = $_POST["txtusername"];
$pass = $_POST["txtpass"];
$uname = stripslashes($uname);
$pass = stripslashes($pass);
$uname = mysql_real_escape_string($uname);
$pass = mysql_real_escape_string($pass);
$log = mysql_query("SELECT * FROM logininfo WHERE username = '$uname' and password = '$pass'");
if(mysql_num_rows($log)==1)
{
session_start();
$_SESSION["username"] = $uname;
//header("location: main.php");
echo ("<script type='text/javascript'>window.location.href='main.php'</script>");
}
else
{
echo "<script type='text/javascript'>alert('Login Fail - Check Username and password')</script>";
}
mysql_close($ms);
}
if(isset($_POST['submit']))
{
login();
}
?>