Hello, dear! There was an unpleasant problem with the database, or with the session itself. The fact is that I am writing a module that checks whether a person is authorized, and if not, the output of the login form.

The code here is the explanation below:

<?php unset($_SESSION['logged_user']); session_start(); require_once('db.php'); $sql_connection = dbConnect(); function LoginForm(){ if(!empty($_POST['user'])){ $sql_get_info = "SELECT `name`, `password`, `group` FROM `users` WHERE `name` = '".$_POST['user']."' "; $data = mysql_query($sql_get_info, $sql_connection) or die; if($data['password'] == $_POST['password']){ $_SESSION['logged_user'] = $_POST['login']; switch($date['group']) { case 10: { $_SESSION['group'] = 10; break; } case 20: { $_SESSION['group'] = 20; break; } default: {echo "Ваши права неопределены. ";} } } else{ echo "Неверный пароль". LoginForm(); } } echo " Авторизуйтесь для продолжения. <br> <form method = 'POST'> <input type = 'text' name = 'user'><br> <input type = 'password' name = 'password'><br> <input type = 'submit'><br> </form>"; die(); } if(!isset($_SESSION['logged_user'])){ LoginForm(); } ?> Успешная авторизация.

Copy to gist: https://gist.github.com/anonymous/0ddda3ff6893f3dd944e

The fact is that in this situation, after calling the function, the 4-5 line with the database connection is "forgotten", and because of this, null was passed to one of the parameters in line 13, because of this there was an error:

Warning: mysql_query () expects parameter 2 to be resource, null given in C: \ Winginx \ home \ manager.loc \ public_html \ protect.php on line 13

As I understand it, it was necessary to add the require_once of the file with the function of connecting to the database + to announce the start of the session in the body of the function so that it sees them:

 unset($_SESSION['logged_user']); session_start(); require_once('db.php'); $sql_connection = dbConnect();

I did it, i.e .:

 function LoginForm(){ unset($_SESSION['logged_user']); session_start(); require_once('db.php'); $sql_connection = dbConnect(); if(!empty($_POST['user'])){...

As a result, after entering the data and sending it - the server began ... to lay down . The page simply fell with a Time-out error, and moreover - then even another page on the server did not start at all, that is, it had to be reloaded. There is nothing in the error logs of the server or PHP.

I use winginx.

Looks like it’s about session and so on.

Regarding the database: With require_once, the function of connecting to the database is fine, I use it on other pages of the service, and here such problems ...

The current code with which the server crashes is:

 <?php unset($_SESSION['logged_user']); session_start(); function LoginForm(){ session_start(); require_once('db.php'); $sql_connection = dbConnect(); if(!empty($_POST['user'])){ $sql_get_info = "SELECT `name`, `password`, `group` FROM `users` WHERE `name` = '".$_POST['user']."' "; $data = mysql_query($sql_get_info, $sql_connection) or die; if($data['password'] == $_POST['password']){ $_SESSION['logged_user'] = $_POST['login']; switch($date['group']) { case 10: { $_SESSION['group'] = 10; break; } case 20: { $_SESSION['group'] = 20; break; } default: {echo "Ваши права неопределены. ";} } } else{ echo "Неверный пароль". LoginForm(); } } echo " Авторизуйтесь для продолжения. <br> <form method = 'POST'> <input type = 'text' name = 'user'><br> <input type = 'password' name = 'password'><br> <input type = 'submit'><br> </form>"; die(); } if(!isset($_SESSION['logged_user'])){ LoginForm(); } ?> Успешная авторизация.

Copy to gist: https://gist.github.com/anonymous/e3bf63abb5fdd06068c8

  • mysql_* outdated extension. Type error_reporting(E_ALL) and ini_set('display_errors', true) at the beginning of the script and restart the script. To check the session, make var_dump($_SESSION) after session_start() . You can still write something before that there for clarity. - Naumov
  • @Naumov, Knocked out: Notice: A session had already been started - ignoring session_start () in C: \ Winginx \ home \ manager.loc \ public_html \ protect.php on line 10 That is, Does it not allow the session to work because the session is declared in the function? Now I will try without it ... UPD: Commented on session_start (); in function - as a result, notice was lost, but the server still lays down (504 Gateway Time-out) - Summer
  • See server logs, most likely due to mysql show phpinfo(); output phpinfo(); - Naumov
  • For the sake of the test, I recorded the number 1 in the session and everything was fine. That is, the matter is in the LoginForm function itself ... - Summer
  • well, firstly session_start() specified at the very beginning of the file, it’s better that there is nothing at all, delete everything above, secondly, there can only be one session_start() . From under the function it just needs to be removed. And why are you doing unset, you will never be authenticated by the user, it will immediately be reset, and the code will be performed on a new one - Vasily Barbashev

1 answer 1

Threw up a small example:

 session_start(); header('Content-Type: text/html; charset=utf-8'); ini_set('display_errors', true); error_reporting(E_ALL); // Your code is here ^_^ if ($_POST) { if ($_POST['action'] == 'Авторизоваться') { // тут должна быть твоя проверка авторизации $_SESSION['isLogin'] = true; } if ($_POST['action'] == 'Выйти') { unset($_SESSION['isLogin']); } } if ($_SESSION && $_SESSION['isLogin']) { echo 'Я авторизованный'; echo ' <form method="post"> <input name="action" type="submit" value="Выйти" /> </form> '; } else { echo ' <form method="post"> <input name="action" type="submit" value="Авторизоваться" /> </form> '; }