i did this code :
file index.php:
<?php
if (isset($_POST['valider']))
{ if (!isset($_SESSION)) { session_start(); }
require("function.php");
$email = mysql_escape_string($_POST['email']);
$password = mysql_escape_string($_POST['password']);
if(!VerifierAdresseMail($email)){?>
<script>alert('invalid mail');</script>
<?php
}
else{
if(!authentification($email,$password))
{?>
<script>alert('logging failed');</script>
<?php
}
else{
header('Location: choice.php');
}}
}
?>
In function.php:
<?php
function VerifierAdresseMail($adresse)
{
$Syntaxe='#^[\w.-]+@[\w.-]+\.[a-zA-Z]{2,6}$#';
if(preg_match($Syntaxe,$adresse))
return true;
else
return false;
}
function statistics($id){
$HOST_DB ="localhost";
$NAME_DB="makempf3_captcha";
$USER_DB ="root";
$PWD_DB="";
$connect = mysql_connect($HOST_DB,$USER_DB,$PWD_DB);
$db=mysql_select_db($NAME_DB);
?><script>alert(<?php echo $cle ?>);</script><?php
$Log_query=mysql_query(
"
SELECT *
FROM tbl_captcha
WHERE user_id ='$id'
") or die(mysql_error());
$_SESSION['success'] =0;
$_SESSION['fail'] =0;
if ($Log_query == true && mysql_num_rows($Log_query) >0) {
?><script>alert('heni');</script><?php
while ($Res_user = mysql_fetch_array($Log_query) ) {
$_SESSION['success'] += $Res_user['success'];
$_SESSION['fail'] += $Res_user['fail'];
}
}
}
function authentification($mail,$pwd_U){
$HOST_DB ="localhost";
$NAME_DB="makempf3_captcha";
$USER_DB ="root";
$PWD_DB="";
$connect = mysql_connect($HOST_DB,$USER_DB,$PWD_DB);
$db=mysql_select_db($NAME_DB);
$Log_query=mysql_query(
"
SELECT *
FROM tbl_user
WHERE email ='$mail'
AND user_pass ='$pwd_U'
") or die(mysql_error());
if ($Log_query == true && mysql_num_rows($Log_query) >0) {
$Res = array();
while ($Res_user = mysql_fetch_array($Log_query) ) {
$_SESSION['mail'] = $mail;
$_SESSION['pwd'] = $pwd_U;
$_SESSION['id'] = $Res_user['id'];
}
return true;
}
else return false;
}
?>
when i verify $_SESSION[‘id’] in choice.php, it is null, but in index.php (before redirection) it has a value. i don’t understand why i lost this session variable
Your
isset()check isn’t sufficient, because it would only be executed if$_SESSIONis NULL, and it will never be – it’s an empty array instead and it always exists, even before you callsession_start().