login script check/verify user logged in problem
Posted: Thu Jul 30, 2009 11:18 am
Hi I've just got some problem here with a login script that i've adapted from the net
there are two files login.php :-
<?php
// Connects to your Database
mysql_connect("localhost", "spacefarm_user1", "fogarty") or die(mysql_error());
mysql_select_db("spacefarm_db1") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: psp_new_login.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
session_start();
$_SESSION["OK"]=1;
//then redirect them to the members area
header("Location: psp_new.php");
}
}
}
else
{
header("Location: psp_new_login.php");
}
// if they are not logged in
?>
and check.php :-
<?php
//if(!defined("SESSIONSTARTED")){
//session_start();
//} ///**so I've slimmed this part down to remove the error but still wont work
//Check if the user has been logged in ///Problem is here SESSION variable reads false when it should be true user having logged in
if(!isset($_SESSION["OK"]) || $_SESSION["OK"] == false){
//If he hasn't, send him back to the homepage
echo "<meta http-equiv='refresh' content='3;URL=psp_new_login.php'/>Please log in";
die;
}
//Tell your program the session has been started. This will prevent some useless error messages
define("SESSIONSTARTED", 1);
?>
so that the login page is a simple form that works ok but the check script that runs on a require from the members page just refers you back to the login page seems that there is a problem with the session variable $_SESSION["OK"] not being set I've tried using the cookies but that doesnt work to exclude anyone. Is this something to do with session_start(); not running correctly. If I use session_start() in the check script it delivers an error:-
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/vndv.com/s/p/a/spacefarm/htdocs/psp_new.php:8) in /www/vndv.com/s/p/a/spacefarm/htdocs/check.php on line 4
That is because I assume the session already started in the login script. So I removed the session_start() from the check script and it just refers you back to the login. If you can help and understand what I mean here I would be gratefull.
there are two files login.php :-
<?php
// Connects to your Database
mysql_connect("localhost", "spacefarm_user1", "fogarty") or die(mysql_error());
mysql_select_db("spacefarm_db1") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: psp_new_login.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
session_start();
$_SESSION["OK"]=1;
//then redirect them to the members area
header("Location: psp_new.php");
}
}
}
else
{
header("Location: psp_new_login.php");
}
// if they are not logged in
?>
and check.php :-
<?php
//if(!defined("SESSIONSTARTED")){
//session_start();
//} ///**so I've slimmed this part down to remove the error but still wont work
//Check if the user has been logged in ///Problem is here SESSION variable reads false when it should be true user having logged in
if(!isset($_SESSION["OK"]) || $_SESSION["OK"] == false){
//If he hasn't, send him back to the homepage
echo "<meta http-equiv='refresh' content='3;URL=psp_new_login.php'/>Please log in";
die;
}
//Tell your program the session has been started. This will prevent some useless error messages
define("SESSIONSTARTED", 1);
?>
so that the login page is a simple form that works ok but the check script that runs on a require from the members page just refers you back to the login page seems that there is a problem with the session variable $_SESSION["OK"] not being set I've tried using the cookies but that doesnt work to exclude anyone. Is this something to do with session_start(); not running correctly. If I use session_start() in the check script it delivers an error:-
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/vndv.com/s/p/a/spacefarm/htdocs/psp_new.php:8) in /www/vndv.com/s/p/a/spacefarm/htdocs/check.php on line 4
That is because I assume the session already started in the login script. So I removed the session_start() from the check script and it just refers you back to the login. If you can help and understand what I mean here I would be gratefull.