Code: Select all
<?php
include "./commonwebloan_db.inc";
$register_script="./register.php";
function auth_user($wu_Username, $wu_Userpassword) {
global $odbc_dsn;
global $odbc_userid;
global $odbc_password;
global $user_tablename;
global $PHP_SELF;
global $wu_FullName;
global $wu_Username;
global $wu_Userpassword;
global $Rate_Class_Id;
$odbc_db=odbc_connect($odbc_dsn, $odbc_userid, $odbc_password);
$query="SELECT wu_FullName, Rate_Class_Id FROM $user_tablename WHERE wu_Username='$wu_Username'
AND wu_Userpassword='$wu_Userpassword'";
if(!($odbc_rs=odbc_do($odbc_db, $query)))
die ("Error executing query $query");
$num_cols=odbc_num_fields($odbc_rs);
if($num_cols < 1) return 0;
else{
$wu_FullName=odbc_result($odbc_rs, 1);
$Rate_Class_Id=odbc_result($odbc_rs, 2);
}
}
function login_form() {
global $PHP_SELF;
global $wu_FullName;
global $wu_Username;
global $wu_Userpassword;
global $Rate_Class_Id;
?>
<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM METHOD="POST" ACTION="<? echo $PHP_SELF ?>">
<DIV ALIGN="CENTER"><CENTER>
<H3>Please log in to access rates editing.</H3>
<TABLE BORDER="1" WIDTH="200" CELLPADDING="2">
<TR>
<TH WIDTH="18%" ALIGN="RIGHT" NOWRAP>UserName</TH>
<TD WIDTH="82%" NOWRAP>
<INPUT TYPE="TEXT" NAME="wu_Username" SIZE="8">
</TD>
</TR>
<TR>
<TH WIDTH="18%" ALIGN="RIGHT" NOWRAP>Password</TH>
<TD WIDTH="82%" NOWRAP>
<INPUT TYPE="PASSWORD" NAME="wu_Userpassword" SIZE="8">
</TD>
</TR>
<TR>
<TD WIDTH="100%" COLSPAN="2" ALIGN="CENTER" NOWRAP>
<INPUT TYPE="SUBMIT" VALUE="LOGIN" NAME="Submit">
</TD>
</TR>
</TABLE>
</CENTER></DIV>
</FORM>
</BODY>
</HTML>
<?
}
session_start();
if(!isset($wu_Username)){
login_form();
exit;
}
else{
$odbc_db=odbc_connect($odbc_dsn, $odbc_userid, $odbc_password);
$query="SELECT wu_FullName, Rate_Class_Id FROM $user_tablename WHERE wu_Username='$wu_Username' AND wu_Userpassword='$wu_Userpassword'";
if(!($odbc_rs=odbc_do($odbc_db, $query)))
die ("Error executing query $query");
$wu_FullName=odbc_result($odbc_rs, 1);
$Rate_Class_Id=odbc_result($odbc_rs, 2);
session_register("wu_Username","wu_Userpassword", "wu_FullName", "Rate_Class_Id");
if(!$wu_FullName){
session_unregister("wu_Username");
session_unregister("wu_Userpassword");
session_unregister("wu_FullName");
session_unregister("Rate_Class_Id");
echo "Authorization failed. " .
"You must enter a valid userid and password combination. " .
"Click on the following link to try again.<BR>\n";
echo "<A HREF="$PHP_SELF">Login</A><BR>";
echo "If you're not a user yet, contact " .
"BS to register.<BR>\n";
exit;
}
else echo "Welcome, $wu_FullName! from $Rate_Class_Id <br>";
echo "<A HREF="logout.php">Log Out</A><BR>";
}
?>After the user logins in successfully and if he attempts to access a page that has the following code at the top they should not be allowed access if their Dept isn't RE but all users are able to access this page regardless of the Dept name. What am I doing wrong?
Code: Select all
<?php
@session_start();
if(session_is_registered("wu_FullName"))
if($Rate_Class_Id=='RE'){
echo "<p>You are logged in as $wu_FullName $Rate_Class_Id.</p>";
echo "<p>Members only content goes here</p>";}
else
{
echo "<p>You are not logged in or you are not a part of the RE department.</p>";
echo "<p>Only logged in RE members may see this page.</p>";
}