$_SESSION Problems fo Newie and also URL Problem.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mmc01ms
Forum Commoner
Posts: 97
Joined: Wed Dec 01, 2004 3:33 am
Location: Nottingham, UK

$_SESSION Problems fo Newie and also URL Problem.

Post by mmc01ms »

patrikg | Help us, help you. Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Hi guys im new to the world of php however i have produced a login script which is below. What i want the script to do is first of all check if a user exits? Check if they are validated?Check the rank which the user has? The problem is it logins in fine however it bypasses the two checks in my script. My understanding is that we first of all get the info needed out of the database i.e

Code: Select all

$_SESSION['rank'] = $getUserInfo['rank'];
then query it, it is here in the query i believe i have coded it wrong.

Code: Select all

if ($_SESSION['rank'] = '2'){
		Header ("Location: admin.php");
		exit;
	}
Full code is below and any help would be much appriacted? Also once i type in the url for login3.php page it re-directs be to another page 'login.php' which was an earlier attempt not sure why that is any help on that would be appriacted?

Code: Select all

<?PHP
	
	if ((isset($_POST['username'])) && (isset($_POST['password'])))
	{
		
		$db_conn = mysql_connect('localhost', 'mmc01ms', 'Debug+79');
		mysql_select_db('dbfunkymonkey', $db_conn);
		
		//Check to see if they left either the userName field or passWord field empty.
		
		$dbQuery = mysql_query("SELECT * FROM customers WHERE username='".$_POST['username']."'",$db_conn); 
		$getUserInfo = mysql_fetch_array($dbQuery);
		if($_POST['password'] == $getUserInfo['password']) 
		{
			//register some varibles.
			$_SESSION['username'] = $_POST['username'];
			$_SESSION['password'] = $_POST['password'];
			$_SESSION['rank'] = $getUserInfo['rank'];
			$_SESSION['first_name'] = $getUserInfo['first_name'];
			$_SESSION['validated'] = $getUserInfo['validated'];
			$_SESSION['surname'] = $getUserInfo['surname'];
			echo "Welcome, ".$_SESSION['first_name']." ".$_SESSION['surname']." using login name: ".$_SESSION['username']."<br />";
			echo "<a href="index.php?action=logout">Logout</a>";
		}
	}
	
	if ($_SESSION['rank'] = '2'){
		Header ("Location: admin.php");
		exit;
	}
	
	if ($_SESSION['validated'] = 0){
		echo 'You must Validate your account';
		exit;
	}
	
	if ((!isset($_POST['username'])) && (!isset($_POST['password'])))
	{
		echo "You are not currently logged in.<p>
<form name="auth" method="post" action="index.php?action=login">
Username: <input class="textfield" type="text" name="username" size="7"> &nbsp;
Password: <input class="textfield" type="password" name="password" size="7">&nbsp;
<input type="hidden" name="action" value="login">
<input class="button" type="submit" name="Submit" value="Login"> 
<a href="register.php">Register</a>
</form>";
		}
	
	if (action == "logout")
	{
		session_destroy();
		header("Location: login3.php");
		exit;
		break;
	}
	
	
?>
patrikg | Help us, help you. Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Have you initiated a session somewhere? Add session_start(); to the start of the file so the session data is actually stored, and can be passed to other pages.
joedub
Forum Newbie
Posts: 3
Joined: Wed Dec 01, 2004 8:21 am

Post by joedub »

Code: Select all

if ($_SESSION&#1111;'rank'] = '2')&#123;
Just skimmed over the code quickly but one problem you have here is in the above example, rather than comparing $_SESSION['rank'] to 2, you are assigning the value of 2 to it.

replace

Code: Select all

if ($_SESSION&#1111;'rank'] = '2')&#123;
with

Code: Select all

if ($_SESSION&#1111;'rank'] == '2')&#123;
== compare

= assign
mmc01ms
Forum Commoner
Posts: 97
Joined: Wed Dec 01, 2004 3:33 am
Location: Nottingham, UK

Post by mmc01ms »

thanks i believe that will work however i still get the second error which it doesn't load the login3.php when i type in the url it goes to another script?Not sure why? Script is edited and now is below:

Code: Select all

<?php
	session_start();
	
	if ((isset($_POST['username'])) && (isset($_POST['password'])))
	{
		
		$db_conn = mysql_connect('localhost', 'mmc01ms', 'Debug+79');
		mysql_select_db('dbfunkymonkey', $db_conn);
		
		
		
		$dbQuery = mysql_query("SELECT * FROM customers WHERE username='".$_POST['username']."'",$db_conn); 
		$getUserInfo = mysql_fetch_array($dbQuery);
		if($_POST['password'] == $getUserInfo['password']) 
		{
			
			$HTTP_SESSION_VARS['valid_user'] = $username;
			$_SESSION['username'] = $_POST['username'];
			$_SESSION['password'] = $_POST['password'];
			$_SESSION['rank'] = $getUserInfo['rank'];
			$_SESSION['first_name'] = $getUserInfo['first_name'];
			$_SESSION['validated'] = $getUserInfo['validated'];
			$_SESSION['surname'] = $getUserInfo['surname'];
			echo "Welcome, ".$_SESSION['first_name']." ".$_SESSION['surname']." using login name: ".$_SESSION['username']."<br />";
			echo "<a href="login3.php?action=logout">Logout</a>";
		}
	}
	
	if ($_SESSION['rank'] == '2'){
		Header ("Location: admin.php");
		exit;
	}
	
	if ($_SESSION['validated'] == '0'){
		echo 'You must Validate your account';
		exit;
	}
	
	if ((!isset($_POST['username'])) && (!isset($_POST['password'])))
	{
		echo "<b>&raquo;User Control</b>: You are not currently logged in.<p>
<form name="auth" method="post" action="login3.php?action=login">
Username: <input class="textfield" type="text" name="username" size="7"> &nbsp;
Password: <input class="textfield" type="password" name="password" size="7">&nbsp;
<input type="hidden" name="action" value="login">
<input class="button" type="submit" name="Submit" value="Login"> 
<a href="register.php">Register</a>
</form>";
		}
	
	if (action == "logout")
	{
		session_destroy();
		header("Location: /~php32/login3.php");
		exit;
		break;
	}
[]InTeR[]
Forum Regular
Posts: 416
Joined: Thu Apr 24, 2003 6:51 am
Location: The Netherlands

Post by []InTeR[] »

Please change:
$HTTP_SESSION_VARS['valid_user'] = $username;
Into:
$_SESSION['valid_user'] = $_POST['username'];

What script does it go to?
And did you 'reset' your browser (cookies and stuff, maybe some old info in it)
joedub
Forum Newbie
Posts: 3
Joined: Wed Dec 01, 2004 8:21 am

Post by joedub »

The below link looks ok

Code: Select all

echo "<a href="login3.php?action=logout">Logout</a>";
but if your checking for action to == logout to exit this code block, it wont work.

When you pass a variable through the url you can access it through $_GET,

so action == "logout", becomes $_GET['action'] == "logout"

Code: Select all

if (action == "logout")    &#123;       
 session_destroy();        
header("Location: /~php32/login3.php");       
 exit;        
break;    
&#125;
mmc01ms
Forum Commoner
Posts: 97
Joined: Wed Dec 01, 2004 3:33 am
Location: Nottingham, UK

Reply to []InTeR[]

Post by mmc01ms »

It redirects to login.php which is on my server this was an earlier script i tried. i took that off the server and it still tries and find it to no success. There doesn't seem to be a problem with cookies in the browser it's in the code im sure just can't see it. what you reckon?
mmc01ms
Forum Commoner
Posts: 97
Joined: Wed Dec 01, 2004 3:33 am
Location: Nottingham, UK

Post by mmc01ms »

many thanks i'v sorted out some of the major problems just got one more problem which im trying to sort out myself, if i can't i'll post it on the board. cheers
User avatar
skehoe
Forum Commoner
Posts: 59
Joined: Sun Dec 22, 2002 5:57 am
Location: Denver

Post by skehoe »

Are all those if statements exclusive? If not, try putting them in order of priority and using elseifs... You may be running into issues with the script producing output and then trying to redirect with the header() (which it can't after output has started), so put the if clauses with header statements before and clauses that produce output.

Hope that helps some.

~Scott
User avatar
sakaveli
Forum Commoner
Posts: 60
Joined: Tue Apr 06, 2004 9:42 am

Post by sakaveli »

i think elseifs would stop certain code being bypassed
Post Reply