Page 1 of 1

$_SESSION Problems fo Newie and also URL Problem.

Posted: Wed Dec 01, 2004 3:58 am
by mmc01ms
patrikg | Help us, help you. Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Hi guys im new to the world of php however i have produced a login script which is below. What i want the script to do is first of all check if a user exits? Check if they are validated?Check the rank which the user has? The problem is it logins in fine however it bypasses the two checks in my script. My understanding is that we first of all get the info needed out of the database i.e

Code: Select all

$_SESSION['rank'] = $getUserInfo['rank'];
then query it, it is here in the query i believe i have coded it wrong.

Code: Select all

if ($_SESSION['rank'] = '2'){
		Header ("Location: admin.php");
		exit;
	}
Full code is below and any help would be much appriacted? Also once i type in the url for login3.php page it re-directs be to another page 'login.php' which was an earlier attempt not sure why that is any help on that would be appriacted?

Code: Select all

<?PHP
	
	if ((isset($_POST['username'])) && (isset($_POST['password'])))
	{
		
		$db_conn = mysql_connect('localhost', 'mmc01ms', 'Debug+79');
		mysql_select_db('dbfunkymonkey', $db_conn);
		
		//Check to see if they left either the userName field or passWord field empty.
		
		$dbQuery = mysql_query("SELECT * FROM customers WHERE username='".$_POST['username']."'",$db_conn); 
		$getUserInfo = mysql_fetch_array($dbQuery);
		if($_POST['password'] == $getUserInfo['password']) 
		{
			//register some varibles.
			$_SESSION['username'] = $_POST['username'];
			$_SESSION['password'] = $_POST['password'];
			$_SESSION['rank'] = $getUserInfo['rank'];
			$_SESSION['first_name'] = $getUserInfo['first_name'];
			$_SESSION['validated'] = $getUserInfo['validated'];
			$_SESSION['surname'] = $getUserInfo['surname'];
			echo "Welcome, ".$_SESSION['first_name']." ".$_SESSION['surname']." using login name: ".$_SESSION['username']."<br />";
			echo "<a href="index.php?action=logout">Logout</a>";
		}
	}
	
	if ($_SESSION['rank'] = '2'){
		Header ("Location: admin.php");
		exit;
	}
	
	if ($_SESSION['validated'] = 0){
		echo 'You must Validate your account';
		exit;
	}
	
	if ((!isset($_POST['username'])) && (!isset($_POST['password'])))
	{
		echo "You are not currently logged in.<p>
<form name="auth" method="post" action="index.php?action=login">
Username: <input class="textfield" type="text" name="username" size="7"> &nbsp;
Password: <input class="textfield" type="password" name="password" size="7">&nbsp;
<input type="hidden" name="action" value="login">
<input class="button" type="submit" name="Submit" value="Login"> 
<a href="register.php">Register</a>
</form>";
		}
	
	if (action == "logout")
	{
		session_destroy();
		header("Location: login3.php");
		exit;
		break;
	}
	
	
?>
patrikg | Help us, help you. Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Wed Dec 01, 2004 5:25 am
by Maugrim_The_Reaper
Have you initiated a session somewhere? Add session_start(); to the start of the file so the session data is actually stored, and can be passed to other pages.

Posted: Wed Dec 01, 2004 8:28 am
by joedub

Code: Select all

if ($_SESSION&#1111;'rank'] = '2')&#123;
Just skimmed over the code quickly but one problem you have here is in the above example, rather than comparing $_SESSION['rank'] to 2, you are assigning the value of 2 to it.

replace

Code: Select all

if ($_SESSION&#1111;'rank'] = '2')&#123;
with

Code: Select all

if ($_SESSION&#1111;'rank'] == '2')&#123;
== compare

= assign

Posted: Wed Dec 01, 2004 8:32 am
by mmc01ms
thanks i believe that will work however i still get the second error which it doesn't load the login3.php when i type in the url it goes to another script?Not sure why? Script is edited and now is below:

Code: Select all

<?php
	session_start();
	
	if ((isset($_POST['username'])) && (isset($_POST['password'])))
	{
		
		$db_conn = mysql_connect('localhost', 'mmc01ms', 'Debug+79');
		mysql_select_db('dbfunkymonkey', $db_conn);
		
		
		
		$dbQuery = mysql_query("SELECT * FROM customers WHERE username='".$_POST['username']."'",$db_conn); 
		$getUserInfo = mysql_fetch_array($dbQuery);
		if($_POST['password'] == $getUserInfo['password']) 
		{
			
			$HTTP_SESSION_VARS['valid_user'] = $username;
			$_SESSION['username'] = $_POST['username'];
			$_SESSION['password'] = $_POST['password'];
			$_SESSION['rank'] = $getUserInfo['rank'];
			$_SESSION['first_name'] = $getUserInfo['first_name'];
			$_SESSION['validated'] = $getUserInfo['validated'];
			$_SESSION['surname'] = $getUserInfo['surname'];
			echo "Welcome, ".$_SESSION['first_name']." ".$_SESSION['surname']." using login name: ".$_SESSION['username']."<br />";
			echo "<a href="login3.php?action=logout">Logout</a>";
		}
	}
	
	if ($_SESSION['rank'] == '2'){
		Header ("Location: admin.php");
		exit;
	}
	
	if ($_SESSION['validated'] == '0'){
		echo 'You must Validate your account';
		exit;
	}
	
	if ((!isset($_POST['username'])) && (!isset($_POST['password'])))
	{
		echo "<b>&raquo;User Control</b>: You are not currently logged in.<p>
<form name="auth" method="post" action="login3.php?action=login">
Username: <input class="textfield" type="text" name="username" size="7"> &nbsp;
Password: <input class="textfield" type="password" name="password" size="7">&nbsp;
<input type="hidden" name="action" value="login">
<input class="button" type="submit" name="Submit" value="Login"> 
<a href="register.php">Register</a>
</form>";
		}
	
	if (action == "logout")
	{
		session_destroy();
		header("Location: /~php32/login3.php");
		exit;
		break;
	}

Posted: Wed Dec 01, 2004 8:49 am
by []InTeR[]
Please change:
$HTTP_SESSION_VARS['valid_user'] = $username;
Into:
$_SESSION['valid_user'] = $_POST['username'];

What script does it go to?
And did you 'reset' your browser (cookies and stuff, maybe some old info in it)

Posted: Wed Dec 01, 2004 8:55 am
by joedub
The below link looks ok

Code: Select all

echo "<a href="login3.php?action=logout">Logout</a>";
but if your checking for action to == logout to exit this code block, it wont work.

When you pass a variable through the url you can access it through $_GET,

so action == "logout", becomes $_GET['action'] == "logout"

Code: Select all

if (action == "logout")    &#123;       
 session_destroy();        
header("Location: /~php32/login3.php");       
 exit;        
break;    
&#125;

Reply to []InTeR[]

Posted: Wed Dec 01, 2004 12:39 pm
by mmc01ms
It redirects to login.php which is on my server this was an earlier script i tried. i took that off the server and it still tries and find it to no success. There doesn't seem to be a problem with cookies in the browser it's in the code im sure just can't see it. what you reckon?

Posted: Wed Dec 01, 2004 3:00 pm
by mmc01ms
many thanks i'v sorted out some of the major problems just got one more problem which im trying to sort out myself, if i can't i'll post it on the board. cheers

Posted: Wed Dec 01, 2004 3:35 pm
by skehoe
Are all those if statements exclusive? If not, try putting them in order of priority and using elseifs... You may be running into issues with the script producing output and then trying to redirect with the header() (which it can't after output has started), so put the if clauses with header statements before and clauses that produce output.

Hope that helps some.

~Scott

Posted: Wed Dec 01, 2004 7:03 pm
by sakaveli
i think elseifs would stop certain code being bypassed