Posted: Sat Dec 11, 2004 6:34 am
Sorry. Should of included this.
db_connect.php includes check_login.php, which has the session start shiz.
I'm thinking, if this doesn't work, maybe I could use something on index.php which takes their session username then adds it to a table on a database, then anything in the future which requires their username can take it from the database.... I just dunno how I could make it identify them unless I do it by IP.
Code: Select all
<?php
/* check login script, included in db_connect.php. */
session_start();
if (!isset($_SESSIONї'username']) || !isset($_SESSIONї'password'])) {
$logged_in = 0;
return;
} else {
// remember, $_SESSIONї'password'] will be encrypted.
if(!get_magic_quotes_gpc()) {
$_SESSIONї'username'] = addslashes($_SESSIONї'username']);
}
// addslashes to session username before using in a query.
$pass = $db_object->query("SELECT password FROM users WHERE username = '".$_SESSIONї'username']."'");
if(DB::isError($pass) || $pass->numRows() != 1) {
$logged_in = 0;
unset($_SESSIONї'username']);
unset($_SESSIONї'password']);
// kill incorrect session variables.
}
$db_pass = $pass->fetchRow();
// now we have encrypted pass from DB in
//$db_passї'password'], stripslashes() just incase:
$db_passї'password'] = stripslashes($db_passї'password']);
$_SESSIONї'password'] = stripslashes($_SESSIONї'password']);
//compare:
if($_SESSIONї'password'] == $db_passї'password']) {
// valid password for username
$logged_in = 1; // they have correct info
// in session variables.
} else {
$logged_in = 0;
unset($_SESSIONї'username']);
unset($_SESSIONї'password']);
// kill incorrect session variables.
}
}
// clean up
unset($db_passї'password']);
$_SESSIONї'username'] = stripslashes($_SESSIONї'username']);
?>I'm thinking, if this doesn't work, maybe I could use something on index.php which takes their session username then adds it to a table on a database, then anything in the future which requires their username can take it from the database.... I just dunno how I could make it identify them unless I do it by IP.