Page 1 of 1

Login Script Help

Posted: Fri Jul 29, 2005 9:27 am
by Magicman0022
I am very new too php and am just experimentting with a very simple php login script.

The code is below.

I dont understand what code to put at the top of each secure webpage to make sure that the session is still logged in.

I'm pretty sure that this should be very simple. With my code below could anyone please write out the short code I need to place on the top of each of my secure pages.





<?php

import_request_variables ("PCG");

if (empty($Surname) || empty($Password))
{
header("Location: http://project.cs.cf.ac.uk/A.Rabindran/StudentErr.html");
}
else
{

//open database connection
$connection = mysql_connect("xxxxxxxxxxxxx,xxxxxxxxx,xxxxxxx") or die ("Error Connecting
to the database.");

//select the database
mysql_select_db("ar1?db", $connection) or die ("Failed!");

$result = mysql_query("select * from Student where Surname='$Surname' AND Password='$Password'",$connection);




//check that at least one row has been returned.
$Checkrow = mysql_num_rows($result);
if($Checkrow > 0)
{
while($row = mysql_fetch_array($result))
{
//start session
session_start();
session_register('Surname');

header("Location: http://project.cs.cf.ac.uk/A.Rabindran/Form1.php");
}
}
else
{
//Invalid Password or User ID: Return to Login Page
header("Location: http://project.cs.cf.ac.uk/A.Rabindran/StudentErr.html");
}


}

php?>




I hope this is enough infomation.

Posted: Fri Jul 29, 2005 10:21 am
by Burrito
use [ php ] tags when posting code in the forum.

you just need to include your session() information at the top of every page that you want to include the session variables in.

**Note: this does not mean that you are "securing" the information.

Posted: Fri Jul 29, 2005 10:52 am
by pickle
Couple things: First, you are declaring a session variable, but not assigning it a value. That will be somewhat easy to spoof unless you have a value that you have to double check, in there.

Also, you are using an old (though still valid) way of assigning stuff to sessions. Another, easier, way is:

Code: Select all

session_start();
$_SESSION['Surname'] = '';
Finally, to answer the question you actually asked :wink: , put some code at the top of your page that checkss the session variables. All you're currently doing is creating a session variable 'Surname', so to check for that:

Code: Select all

session_start();
if(isset($_SESSION['Surname']))
{
  $session_active = true;
}
else
{
  $session_active = false;
}
// or a leaner version...
$session_active = (isset($_SESSION['Surname'])) ? true : false;

Tried to implement what you said but it didn't work... Help

Posted: Fri Jul 29, 2005 11:15 am
by Magicman0022
Thanx for the pointers,

I took on your advice and constructed this set of code. Unfortunatly It stilldoesn't work. When the page executes the session is not recognised and gets forced to my StudentErr1 page.

I cant seem to pass over the session correctly because if I register the session in the code below it all works hunky dory.

I guess this is all trivial stuff to you guys... but if you could help me to get this to work it would be most appreciated

Code: Select all

<?php 
//start the session 
session_start(); 
//session_register('Surname'); 

//check to make sure that session variable is registered 
if(isset($_SESSION['Surname'])) 
{ 
$session_active = true; 
} 
else 
{ 
//session variable is not registered therfore send them back to the login page. 
$session_active = false; 
header("Location: http://project.cs.cf.ac.uk/A.Rabindran/StudentErr1.html"); 
} 
php?>
Please help

Posted: Fri Jul 29, 2005 11:20 am
by Burrito
to be totally honest, I don't use session_register rather I just set my session vars (not sure the difference actually, they both seem "global" to me).

Code: Select all

$_SESSION['Surname'] = $row['Surname'];
you could try printing out the array to see what is being set on your login page:

Code: Select all

print_r($_SESSION);