sessions and login

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
augur
Forum Newbie
Posts: 5
Joined: Tue Jun 21, 2005 2:33 pm

sessions and login

Post by augur »

i'm having some trouble with the following code.
wenn you go to the index.php page, it checks if the session variable is made, and if it is the correct value(if so, proceed with the rest of the code).
the problem comes wenn i try to push an other link, and it reloads the page(session data should be intact), then it ask's me for my username and passcode again(i've marked the button in the code with this tag <!-- wenn i click this button -->) i've been pondering at this for a few days now, hoping someone here can give me a hand.
and, please, don't mind the coment lines(there in dutch), and also, i know this code is a bit sloppy. :)

update
this is how the script works:
you go to a page with the security check in place
it check's if the session varialbe ses_obj_evt is set, and if it is 4, if not, display the login and kill the code
if so, then continue displaying the code for the page



this is the login script, used for ... geuss what ... logging in
login_ses.php

Code: Select all

<?php
session_start();
require_once('db_func.php');

//kijken of je wilt uitlogen
if ($_REQUEST['logout'] == 1) session_unset(); session_destroy();

//begin user and passcode verification
if ($_REQUEST['name'] || $_REQUEST['passcode']){
	
	define("check", true);
	
	if (!$_REQUEST['name']){ $obj_evt = 1; $_SESSION['ses_obj_evt'] = $obj_evt; } else { $_name = $_REQUEST['name']; }
	if (!$_REQUEST['passcode']){ $obj_evt = 11; $_SESSION['ses_obj_evt'] = $obj_evt; } else { $_passcode = md5($_REQUEST['passcode']); }
		
	$sql = "select usr_passcode from users where usr_name=\"". $_name ."\"";
	$que = mysql_query($sql);
	$handler =  mysql_fetch_assoc( mysql_query($sql) );

	if (!$handler){
			//als de query geen goed resultaat oplevert(user bestaat dus niet)
			$obj_evt = 2;
			$_SESSION['ses_obj_evt'] = $obj_evt;
		} elseif ($handler['usr_passcode'] != $_passcode) {
			//als de wachtwoorden niet overeen komen
			$obj_evt = 3;
			$_SESSION['ses_obj_evt'] = $obj_evt;
		} elseif ($handler['usr_passcode'] == $_passcode) {
			//als alle gegevens klopen, zorg er dan voor dat alle variablen goed worden opgenomen in de sessie
			$obj_evt = 4;
			//sessie variable
			$_SESSION['ses_obj_evt'] = $obj_evt;
			$_SESSION['ses_sub_usr'] = $_name;
			$_SESSION['ses_sub_pc'] = $_passcode;
			return;	
		} //end of second	
} //end of first


//als er geen login is geweest, zo ja, als er fouten zijn geweest(allen waarde 4 is goed, laat hem dan zien
if ( $obj_evt != 4 || !isset($obj_evt) ) {
	print "<tr>\n<td>\n";
	if ($obj_evt == 1) print "User name verkeerd!<br>\n";
	if ($obj_evt == 11) print "Passcode verkeerd!<br>\n";
	if ($obj_evt == 2) print "User name verkeerd!<br>\n";
	if ($obj_evt == 3) print "passcode verkeerd!<br>\n";
	if ($obj_evt == 0) print "u kunt nu inlogen<br><br>\n";

	print "<form name=\"login_page\" method=\"post\" action=\"". $_SERVER['PHP_SELF'] ."\">\n";
	print "<table class=\"login\">\n";
	print "\t<tr>\n\t\t<td>\n";
	print "\t\t\t\t<table class=\"login\">\n";
	print "\t\t\t\t\t<tr>\n";
	print "\t\t\t\t\t\t<td>User name:</td>\n\t\t\t\t\t\t<td><input type=\"text\" name=\"name\"></td>\n";
	print "\t\t\t\t</tr>\n";
	print "\t\t\t\t<tr>\n";
	print "\t\t\t\t\t<td>Pass code:</td>\n\t\t\t\t\t\t<td><input type=\"password\" name=\"passcode\"></td>\n";
	print "\t\t\t\t</tr>\n";
	print "\t\t\t\t<tr width=100%>\n";
	print "\t\t\t\t\t<td align=right colspan=2><input type=\"submit\" value=\"hit meh!\"></td>\n";
	print "\t\t\t\t</tr>\n";
	print "\t\t\t</table>\n";
	print "\t\t</td>\n";
	print "\t\t<td><a href=\"forpas.php\"><img src=\"./system/img/forgot.gif\" border=0></a><br></td>\n";
	print "\t</tr>\n";
	print "</table>\n";
	print "</td>\n</tr>\n";
}
?>
this is the test page i'm using
index.php

Code: Select all

<?php
session_start();
require_once('db_func.php');
print "<html>\n";
print "<head>\n";
print "<title>Personal Page // Data Annex</title>\n";
print "<link href=\"annex.css\" rel=\"stylesheet\" type=\"text/css\">";
print "<link href=\"./system/css/todo.css\" rel=\"stylesheet\" type=\"text/css\">";
print "</head>\n";
print "<body alink=\"#302f37\" vlink=\"302f37\">\n";
print "<table class=\"main\" cellspacing=0 cellpadding=0>\n";
print "<tr>\n";
print "<td><img src=\"./system/img/mainbanner.jpg\"><br></td>\n";
print "</tr>\n";
require('login_ses.php');
$db->checklogin();

include_once('menu.php');
print "<tr>\n\r<td>\n";
?>

<table border=1 width=900>
<tr>
	<td>
		<?php 
	$cbgcolor = "F9F9F9";

//ToDo ACTions
switch ($_GET['tdact']){
case 1;
	$id = $_GET['id'];
	$done = $_GET['done'];
	$que = mysql_query("update todo set done=$done where id=$id");
	if (!$que)	print "MHAE<br>\n". mysql_error();
	break;
case 2;
	print "<form method=\"get\" action=\"". $_SERVER['PHP_SELF'] ."\">\n";
	print "<input type=\"text\" name=\"f_name\">\n";
	print "<input type=\"hidden\" name=\"tdact\" value=\"5\">\n";
	print "<input type=\"submit\" value=\"hit it!!\">\n";
	print "</form>\n";
	break;	
case 3;
	$id = $_GET['id'];
	$query = mysql_query("delete from todo where id=$id");
	if (!$query) print "MHEA<br>\n". mysql_error();
	break;
case 4;
	$id = $_GET['id'];
case 5;
	$name = $_GET['f_name'];
	if (!empty($name)) {
		$sql = "insert into todo (name) values (\"$name\")";
		if (!mysql_query($sql)) print "MHAE: \n". mysql_error();
	}
};

//toolbar
print "<table class=\"buttons\" border=\"0\">";
print "\t<tr>\n";
print "\t\t<td>\n";
<!-- wenn i click this button -->
print "\t\t\t<a href=\"". $_SERVER['PHP_SELF'] ."?tdact=2\"><img src=\"./system/img/todo/btnnew.gif\" border=\"0\"></a>\n";
print "\t\t<td>\n";
print "\t<tr>\n";
print "\t<tr>\n";
print "</table>";

//todo list
print "<table border=\"0\">";
print "\t<tr>\n";
print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n<b>Item</b>\n\t\t</td>\n";
print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n<b>Status</b>\n\t\t</td>\n";
print "\t</td>\n";
$query = mysql_query("select * from todo");
$handler = mysql_fetch_assoc($query);
while ($handler = mysql_fetch_assoc($query)){
		if ($cbgcolor == "F9F9F9"){
			$cbgcolor = "FFFFFF";
		} elseif ($cbgcolor == "FFFFFF") {
			$cbgcolor = "F9F9F9";
		}
	print "\t<tr>\n";
	print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n";
	print "\t\t\t". $handler['name'] ."\n";
	print "\t\t</td>\n";
	print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n";
	if ($handler['done'] == 1){ 
		print "<a href=\"". $_SERVER['PHP_SELF'] ."?tdact=1&id=". $handler['ID'] ."&done=0\"><img src=\"./system/img/todo/btndone.gif\" heigt=\"16\" width=\"19\" border=\"0\"></a>"; 
	} else { 
		print "<a href=\"". $_SERVER['PHP_SELF'] ."?tdact=1&id=". $handler['ID'] ."&done=1\"><img src=\"./system/img/todo/btndel.gif\" border=\"0\"></a>"; 
	};
	print "\t\t</td>\n";
	print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n";
	print "\t\t\t<a href=\"". $_SERVER['PHP_SELF'] ."?tdact=3&id=". $handler['ID'] ."\"><img src=\"./system/img/todo/del.jpg\" border=\"0\"></a>\n";
	print "\t\t</td>\n";
	print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n";
	print "<a href=\"". $_SERVER['PHP_SELF'] ."?tdact=4&id=". $handler['ID'] ."&name=". $handler['name'] ."\"><img src=\"./system/img/todo/btnedit.gif\" border=\"0\"></a>\n";
	print "\t\t</td>\n";
	print "\t</tr>\n";
};
print "</table>\n";
//end todo list
		print $_SESSION["ses_obj_evt"]."<br>\n";
		?>
	</td>
</tr>

</table>

<?php
print "\t</td>\n</tr>\n";
print "<tr colspan=100%>\n<td>\n";
include_once('footer.html');
print "</td>\n</tr>\n";
print "</table>\n";
print "</body></html>\n";
?>
this is a old database class i wrote a little while ago, i use it in almost all of my current projects
db_func.php

Code: Select all

<?php
class database {
	//declare properties 
	var		$server		= "";
	var		$user		= "";
	var		$passcode	= "";
	var		$database	= "";
	var		$table 		= "";
	var		$handler	= "";
	var		$query		= "";
	
	//declare construct
	function database($server, $user, $passcode, $database){
		$this->connect($server, $user, $passcode, $database);
	}

	//declare functions	
	function connect($server = "", $user ="", $passcode = "", $database = ""){
		if ($server) $this->server = $server;
		if ($user) $this->user = $user;
		if ($passcode) $this->passcode = $passcode;
		if ($database) $this->database = $database;
		$this->handler = mysql_connect($this->server, $this->user, $this->passcode);
		mysql_select_db($this->database, $this->handler);
	}

	function disconnect(){
		mysql_close($this->handler);
	}
	

	function query($sql) {
	  if (!($this->query = @mysql_query($sql, $this->handler))) {
	  	print "<P><B>MHAE</B><i>MySQL Had Another Error</i><BR>Query: <CODE>$sql</CODE><BR>Fout: <CODE>" . mysql_error() . "</code></p>\r\n";
			/*print mysql_error();
			print "</CODE></P>\r\n";*/
	   }
	}
	
	function checklogin(){
		//if (!isset($_SESSION['ses_obj_evt'])) die("ses_obj_evt is nog set!");
	  if ($_SESSION['ses_obj_evt'] != 4) die("ses_obj_evt is not set and not 4!");
		if (!defined("check")) die("check is nog definned!");
	}
	
	function menuitem($src, $name){
		if ($src != "" && $name != ""){
			print "<td class=\"mnuitm\"><a href=\"". $src ."\"><font> | ". $name ."</font></a></td>\n";
		}
	}
};

$db = new database('******', '********', '******', '*********');
?>
[/i]
augur
Forum Newbie
Posts: 5
Joined: Tue Jun 21, 2005 2:33 pm

Post by augur »

ok .. for people actually wondering with what went wrong with this piece of code:

Code: Select all

<?php
session_start();
require_once('db_func.php');

//kijken of je wilt uitlogen
if ($_REQUEST['logout'] == 1) session_unset(); session_destroy();
you see that ... an if-statment without brackets.
it shoud be

Code: Select all

if ($REQUEST['logout'] == 1) [b]{[/b] session_inset(); session_destroy(); [b]}[/b]
and in the handler was being submited twice in the todo section, meaning that you will miss 1 result(which one deponds on how you sort it in your query).
Post Reply