wenn you go to the index.php page, it checks if the session variable is made, and if it is the correct value(if so, proceed with the rest of the code).
the problem comes wenn i try to push an other link, and it reloads the page(session data should be intact), then it ask's me for my username and passcode again(i've marked the button in the code with this tag <!-- wenn i click this button -->) i've been pondering at this for a few days now, hoping someone here can give me a hand.
and, please, don't mind the coment lines(there in dutch), and also, i know this code is a bit sloppy.
update
this is how the script works:
you go to a page with the security check in place
it check's if the session varialbe ses_obj_evt is set, and if it is 4, if not, display the login and kill the code
if so, then continue displaying the code for the page
this is the login script, used for ... geuss what ... logging in
login_ses.php
Code: Select all
<?php
session_start();
require_once('db_func.php');
//kijken of je wilt uitlogen
if ($_REQUEST['logout'] == 1) session_unset(); session_destroy();
//begin user and passcode verification
if ($_REQUEST['name'] || $_REQUEST['passcode']){
define("check", true);
if (!$_REQUEST['name']){ $obj_evt = 1; $_SESSION['ses_obj_evt'] = $obj_evt; } else { $_name = $_REQUEST['name']; }
if (!$_REQUEST['passcode']){ $obj_evt = 11; $_SESSION['ses_obj_evt'] = $obj_evt; } else { $_passcode = md5($_REQUEST['passcode']); }
$sql = "select usr_passcode from users where usr_name=\"". $_name ."\"";
$que = mysql_query($sql);
$handler = mysql_fetch_assoc( mysql_query($sql) );
if (!$handler){
//als de query geen goed resultaat oplevert(user bestaat dus niet)
$obj_evt = 2;
$_SESSION['ses_obj_evt'] = $obj_evt;
} elseif ($handler['usr_passcode'] != $_passcode) {
//als de wachtwoorden niet overeen komen
$obj_evt = 3;
$_SESSION['ses_obj_evt'] = $obj_evt;
} elseif ($handler['usr_passcode'] == $_passcode) {
//als alle gegevens klopen, zorg er dan voor dat alle variablen goed worden opgenomen in de sessie
$obj_evt = 4;
//sessie variable
$_SESSION['ses_obj_evt'] = $obj_evt;
$_SESSION['ses_sub_usr'] = $_name;
$_SESSION['ses_sub_pc'] = $_passcode;
return;
} //end of second
} //end of first
//als er geen login is geweest, zo ja, als er fouten zijn geweest(allen waarde 4 is goed, laat hem dan zien
if ( $obj_evt != 4 || !isset($obj_evt) ) {
print "<tr>\n<td>\n";
if ($obj_evt == 1) print "User name verkeerd!<br>\n";
if ($obj_evt == 11) print "Passcode verkeerd!<br>\n";
if ($obj_evt == 2) print "User name verkeerd!<br>\n";
if ($obj_evt == 3) print "passcode verkeerd!<br>\n";
if ($obj_evt == 0) print "u kunt nu inlogen<br><br>\n";
print "<form name=\"login_page\" method=\"post\" action=\"". $_SERVER['PHP_SELF'] ."\">\n";
print "<table class=\"login\">\n";
print "\t<tr>\n\t\t<td>\n";
print "\t\t\t\t<table class=\"login\">\n";
print "\t\t\t\t\t<tr>\n";
print "\t\t\t\t\t\t<td>User name:</td>\n\t\t\t\t\t\t<td><input type=\"text\" name=\"name\"></td>\n";
print "\t\t\t\t</tr>\n";
print "\t\t\t\t<tr>\n";
print "\t\t\t\t\t<td>Pass code:</td>\n\t\t\t\t\t\t<td><input type=\"password\" name=\"passcode\"></td>\n";
print "\t\t\t\t</tr>\n";
print "\t\t\t\t<tr width=100%>\n";
print "\t\t\t\t\t<td align=right colspan=2><input type=\"submit\" value=\"hit meh!\"></td>\n";
print "\t\t\t\t</tr>\n";
print "\t\t\t</table>\n";
print "\t\t</td>\n";
print "\t\t<td><a href=\"forpas.php\"><img src=\"./system/img/forgot.gif\" border=0></a><br></td>\n";
print "\t</tr>\n";
print "</table>\n";
print "</td>\n</tr>\n";
}
?>index.php
Code: Select all
<?php
session_start();
require_once('db_func.php');
print "<html>\n";
print "<head>\n";
print "<title>Personal Page // Data Annex</title>\n";
print "<link href=\"annex.css\" rel=\"stylesheet\" type=\"text/css\">";
print "<link href=\"./system/css/todo.css\" rel=\"stylesheet\" type=\"text/css\">";
print "</head>\n";
print "<body alink=\"#302f37\" vlink=\"302f37\">\n";
print "<table class=\"main\" cellspacing=0 cellpadding=0>\n";
print "<tr>\n";
print "<td><img src=\"./system/img/mainbanner.jpg\"><br></td>\n";
print "</tr>\n";
require('login_ses.php');
$db->checklogin();
include_once('menu.php');
print "<tr>\n\r<td>\n";
?>
<table border=1 width=900>
<tr>
<td>
<?php
$cbgcolor = "F9F9F9";
//ToDo ACTions
switch ($_GET['tdact']){
case 1;
$id = $_GET['id'];
$done = $_GET['done'];
$que = mysql_query("update todo set done=$done where id=$id");
if (!$que) print "MHAE<br>\n". mysql_error();
break;
case 2;
print "<form method=\"get\" action=\"". $_SERVER['PHP_SELF'] ."\">\n";
print "<input type=\"text\" name=\"f_name\">\n";
print "<input type=\"hidden\" name=\"tdact\" value=\"5\">\n";
print "<input type=\"submit\" value=\"hit it!!\">\n";
print "</form>\n";
break;
case 3;
$id = $_GET['id'];
$query = mysql_query("delete from todo where id=$id");
if (!$query) print "MHEA<br>\n". mysql_error();
break;
case 4;
$id = $_GET['id'];
case 5;
$name = $_GET['f_name'];
if (!empty($name)) {
$sql = "insert into todo (name) values (\"$name\")";
if (!mysql_query($sql)) print "MHAE: \n". mysql_error();
}
};
//toolbar
print "<table class=\"buttons\" border=\"0\">";
print "\t<tr>\n";
print "\t\t<td>\n";
<!-- wenn i click this button -->
print "\t\t\t<a href=\"". $_SERVER['PHP_SELF'] ."?tdact=2\"><img src=\"./system/img/todo/btnnew.gif\" border=\"0\"></a>\n";
print "\t\t<td>\n";
print "\t<tr>\n";
print "\t<tr>\n";
print "</table>";
//todo list
print "<table border=\"0\">";
print "\t<tr>\n";
print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n<b>Item</b>\n\t\t</td>\n";
print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n<b>Status</b>\n\t\t</td>\n";
print "\t</td>\n";
$query = mysql_query("select * from todo");
$handler = mysql_fetch_assoc($query);
while ($handler = mysql_fetch_assoc($query)){
if ($cbgcolor == "F9F9F9"){
$cbgcolor = "FFFFFF";
} elseif ($cbgcolor == "FFFFFF") {
$cbgcolor = "F9F9F9";
}
print "\t<tr>\n";
print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n";
print "\t\t\t". $handler['name'] ."\n";
print "\t\t</td>\n";
print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n";
if ($handler['done'] == 1){
print "<a href=\"". $_SERVER['PHP_SELF'] ."?tdact=1&id=". $handler['ID'] ."&done=0\"><img src=\"./system/img/todo/btndone.gif\" heigt=\"16\" width=\"19\" border=\"0\"></a>";
} else {
print "<a href=\"". $_SERVER['PHP_SELF'] ."?tdact=1&id=". $handler['ID'] ."&done=1\"><img src=\"./system/img/todo/btndel.gif\" border=\"0\"></a>";
};
print "\t\t</td>\n";
print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n";
print "\t\t\t<a href=\"". $_SERVER['PHP_SELF'] ."?tdact=3&id=". $handler['ID'] ."\"><img src=\"./system/img/todo/del.jpg\" border=\"0\"></a>\n";
print "\t\t</td>\n";
print "\t\t<td bgcolor=\"#". $cbgcolor ."\">\n";
print "<a href=\"". $_SERVER['PHP_SELF'] ."?tdact=4&id=". $handler['ID'] ."&name=". $handler['name'] ."\"><img src=\"./system/img/todo/btnedit.gif\" border=\"0\"></a>\n";
print "\t\t</td>\n";
print "\t</tr>\n";
};
print "</table>\n";
//end todo list
print $_SESSION["ses_obj_evt"]."<br>\n";
?>
</td>
</tr>
</table>
<?php
print "\t</td>\n</tr>\n";
print "<tr colspan=100%>\n<td>\n";
include_once('footer.html');
print "</td>\n</tr>\n";
print "</table>\n";
print "</body></html>\n";
?>db_func.php
Code: Select all
<?php
class database {
//declare properties
var $server = "";
var $user = "";
var $passcode = "";
var $database = "";
var $table = "";
var $handler = "";
var $query = "";
//declare construct
function database($server, $user, $passcode, $database){
$this->connect($server, $user, $passcode, $database);
}
//declare functions
function connect($server = "", $user ="", $passcode = "", $database = ""){
if ($server) $this->server = $server;
if ($user) $this->user = $user;
if ($passcode) $this->passcode = $passcode;
if ($database) $this->database = $database;
$this->handler = mysql_connect($this->server, $this->user, $this->passcode);
mysql_select_db($this->database, $this->handler);
}
function disconnect(){
mysql_close($this->handler);
}
function query($sql) {
if (!($this->query = @mysql_query($sql, $this->handler))) {
print "<P><B>MHAE</B><i>MySQL Had Another Error</i><BR>Query: <CODE>$sql</CODE><BR>Fout: <CODE>" . mysql_error() . "</code></p>\r\n";
/*print mysql_error();
print "</CODE></P>\r\n";*/
}
}
function checklogin(){
//if (!isset($_SESSION['ses_obj_evt'])) die("ses_obj_evt is nog set!");
if ($_SESSION['ses_obj_evt'] != 4) die("ses_obj_evt is not set and not 4!");
if (!defined("check")) die("check is nog definned!");
}
function menuitem($src, $name){
if ($src != "" && $name != ""){
print "<td class=\"mnuitm\"><a href=\"". $src ."\"><font> | ". $name ."</font></a></td>\n";
}
}
};
$db = new database('******', '********', '******', '*********');
?>