Page 1 of 1

need little help : got problem with session

Posted: Wed Jul 12, 2006 2:55 am
by RooDy
Pimptastic | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


im really2 new in php...i've done a session on my web system and got stuck..can some1 give a little help..below is my code :

Code: Select all

<?php

require 'authentication.inc';

  // Formulate the SQL find the user
  $query = "SELECT * FROM login WHERE userName = '$username'
            AND password = '$password'" ;

  echo "sql:".$query;
  // Execute the query
  if (!$result = @ mysql_query ($query, $connection))
    showerror();

  $pass = @mysql_fetch_array($result);

session_start();      <<----------------------------------------[color=red][size=18][b]GOT PROBLEM HERE[/b][/size][/color]

// Authenticate the user
if (authenticateUser($connection, $username, $password))
{
}
//sessionAuthenticate();
	 //Authenticate the user

	//if ($level['UserLevel']==1)
	
if ($result) 

	if (strcmp($pass['userName'],$username)==0)
	{
 	if (($pass['UserLevel']==1)|| ($pass['UserLevel']==2))
	{
 		// Register the loginUsername
		  $_SESSION["user"] = $username;
		  $_SESSION["userlevel"] = $pass['UserLevel'];
  		// Register the IP address that started this session
		  $_SESSION["loginIP"] = $_SERVER["REMOTE_ADDR"];
		  
		  if ($pass['UserLevel']==1) {
		 $_SESSION["dis_level"]="Admin"; }
		 else if ($pass['UserLevel']==2)
		 { $_SESSION["dis_level"]="Customer Support"; }
		 //else if ($pass['UserLevel']==3)
		 //{ $_SESSION["dis_level"]="Supervisor"; }
		  
  		// Relocate back to the first page of the application
  		header("Location: login2.php");
  		exit;
	}
}
	// Authenticate the user

		else if ($pass['UserLevel']==2)
		{
  		// Register the loginUsername
		  $_SESSION["user"] = $username;
		  $_SESSION["userlevel"] = $level['UserLevel'];
		  //$_SESSION["district"] = $level['DistrictCode'];

  		// Register the IP address that started this session
		  $_SESSION["loginIP"] = $_SERVER["REMOTE_ADDR"];

  		// Relocate back to the first page of the application
  			header("Location: HRbroadcast.php");
  			exit;
	}

	else 
		{
  		// The authentication failed: setup a logout message
  		//$_SESSION["message"] = 
    		//"Could not connect to the application as '{$user}'";

  		// Relocate to the logout page
  		header("Location: loginerror.php");
  		exit;
		}
?>

this will come after i login ---- >> Warning: Cannot send session cookie - headers already sent by (output started at c:\apache\htdocs\pages\logincheck.php:9) in c:\apache\htdocs\pages\logincheck.php on line 16

tell me if some1 need 'authentication.inc' file. thank you very much!


Pimptastic | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Wed Jul 12, 2006 2:59 am
by Benjamin
Hi RooDy.

Welcome to phpdn. Please use the appropriate category when posting messages. Also when posting code, you should use the built in syntax features which have been added to the forum.

In regards to your problem, please review this post...

viewtopic.php?t=1157

Posted: Wed Jul 12, 2006 3:04 am
by JayBird
[url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url] Section 1.1 wrote:1. Select the correct board for your query. Take some time to read the guidelines in the sticky topic.

Posted: Fri Jul 14, 2006 2:16 am
by RooDy
sry for the wrong post.. :oops:

thanks a lot astions..i've read the link u gave me..its very useful..now i understand that we cant send anything to the browser before header / session_start ..

but im still blank to modify my code..any1 got suggestion? :cry:

any help are highly appreciated :wink:

this is my authentication code :

Code: Select all

<?php

	// (1) Open the database connection
   if (!($connection = @ mysql_connect("localhost", "root", "")))
      die("Could not connect db");

   // (2) Select the winelogin database
   if (!(@ mysql_select_db("anything", $connection)))
      showerror();

   function showerror()
   {
      die("Error " . mysql_errno() . " : " . mysql_error());
   }

function authenticateUser($connection, $username, $password)
{
  // Test the username and password parameters
  if (!isset($username) || !isset($password))
    return false;
	
  // Create a digest of the password collected from
  // the challenge
  //$Password = md5(trim($Password));

  // Formulate the SQL find the user
  //$query = "SELECT UserID, Password FROM users WHERE UserID = '{$UserID}'
            //AND Password = '{$Password}'";
			
	$query = "SELECT * FROM login WHERE userName = '{$username}'
            AND password = '{$password}' ";

  if (!$result = @ mysql_query ($query, $connection))
    showerror();
   
  // exactly one row? then we have found the user
  if (mysql_num_rows($result) != 1)
    return false;
  else
    return true;
}

function sessionAuthenticate()
{
  // Check if the user hasn't logged in
  if (!($_SESSION["user"]))
  {
    // The request does not identify a session
    $_SESSION["message"] = "You are not authorized to access the URL
                            {$_SERVER["REQUEST_URI"]}";

    header("Location: login2.php");
    exit;
  }

  // Check if the request is from a different IP address to previously
  if (!isset($_SESSION["loginIP"]) ||
     ($_SESSION["loginIP"] != $_SERVER["REMOTE_ADDR"]))
  {
    // The request did not originate from the machine
    // that was used to create the session.
    // THIS IS POSSIBLY A SESSION HIJACK ATTEMPT

    $_SESSION["message"] = "You are not authorized to access the URL
                            {$_SERVER["REQUEST_URI"]} from the address
                            {$_SERVER["REMOTE_ADDR"]}";

    header("Location: login2.php");
    exit;
  }
}

?>
*hope this time nothing wrong in my post :? *