Page 1 of 1

Having some issues with user login ...

Posted: Fri May 18, 2007 4:53 pm
by HormonX
Here what is happening ...

I have very simple login script that would give user access for advanced functions of the page. Now .. loggin in seems to work fine .. and logout seem to work fine. I get mane appear after user is looged in .. and all is great ... but when i clink on any link on the menu my user is logged out and i no longer see user menu. Please bare with me on this one as i am not a pro .. just amateur :)

This is where credentials are being checked using mysal db

This includes both login and logout options .. as you can see :)

Code: Select all

<?
$_SESSION['login'] = $login;
$_SESSION['security_id'] = $security_id;
$_SESSION['uid'] = $uid;

	if (isset($login) && isset($password))
{
	include('connect.php');
	$query = "SELECT * FROM sec_auth WHERE login='$login' and pass='$password' and enabled='1'";
	$result = mysql_query( $query, $link );
	
	if (mysql_num_rows($result) >0)
	{
		$valid_user = $login;
		session_register('valid_user');
	}

}

if($user == 'logout')
{
session_start();
$old_user = $valid_user;
$result = session_unregister("valid_user");
$msg = "<table width='100%' align='center' cellpadding='2' cellspacing='2'><tr><td height='18' align='center'>Zostales wylogowany ze strony administracyjnej.</td></tr></table><br>";
echo "<meta http-equiv=\"refresh\" content=\"3;URL=?page=\" />";
session_destroy();
}
?>
Here is where the user menu appears and that is working fine

Code: Select all

<?
            if (session_is_registered("valid_user"))
			{
		  ?>       
          <table width="100" border="0" cellpadding="0" cellspacing="0" class="frameboxmaincat">
            <tr>
              <td>Twoje Konto</td>
            </tr>
          </table>
          <table width="150" border="0" cellpadding="0" cellspacing="0">
             <tr>
              <td valign="top" class="frameboxcat">
              <?  echo "You are logged in as $valid_user"; ?>
              </td>
            </tr>
          </table>
         	    <?
                }
		   ?>
All of my menu is pulled from a database and it is generally in such format

Code: Select all

?page=123456789
where 123456789 is a pointer to a field in database that as actual url.

It would seem that my variable valid_user is not being kept alive after i click on the link in the menu.

Can anyone help me see what i am missing.

Thank you .

Best regards,

Greg

Posted: Fri May 18, 2007 4:59 pm
by feyd
The code you have looks like it came from the early PHP 4 if not PHP 3 days.

Things you're not supposed to do:
  • short tags (<?)
  • session_unregister()
  • assumption of register_globals
  • absolutely no security, sanitizing or validating user input

Posted: Fri May 18, 2007 5:58 pm
by HormonX
you are absolutelly right ... i have done this ... years ago and you might be right it was around the time when php4 came about.

I know this is very stripped down code ... but the reason i asked to just get started to get it functional.

Putting aside all the don'ts can you help why this is not working or atleast point me in the right direction ?

Thank you

Greg[/list]

Posted: Fri May 18, 2007 6:07 pm
by RobertGonzalez
I'd suggest you start with fixing the things that feyd pointed out as they could very well be the cause of your problems. After they are fixed, post back if the problem continues.