Code: Select all
<?
//authenticate correctly and get a session
include("includes/authentication.php");
if(isset($_SESSION['valid']))
{
//diffuse site IDs - nothing to do with authentication
include('includes/site_breakdown.php');
?>
<div style="margin: 15px 0px 15px 0px; background-color: #eee; border: 1px solid #ddd; padding: 5px;">
<span style="float: left;">Welcome, <?=$styled_site;?>.</span>Code: Select all
<?
if ($_POST['user']!=NULL)
{
$user = md5($_POST['user']);
$pass = md5($_POST['pass']);
$result = mysql_query("select * from table where username = '" . $user . "' AND password = '". $pass ."'", $localhost);
$row=mysql_fetch_assoc($result);
if ($row['username']!=NULL && $row['site']!=NULL)
{
$val=1;
session_start();
$_SESSION['valid'] = 1;
$_SESSION['site'] = $row['site'];
ob_end_flush();
}
else if ($row['username']==NULL)
{
echo("<p>Invalid login, please try again.</p>");
}
else if ($row['site']=="" || $row['site']==NULL)
{
echo("<p>Your username is not associated with a site, please contact the system administrator or try again.</p>");
}
else
{
echo("<p>Invalid login, please try again.</p>");
}
}
else
{
if ($val!=1)
{
?>
<form action="" method="POST">
<p>Please log into the ProCare Customer Portal.</p>
<p>Username: <input type="text" name="user" size="20" /></p>
<p>Password: <input type="password" name="pass" size="20" /></p>
<p><input type="Submit" /></p>
</form>
<?
}
else
{
echo("<p>Invalid login, please try again.</p>");
$val=0;
}
}
?>Here is my problem:
I want the user to be able to navigate to other pages (as long as the session is valid) but if I come back to this original page, the user is prompted again to login. I have looked around this site some but cannot find a way to make sure the session stays alive through all the pages. Do I have to rewrite how the session is established or is there a value I can store in the session that will accomplish this?
This is the first real authentication I've written so I could be doing this all wrong. If there's a way I could do this better please also let me know, I am very much open to suggestion. I saw on this post viewtopic.php?t=24789 the use of session_set_cookie_params(0, '/', '.foo.com'); before the session is began, but I am unsure how to incorporate that into my script or if it is necessary to set any cookies.
Thank you in advance