login session

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
junjustkim
Forum Commoner
Posts: 44
Joined: Thu May 22, 2008 8:48 pm

login session

Post by junjustkim »

Hi to all

Using (firefox thru web) and (using ie,firefox thru local host) user login was worked out, but using ie thru web it doesn't work. First I put on the session.php to check if the user succesfully login or not including checking witht the database. But the problem when i test it thru ie it will not works but if I test again for the second time it works. I don't know how to trap this kind of error. Please help me and give me any suggestion. Please have a look at mu code


Code: Select all

<?
/**
 * Session.php
 */
include("database.php");
include("mailer.php");
include("form.php");
 
class Session
{
   var $username;     //Username given on sign-up
   var $id;
   var $userid;       //Random value generated on current login
   var $userlevel;    //The level to which the user pertains
   var $time;         //Time user was last active (page loaded)
   var $logged_in;    //True if user is logged in, false otherwise
   var $userinfo = array();  //The array holding all user info
   var $url;          //The page url current being viewed
   var $referrer;     //Last recorded site page viewed
   /**
    * Note: referrer should really only be considered the actual
    * page referrer in process.php, any other time it may be
    * inaccurate.
    */
 
   /* Class constructor */
   function Session(){
      $this->time = date("Y.m.d");
      $this->startSession();
   }
 
   /**
    * startSession - Performs all the actions necessary to 
    * initialize this session object. Tries to determine if the
    * the user has logged in already, and sets the variables 
    * accordingly. Also takes advantage of this page load to
    * update the active visitors tables.
    */
   function startSession(){
      global $database;  //The database connection
      session_start();   //Tell PHP to start the session
      /* Determine if user is logged in */
      $this->logged_in = $this->checkLogin();
 
      /**
       * Set guest value to users not logged in, and update
       * active guests table accordingly.
       */
      if(!$this->logged_in){
         $this->username = $_SESSION['username'] = GUEST_NAME;
         $this->userlevel = GUEST_LEVEL;
         $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
      }
      /* Update users last active timestamp */
      else{
         $database->addActiveUser($this->username, $this->time);
      }
      
      /* Remove inactive visitors from database */
      $database->removeInactiveUsers();
      $database->removeInactiveGuests();
      
      /* Set referrer page */
      if(isset($_SESSION['url'])){
         $this->referrer = $_SESSION['url'];
      }else{
         $this->referrer = "/";
      }
 
      /* Set current url */
      $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
   }
 
   /**
    * checkLogin - Checks if the user has already previously
    * logged in, and a session with the user has already been
    * established. Also checks to see if user has been remembered.
    * If so, the database is queried to make sure of the user's 
    * authenticity. Returns true if the user has logged in.
    */
   function checkLogin(){
      global $database;  //The database connection
      /* Check if user has been remembered */
      if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
         $this->username = $_SESSION['username'] = $_COOKIE['cookname'];
         $this->userid   = $_SESSION['userid']   = $_COOKIE['cookid'];
      }
 
      /* Username and userid have been set and not guest */
      if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
         $_SESSION['username'] != GUEST_NAME){
         /* Confirm that username and userid are valid */
         if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
            /* Variables are incorrect, user not logged in */
            unset($_SESSION['username']);
            unset($_SESSION['userid']);
            return false;
         }
 
         /* User is logged in, set class variables */
         $this->userinfo  = $database->getUserInfo($_SESSION['username'],username);
         $this->username  = $this->userinfo['username'];
         $this->userid    = $this->userinfo['userid'];
         $this->userlevel = $this->userinfo['userlevel'];
         return true;
      }
      /* User not logged in */
      else{
         return false;
      }
   }
 
   function login($subuser, $subpass){
      global $database, $form;  //The database and form object
      /* Username error checking */
      $field = "username";  //Use field name for username
      if(!$subuser || strlen($subuser = trim($subuser)) == 0)
       {
         $form->setError($field, "* Username not entered");
       }
 
      /* Password error checking */
      $field = "password";  //Use field name for password
      if(!$subpass){
         $form->setError($field, "* Password not entered");
      }
      
      /* Return if form errors exist */
      if($form->num_errors > 0){
         return false;
      }
 
      /* Checks that username is in database and password is correct */
      $subuser = stripslashes($subuser);
      $result = $database->confirmUserPass($subuser, md5($subpass));
      /* Check error codes */
      if($result == 1){
         $field = "username";
         $form->setError($field, "* Username not found");
      }
      else if($result == 2){
         $field = "password";
         $form->setError($field, "* Invalid password");
      }
      
      /* Return if form errors exist */
      if($form->num_errors > 0){
         $this->id = 2;
         return false;
      }
 
      /* Username and password correct, register session variables */
      $this->userinfo  = $database->getUserInfo($subuser,username);
      $this->username  = $_SESSION['username'] = $this->userinfo['username'];
      $this->userid    = $_SESSION['userid']   = $this->generateRandID();
      //$this->userlevel = $this->userinfo['userlevel'];
      /* Insert userid into database and update active users table */
      $database->updateUserField($this->username, "userid", $this->userid);
      $database->addActiveUser($this->username, $this->time);
      $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
 
      /**
       * This is the cool part: the user has requested that we remember that
       * he's logged in, so we set two cookies. One to hold his username,
       * and one to hold his random value userid. It expires by the time
       * specified in constants.php. Now, next time he comes to our site, we will
       * log him in automatically, but only if he didn't log out before he left.
       */
      if($subremember){
         setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
         setcookie("cookid",   $this->userid,   time()+COOKIE_EXPIRE, COOKIE_PATH);
      }
 
      /* Login completed successfully */
      return true;
   }
 
   /**
    * logout - Gets called when the user wants to be logged out of the
    * website. It deletes any cookies that were stored on the users
    * computer as a result of him wanting to be remembered, and also
    * unsets session variables and demotes his user level to guest.
    */
   function logout(){
      global $database;  //The database connection
      /**
       * Delete cookies - the time must be in the past,
       * so just negate what you added when creating the
       * cookie.
       */
      if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
         setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
         setcookie("cookid",   "", time()-COOKIE_EXPIRE, COOKIE_PATH);
      }
 
      /* Unset PHP session variables */
      unset($_SESSION['username']);
      unset($_SESSION['userid']);
 
      /* Reflect fact that user has logged out */
      $this->logged_in = false;
      $this->id = 3;
      
      /**
       * Remove from active users table and add to
       * active guests tables.
       */
      $database->removeActiveUser($this->username);
      $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
      
      /* Set user level to guest */
      $this->username  = GUEST_NAME;
      $this->userlevel = GUEST_LEVEL;
   }
}
 
$session = new Session;
 
/* Initialize form object */
$form = new Form;
 
?>
 
 

Code: Select all

<?
/**
 * Process.php
 */
include("include/session.php");
require_once ("phpmailer/class.phpmailer.php");
 
class Process
{
   /* Class constructor */
   function Process(){
      global $session;
      /* User submitted login form */
      if(isset($_POST['sublogin'])){
         $this->procLogin();
      }
      /* User submitted registration form */
      else if(isset($_POST['subjoin'])){
         $this->procRegister();
      }
      /* User submitted forgot password form */
      else if(isset($_POST['subforgot'])){
         $this->procForgotPass();
      }
      else if(isset($_POST['subregfinal'])){
         $this->procRegDataBase();
      }   
      /* User submitted edit account form */
      else if(isset($_POST['subedit'])){
         $this->procEditAccount();
      }
      /**
       * The only other reason user should be directed here
       * is if he wants to logout, which means user is
       * logged in currently.
       */
      else if(($session->logged_in)||($session->id=1)){
         $this->procLogout();
      }
      /**
       * Should not get here, which means user is viewing this page
       * by mistake and therefore is redirected.
       */
       else{
          header("Location: main.php");
       }
   }
 
   /**
    * procLogin - Processes the user submitted login form, if errors
    * are found, the user is redirected to correct the information,
    * if not, the user is effectively logged in to the system.
    */
   function procLogin(){
      global $session, $form;
      /* Login attempt */
      $retval = $session->login($_POST['username'], $_POST['password']);
      /* Login successful */
      if(($retval)&&(!isset($_POST['id']))){
         header("Location: ". MAIN);
      }
      else if(($retval)&&(isset($_POST['id']))){
          $v_key = $_POST['id'];
          $v_valsearch = $_POST['keyword'];
          $v_sort = $_POST['sort'];
          $v_sq = $_POST['sequence'];
          $v_init_row = $_POST['init_row'];
          header("Location: ". URLROOT . "/view_member.php?id=$v_key&keyword=$v_valsearch&sort=$v_sort&sequence=$v_sq&init_row=$v_init_row");
      }
      /* Login failed */
      else{
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
         header("Location: ".$session->referrer);
      }
   }
}
 
/* Initialize process */
$process = new Process;
   
 

these are the contents of my index.php which I check if the session is log in then put these on index page.

Code: Select all

   <?
       if ($session->logged_in)
        {
          echo "<font color=\"#666666\">Welcome <b>$session->username</b></font>";
        }
    ?>    
    <!-- InstanceEndEditable --> &nbsp;<!-- InstanceBeginEditable name="Edit Profile" -->
    <?
       if ($session->logged_in)
        {
          echo "<a href=\"editprofile.php\" class=\"b\">Edit Profile |</a>";
        }
    ?>     
    <!-- InstanceEndEditable --> <!-- InstanceBeginEditable name="logout" -->
     <? 
       if ($session->logged_in)
         {
           echo "[<a href=\"process.php\" class=\"b\">Logout</a>]";
         }
     ?>  
Post Reply