Using (firefox thru web) and (using ie,firefox thru local host) user login was worked out, but using ie thru web it doesn't work. First I put on the session.php to check if the user succesfully login or not including checking witht the database. But the problem when i test it thru ie it will not works but if I test again for the second time it works. I don't know how to trap this kind of error. Please help me and give me any suggestion. Please have a look at mu code
Code: Select all
<?
/**
* Session.php
*/
include("database.php");
include("mailer.php");
include("form.php");
class Session
{
var $username; //Username given on sign-up
var $id;
var $userid; //Random value generated on current login
var $userlevel; //The level to which the user pertains
var $time; //Time user was last active (page loaded)
var $logged_in; //True if user is logged in, false otherwise
var $userinfo = array(); //The array holding all user info
var $url; //The page url current being viewed
var $referrer; //Last recorded site page viewed
/**
* Note: referrer should really only be considered the actual
* page referrer in process.php, any other time it may be
* inaccurate.
*/
/* Class constructor */
function Session(){
$this->time = date("Y.m.d");
$this->startSession();
}
/**
* startSession - Performs all the actions necessary to
* initialize this session object. Tries to determine if the
* the user has logged in already, and sets the variables
* accordingly. Also takes advantage of this page load to
* update the active visitors tables.
*/
function startSession(){
global $database; //The database connection
session_start(); //Tell PHP to start the session
/* Determine if user is logged in */
$this->logged_in = $this->checkLogin();
/**
* Set guest value to users not logged in, and update
* active guests table accordingly.
*/
if(!$this->logged_in){
$this->username = $_SESSION['username'] = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
}
/* Update users last active timestamp */
else{
$database->addActiveUser($this->username, $this->time);
}
/* Remove inactive visitors from database */
$database->removeInactiveUsers();
$database->removeInactiveGuests();
/* Set referrer page */
if(isset($_SESSION['url'])){
$this->referrer = $_SESSION['url'];
}else{
$this->referrer = "/";
}
/* Set current url */
$this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
global $database; //The database connection
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
$this->username = $_SESSION['username'] = $_COOKIE['cookname'];
$this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];
}
/* Username and userid have been set and not guest */
if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
$_SESSION['username'] != GUEST_NAME){
/* Confirm that username and userid are valid */
if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['userid']);
return false;
}
/* User is logged in, set class variables */
$this->userinfo = $database->getUserInfo($_SESSION['username'],username);
$this->username = $this->userinfo['username'];
$this->userid = $this->userinfo['userid'];
$this->userlevel = $this->userinfo['userlevel'];
return true;
}
/* User not logged in */
else{
return false;
}
}
function login($subuser, $subpass){
global $database, $form; //The database and form object
/* Username error checking */
$field = "username"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0)
{
$form->setError($field, "* Username not entered");
}
/* Password error checking */
$field = "password"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}
/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}
/* Checks that username is in database and password is correct */
$subuser = stripslashes($subuser);
$result = $database->confirmUserPass($subuser, md5($subpass));
/* Check error codes */
if($result == 1){
$field = "username";
$form->setError($field, "* Username not found");
}
else if($result == 2){
$field = "password";
$form->setError($field, "* Invalid password");
}
/* Return if form errors exist */
if($form->num_errors > 0){
$this->id = 2;
return false;
}
/* Username and password correct, register session variables */
$this->userinfo = $database->getUserInfo($subuser,username);
$this->username = $_SESSION['username'] = $this->userinfo['username'];
$this->userid = $_SESSION['userid'] = $this->generateRandID();
//$this->userlevel = $this->userinfo['userlevel'];
/* Insert userid into database and update active users table */
$database->updateUserField($this->username, "userid", $this->userid);
$database->addActiveUser($this->username, $this->time);
$database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his random value userid. It expires by the time
* specified in constants.php. Now, next time he comes to our site, we will
* log him in automatically, but only if he didn't log out before he left.
*/
if($subremember){
setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
}
/* Login completed successfully */
return true;
}
/**
* logout - Gets called when the user wants to be logged out of the
* website. It deletes any cookies that were stored on the users
* computer as a result of him wanting to be remembered, and also
* unsets session variables and demotes his user level to guest.
*/
function logout(){
global $database; //The database connection
/**
* Delete cookies - the time must be in the past,
* so just negate what you added when creating the
* cookie.
*/
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
}
/* Unset PHP session variables */
unset($_SESSION['username']);
unset($_SESSION['userid']);
/* Reflect fact that user has logged out */
$this->logged_in = false;
$this->id = 3;
/**
* Remove from active users table and add to
* active guests tables.
*/
$database->removeActiveUser($this->username);
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
/* Set user level to guest */
$this->username = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
}
}
$session = new Session;
/* Initialize form object */
$form = new Form;
?>
Code: Select all
<?
/**
* Process.php
*/
include("include/session.php");
require_once ("phpmailer/class.phpmailer.php");
class Process
{
/* Class constructor */
function Process(){
global $session;
/* User submitted login form */
if(isset($_POST['sublogin'])){
$this->procLogin();
}
/* User submitted registration form */
else if(isset($_POST['subjoin'])){
$this->procRegister();
}
/* User submitted forgot password form */
else if(isset($_POST['subforgot'])){
$this->procForgotPass();
}
else if(isset($_POST['subregfinal'])){
$this->procRegDataBase();
}
/* User submitted edit account form */
else if(isset($_POST['subedit'])){
$this->procEditAccount();
}
/**
* The only other reason user should be directed here
* is if he wants to logout, which means user is
* logged in currently.
*/
else if(($session->logged_in)||($session->id=1)){
$this->procLogout();
}
/**
* Should not get here, which means user is viewing this page
* by mistake and therefore is redirected.
*/
else{
header("Location: main.php");
}
}
/**
* procLogin - Processes the user submitted login form, if errors
* are found, the user is redirected to correct the information,
* if not, the user is effectively logged in to the system.
*/
function procLogin(){
global $session, $form;
/* Login attempt */
$retval = $session->login($_POST['username'], $_POST['password']);
/* Login successful */
if(($retval)&&(!isset($_POST['id']))){
header("Location: ". MAIN);
}
else if(($retval)&&(isset($_POST['id']))){
$v_key = $_POST['id'];
$v_valsearch = $_POST['keyword'];
$v_sort = $_POST['sort'];
$v_sq = $_POST['sequence'];
$v_init_row = $_POST['init_row'];
header("Location: ". URLROOT . "/view_member.php?id=$v_key&keyword=$v_valsearch&sort=$v_sort&sequence=$v_sq&init_row=$v_init_row");
}
/* Login failed */
else{
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
}
}
/* Initialize process */
$process = new Process;
these are the contents of my index.php which I check if the session is log in then put these on index page.
Code: Select all
<?
if ($session->logged_in)
{
echo "<font color=\"#666666\">Welcome <b>$session->username</b></font>";
}
?>
<!-- InstanceEndEditable --> <!-- InstanceBeginEditable name="Edit Profile" -->
<?
if ($session->logged_in)
{
echo "<a href=\"editprofile.php\" class=\"b\">Edit Profile |</a>";
}
?>
<!-- InstanceEndEditable --> <!-- InstanceBeginEditable name="logout" -->
<?
if ($session->logged_in)
{
echo "[<a href=\"process.php\" class=\"b\">Logout</a>]";
}
?>