Session trouble
Posted: Tue Dec 23, 2008 2:23 am
Hey everyone,
I've made a login page, and what i'm trying to do is take the username (or company) and save that data in a session. Now on the next page(account.php), my code checks for $_SESSION['company'], if your logged in you should be able to access the account.php page, however despite being logged in I keep getting redirected.
I'm guessing I'm not creating the sessions properly in the login page.
Login:
account.php:
I've made a login page, and what i'm trying to do is take the username (or company) and save that data in a session. Now on the next page(account.php), my code checks for $_SESSION['company'], if your logged in you should be able to access the account.php page, however despite being logged in I keep getting redirected.
I'm guessing I'm not creating the sessions properly in the login page.
Login:
Code: Select all
<?php
session_start();
$query = mysql_connect("************.net", "*******", "********") or die(mysql_error());
mysql_select_db('*********', $query) or die(mysql_error());
if(isset($_GET['try'])) {
If(empty($_POST['company']) OR empty($_POST['password'])) {
echo 'Please fill in all the required fields!';
}
else {
$company = addslashes($_POST['company']);
$password = md5($_POST['password']);
$query = mysql_query("SELECT usergroup FROM users WHERE company = '" . $company . "' AND password = '" . $password . "'") or die(mysql_error());
list($usergroup) = mysql_fetch_row($query);
if(empty($usergroup)) {
echo 'No combination of username and password found.';
}
else{
session_start();
$_SESSION['Company'] = ($_POST['company']);
$_SESSION['Company'] = $company;
echo "<a href='account.php'> Next>> </a>\n";
}
}
}
?>
<form action="login.php?try=true" method="post">
Username: <input type="text" name="company"><br>
<br>
Password: <input type="password" name="password"><br>
<br>
<input type="submit" value="Login">
</form>Code: Select all
<?php
session_start();
if(!isset($_SESSION['company'])){
die('<a href="login.php">Login first!</a>');
}
$query = mysql_connect("*************.net", "*********", "********") or die(mysql_error());
mysql_select_db('********', $query) or die(mysql_error());
if(isset($_POST['product'])) {
$product = ($_POST['company']);
$firm ="SELECT name FROM `product_docs_support` WHERE product_id = '".mysql_real_escape_string($_post['product'])."' AND type = 'frimware'";
$result = mysql_query($conn,$query);
while($row=mysql_fetch_row($result))
{
$name[] = $row[0];
}
echo "<ul>\n";
foreach( $name as $z )
{
echo "<li> <a href='support/$product/firmware/$z'>\n" .$z."</a></li>\n";
}
echo "</ul>\n";
echo "<br />";
$soft ="SELECT name FROM `product_docs_support` WHERE product_id = '".mysql_real_escape_string($_post['product'])."' AND type = 'software'";
$result = mysql_query($conn,$query);
while($row=mysql_fetch_row($result))
{
$name[] = $row[0];
}
echo "<ul>\n";
foreach( $name as $y )
{
echo "<li> <a href='support/$product/software/$y'>\n" .$y."</a></li>\n";
}
echo "</ul>\n";
echo "<br />";
$doc =="SELECT name FROM `product_docs_support` WHERE product_id = '".mysql_real_escape_string($_post['product'])."' AND type = 'doc'";
$result = mysql_query($conn,$query);
while($row=mysql_fetch_row($result))
{
$name[] = $row[0];
}
echo "<ul>\n";
foreach( $name as $x )
{
echo "<li> <a href='support/$product/doc/$x'>\n" .$x."</a></li>\n";
}
echo "</ul>\n";
echo "<br />";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>account</title>
</head>
<body>
<form method="post" action="account.php">
<?php
$conn ='SELECT product_id FROM `customers_products` WHERE company = \''.mysql_real_escape_string($_SESSION['company']).'\'' ;
$result = mysql_query($conn,$query);
while($row=mysql_fetch_row($result))
{
$product_id[] = $row[0];
}
echo "<select name='product'>\n" ;
foreach( $product_id as $v )
{
echo "<option value='$v'>\n" .$v."</option>\n";
}
echo "</select>\n";
?>
<input type="submit" name="submit" value="Go" />
</form>
<a href="logout.php">Log Out</a>
</body>
</html>