SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Enthusiast
    Join Date
    Feb 2002
    Location
    USA
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unhappy Help me, sessions and user authorization

    Hi, ok, I found an article here on SitePoint about sessions, so I thought I'd try it. This is my first time using them, so bear with me.

    Here's the problem: When a user enters his or her username and password, it just refreshes the page, it doesn't log him or her in.

    Help Me!

    PHP Code:
    <?php

    // Administrative Control Panel
    // accesscontrol.php
    // Will detect session settings

    include('./inc/db.php');

    session_start();

    // If no username is found, expell user and ask to log in
    if(!isset($_HTTP_SESSION_VARS['username'])){
        
    ?>
        <html>
        <head>
        <title>Access Denied!</title>
        </head>
        <body>
        <h1>Access Denied</h1>
        <p>You must be logged in <i>and</i> have the correct permissions level in order to view this page. Please log in using the form below. If you have already logged in, and are still getting this error, please contact the technical staff.</p>
        <p><form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
        Username: <input type="text" name="username" size="8"><br>
        Password: <input type="password" name="pwd" size="8"><br>
        <input type="submit" value="log in">
        </form></p>
        </body>
        </html>
        <?php
        
    exit();
    }

    $username=$_POST['username'];
    $pwd=$_POST['pwd'];

    session_register("$username");
    session_register("$pwd");

    $sql="SELECT id, username, password FROM users WHERE username='$username' AND password=PASSWORD('$pwd')";
    $result=@mysql_query($sql) or die('A database error has occured while checking your login details.');

    if(
    mysql_num_rows($result) == 0){
        
    session_unregister("$username");
        
    session_unregister("$pwd");
        
    ?>
        <html>
        <head>
        <title>Please try again!</title>
        </head>
        <body>
        <h1>Access Denied</h1>
        <p>Your login details are incorrect or you are not a registered user. To try logging in again, click <a href="<?php echo $_SERVER['PHP_SELF']; ?>">here</a>.</p>
        </body>
        </html>
        <?php
        
    exit();
    }
    $userStuff=@mysql_fetch_array($result);
    $userid=$userStuff["id"];

    // Get Access Level for user from DB
    $sql="SELECT level FROM access WHERE userid='$userid'";
    $result=@mysql_query($sql) or die('A database error has occured while gaining acess levels. <!--'.myqsl_error.'-->');
    $userAccess=@mysql_fetch_array($result);
    $acessLevel=$userAccess["level"]; // Access Level

    session_register("$acessLevel");
    ?>
    Oh, and one other thing. If I get this script to work and include it in a page, how do I get the varibles from the session? Do i use something like
    PHP Code:
    echo $_HTTP_SESSION_VARS['$acessLevel']; 
    Or what?
    Last edited by ja5es; Aug 14, 2002 at 10:54.
    James

  2. #2
    purple monkey dishwasher scoates's Avatar
    Join Date
    Nov 2001
    Location
    Montreal
    Posts
    794
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think $_HTTP_SESSION_VARS should be either $HTTP_SESSION_VARS or $_SESSION

    S

  3. #3
    SitePoint Enthusiast
    Join Date
    Feb 2002
    Location
    USA
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, that didn't work.
    James

  4. #4
    SitePoint Addict
    Join Date
    Jan 2002
    Location
    NJ/NY
    Posts
    346
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmm.. I'm not really good with php, but this is what I think:

    You should give the submit button a name like login_submit.. and there should be an if($login_submit)...

    and then put all that user/password validation code inside the braces of that if clause...

    If the user/password is correct, then register session variables for them. This way, you save the hassle of unregistering them if the combo's wrong..

  5. #5
    SitePoint Enthusiast
    Join Date
    Feb 2002
    Location
    USA
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I did it this way becuase it starts the session, or detects if there is one, and then sees if a $username is registered in the session. If not, then it asks for users to log in.

    If I did it your way, they would have to log in on every page.

    I had this working, but somehow I messed it up.
    James

  6. #6
    SitePoint Addict
    Join Date
    Jan 2002
    Location
    NJ/NY
    Posts
    346
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmm... why would it then log in everytime?

  7. #7
    SitePoint Enthusiast
    Join Date
    Feb 2002
    Location
    USA
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Maybe I'm wrong. I should try it... I'll try it and let you know who it goes.
    James

  8. #8
    SitePoint Enthusiast atomical's Avatar
    Join Date
    Aug 2002
    Posts
    43
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    CORRECT:

    $username= 'joe';
    $pwd = 'something';

    session_register("username");
    session_register("pwd");


    WRONG:

    $username= 'joe';
    $pwd = 'something';

    session_register("$username");
    session_register("$pwd");

    If you do it the wrong way, you'll have a session variable registered as 'joe' and his password as another session variable.

    Also, you have a method wrong too.
    You should only register the username, and not the password, because you are only going to be checking the password once.

  9. #9
    SitePoint Enthusiast
    Join Date
    Feb 2002
    Location
    USA
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, thank you! I FINALLY got it to work!
    James


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •