SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Location
    USA
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    SESSION - please help

    ok. i've been messing with this all afternoon and i can't get it. there are 3 files i will post so you get the picture so please bear with me. i'm sorry for the length. the problem is that i keep having to log in at every page and the add.php page isn't working unless i take include accesscontrol.php line OUT
    PHP Code:
      //this one is the one i include with the 2 other files at the beginning to see whether the person is authorized to see the page or not
    <?php // accesscontrol.php

    include("common.php");
    include(
    "db.php");
    session_start();

    if (!isset(
    $_POST['uid'])) {
      
    ?>
      <html>
      <head>
      <title> Please Log In for Access </title>
      </head>
      <body>
      <h1> Login Required </h1>
      <p>You must log in to access this area of the site. If you are
         not a registered user, <a href="signup.php">click here</a>
         to sign up for instant access!</p>
      <p><form method="post" action="<?=$_SERVER[PHP_SELF]?>">
        User ID: <input type="text" name="uid" size="8"><br>
        Password: <input type="password" name="pwd" SIZE="8"><br>
        <input type="submit" value="Log in">
      </form></p>
      </body>
      </html>
      <?php
     
      
    exit; 
    }

     
    $_SESSION['uid'] = $_POST[uid];
     
    $_SESSION['pwd'] = $_POST[pwd];


    dbConnect("db");
    $sql "SELECT * FROM user WHERE
            userid = '
    $_POST[uid]' AND password = PASSWORD('$_POST[pwd]')";
    $result mysql_query($sql);
    if (!
    $result) {
      
    error("A database error occurred while checking your ".
            
    "login details.\\nIf this error persists, please ".
            
    "contact [email]me[/email].");
    }

    if (
    mysql_num_rows($result) == 0) {
      unset(
    $_SESSION['uid']);
      unset(
    $_SESSION['pwd']);
      
    ?>
      <html>
      <head>
      <title> Access Denied </title>
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$_SERVER[PHP_SELF]?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
        
      </body>
      </html>
      <?php
      
    exit;
    }
    ?>
    this is the first page the user goes to
    PHP Code:
    //admin.php
    <?php include("accesscontrol.php");

     
    ?>
    <html>
    <head>
    <title> Members-Only Page </title>
    </head>
    <body>
    <p>This is the administrative area where you can add or delete products. </p>
    <p><a href="add.php">Add Product</a></p>
    </body>
    </html>
    then they click the link to go here
    PHP Code:
    <?php //add.php
    include("accesscontrol.php");
    if (!isset(
    $_POST[submitok])):
    ?>
       <html>
       <head>
       <title>Untitled Document</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
       </head>

        <body>
        <p>Add a product:</p>
        <form  method="post" action="<?=$_SERVER[PHP_SELF]?>">
        Type:
        <select name="type">
        <option value="earring" selected>Earring
        <option value="bracelet">Bracelet
        <option value="necklace" >Necklace
        </select>
        <br><br>Description:<br>
        <textarea name="description" rows="15" cols="50">
        </textarea><br><br>
        <input type=submit name="submitok" value="   Add it   ">
        </form>
        <p>&nbsp;</p>
        </body>
        </html>

    <?php
    else:
        
    ?>  
        <html>
        <body>
        <?php
        dbConnect
    ("db");   
        
    $sql "INSERT INTO products SET
                  type = '
    $_POST[type]',
                  description = '
    $_POST[description]',
                  entrydate = CURDATE()"
    ;
         echo(
    "Product added successfully");
                 
        if (!
    mysql_query($sql)) {
            
    error("A database error occurred in processing your ".
                  
    "submission.\\nIf this error persists, please ".
                  
    "contact [email]me[/email].");
                  }
        
    ?>
        </body>
        </html>       
    <?php
    endif;
    ?>
    Last edited by nails11; Jan 15, 2003 at 19:27.

  2. #2
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi.

    I think the problem lies in the accesscontrol.php.

    At the very top of you scripts it's smart to have this line of code: error_reporting (E_ALL);
    That changes the php setting for this script so it will print out all errormessages. You only uses this when you're making the pages.

    I also think it's best to have session_start(); before you include anything.

    Then to youre problem.
    You're problem is that if no data is comming form a form then the script prints out the form.
    Further explination: When you go to another page, the accesscontrol.php is checking to see if some variables are coming from a form. But there are no variables, because you have moved on to another page, and then the scripts prints out the login form again.

    I think you need to change the accesscontrol script into something like this.
    Code:
    // Pseudo code
    if (something send from form) {
        check the form input against the db.
        if(result from db ok) {
            set session variables
        } else {
            print login form or errormessage with a link to login form
            exit;
        }
    } elseif (session exists) {
        check the session against the db
        if(result from db NOT ok) {
            unset session
            print login form or errormessage with a link to login form
            exit;
        }
    } else {
        print login form
        exit;
    }
    Hope this gives you some ideas

    -Helge

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Location
    USA
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thx Helge!
    i got it.

  4. #4
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No problem.

    -Helge

  5. #5
    SitePoint Member
    Join Date
    Jan 2003
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cool cool website

    visit http://www.bahraichfun.comhttp://www.bahraichfun.com


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •