•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 392,372 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,732 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 1651 | Replies: 2
•
•
Join Date: Nov 2004
Posts: 10
Reputation: 
Rep Power: 4
Solved Threads: 0
Newbie Poster
For some strange reason I am having problems with sessions, ainly in safari I believe which is wierd considering php is a server-side programming language. anyways, when a person goes to /cp (control panel) for example, it redirects them to login.php?url=/cp. then they login, the sessions are created, and then it redirects them to /cp. but for some strange reason if there is $_GET['url'], the session is only set for the pages in the /cp directory, even if the $_GET['url'] is in the same directory as login.php. Its strange. can anyone help me out?
Login.php
config.php
Login.php
<?
ob_start();
session_start();
include ("config.php");
?>
<html>
<head>
<title>login</title>
<LINK REL=StyleSheet HREF="/style.css" TITLE="main" TYPE="text/css">
</head>
<body background="bg.bmp">
<?require 'header.php';?>
<h2>Login</h2>
<?
if ($logged_in){
echo "you are already logged in!";
}else
{
if ($_POST['username'] || $_POST['password'])
{
$dbh=mysql_connect($host, $user, $pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db($database, $dbh);
$result=mysql_query("SELECT * FROM `members` WHERE `username`='".$_POST['username']."' AND `password`='".$_POST['password']."'") or die ("error in login.php" . mysql_error());
if (!$_POST['username'] || !$_POST['password']){
echo "<div id='error'>Please fill in all fields</div>";
}
else if (mysql_num_rows($result)==0){
echo "<div id='error'>That username/password you entered is incorrect</div>";
}
else
{
if(isset($_POST['rememberme'])){
setcookie("username", $_POST['username'], time()+60*60*24*100, "/");
setcookie("password", $_POST['password'], time()+60*60*24*100, "/");
}
$_SESSION['username']=$_POST['username'];
$_SESSION['password']=$_POST['password'];
session_write_close();
header("location:".$_GET['url']);
exit;
}
}
if (!$_GET['url'])
$_GET['url']="/cp";
?>
Please enter your username and password to continue
<form method="post" action="/login.php?url=<?echo $_GET['url']?>">
<table border="0">
<tr><td>Username:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" size="20"></td></tr>
<tr><td></td><td><input type="checkbox" name="rememberme">Remember me?</td></tr>
<tr><td></td><td><input type="submit" value="login"></td></tr>
<tr><td></td><td><a href="/forgot.php">forgot password?</a></td></tr>
<tr><td></td><td><a href="/register.php">not registered?</a></td></tr>
</table>
</form>
<?
}
include('footer.php');?>
</body>
</html>
<?ob_end_flush();?><?
$host=""; //host
$user=""; //username
$pass=""; //password
$database=""; //db
function confirmUser($username, $password){
global $host;
global $user;
global $pass;
global $database;
if(!get_magic_quotes_gpc()) {
//$username = addslashes($username);
}
$dbh=mysql_connect($host, $user, $pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db($database, $dbh);
$q = "SELECT `password` FROM `members` WHERE `username`= '".$username."'";
$result = mysql_query($q) or die("error in config.php".mysql_error());
if(!$result || (mysql_num_rows($result) < 1)){
return 1; //Indicates username failure
}
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);
/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['username']) && isset($_COOKIE['password'])){
$_SESSION['username'] = $_COOKIE['username'];
$_SESSION['password'] = $_COOKIE['password'];
}
/* Username and password have been set */
if(isset($_SESSION['username']) && isset($_SESSION['password'])){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
}
global $logged_in;
$logged_in = checkLogin();
function checkAccess(){
if (checkLogin()==true){
global $host;
global $user;
global $pass;
global $database;
$dbh=mysql_connect($host, $user, $pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db($database, $dbh);
$result=mysql_query("SELECT `access` FROM `members` WHERE `username`='".$_SESSION['username']."' AND `access`=1") or die (mysql_error());
if (mysql_num_rows($result)==0){
return false;
echo "<script>alert('not enough access')</script>";
}
else{
return true;
}
}
else{
return false;
echo "not logged in";
}
}
global $check_access;
$check_access=checkAccess();
?>
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
Threaded ModeSimilar Threads
- Setting up a form in PHP (PHP)
- Trying to create a login system (PHP)
- Php Syntax Error (PHP)
- question about connecting odbc to sql through php script (PHP)
- login script using sessions (PHP)
- Best Web Hosting 4 PHP (Web Hosting Deals)
- php help needed for login (PHP)
Other Threads in the PHP Forum
- Previous Thread: unexpected T_STRING
- Next Thread: Classes In Php
