User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Code Snippets
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 361,910 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,561 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 1532 | Replies: 2
Reply
Join Date: Nov 2004
Posts: 10
Reputation: cjm771 is an unknown quantity at this point 
Rep Power: 4
Solved Threads: 0
cjm771 cjm771 is offline Offline
Newbie Poster

problems with sessions and login.php

  #1  
Aug 28th, 2006
For some strange reason I am having problems with sessions, ainly in safari I believe which is wierd considering php is a server-side programming language. anyways, when a person goes to /cp (control panel) for example, it redirects them to login.php?url=/cp. then they login, the sessions are created, and then it redirects them to /cp. but for some strange reason if there is $_GET['url'], the session is only set for the pages in the /cp directory, even if the $_GET['url'] is in the same directory as login.php. Its strange. can anyone help me out?

Login.php
Help with Code Tags 
<?
ob_start();
session_start();
include ("config.php");

?>

<html>

<head>
<title>login</title>
<LINK REL=StyleSheet HREF="/style.css" TITLE="main" TYPE="text/css">
</head>

<body background="bg.bmp">




<?require 'header.php';?>
<h2>Login</h2>

<?
if ($logged_in){
echo "you are already logged in!";
}else
{

if ($_POST['username'] || $_POST['password'])
{
$dbh=mysql_connect($host, $user, $pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db($database, $dbh); 

$result=mysql_query("SELECT * FROM `members` WHERE `username`='".$_POST['username']."' AND `password`='".$_POST['password']."'") or die ("error in login.php" . mysql_error());


if (!$_POST['username'] || !$_POST['password']){
echo "<div id='error'>Please fill in all fields</div>";
}

else if (mysql_num_rows($result)==0){
echo "<div id='error'>That username/password you entered is incorrect</div>";
}
else
{
if(isset($_POST['rememberme'])){
      setcookie("username", $_POST['username'], time()+60*60*24*100, "/");
      setcookie("password", $_POST['password'], time()+60*60*24*100, "/");
   }
$_SESSION['username']=$_POST['username'];
$_SESSION['password']=$_POST['password'];
session_write_close();
header("location:".$_GET['url']);
exit;
}
}
if (!$_GET['url'])
$_GET['url']="/cp";
?>
Please enter your username and password to continue
<form method="post" action="/login.php?url=<?echo $_GET['url']?>">
<table border="0">
<tr><td>Username:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" size="20"></td></tr>

<tr><td></td><td><input type="checkbox" name="rememberme">Remember me?</td></tr>
<tr><td></td><td><input type="submit" value="login"></td></tr>
<tr><td></td><td><a href="/forgot.php">forgot password?</a></td></tr>
<tr><td></td><td><a href="/register.php">not registered?</a></td></tr>
</table>
</form>

<?
}
include('footer.php');?>
</body>

</html>
<?ob_end_flush();?>
config.php
Help with Code Tags 
<?
 $host=""; //host
 $user=""; //username
$pass=""; //password
$database=""; //db

function confirmUser($username, $password){
 global $host;
 global $user;
global $pass;
global $database;


   if(!get_magic_quotes_gpc()) {
	//$username = addslashes($username);
   }

$dbh=mysql_connect($host, $user, $pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db($database, $dbh); 

   $q = "SELECT `password` FROM `members` WHERE `username`= '".$username."'";
   $result = mysql_query($q) or die("error in config.php".mysql_error());
   if(!$result || (mysql_num_rows($result) < 1)){
      return 1; //Indicates username failure
   }

   $dbarray = mysql_fetch_array($result);
   $dbarray['password']  = stripslashes($dbarray['password']);
   $password = stripslashes($password);

   /* Validate that password is correct */
   if($password == $dbarray['password']){
      return 0; //Success! Username and password confirmed
   }
   else{
      return 2; //Indicates password failure
   }
}

function checkLogin(){
   /* Check if user has been remembered */
   if(isset($_COOKIE['username']) && isset($_COOKIE['password'])){
      $_SESSION['username'] = $_COOKIE['username'];
      $_SESSION['password'] = $_COOKIE['password'];
   }

   /* Username and password have been set */
   if(isset($_SESSION['username']) && isset($_SESSION['password'])){
      /* Confirm that username and password are valid */
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
         /* Variables are incorrect, user not logged in */
         unset($_SESSION['username']);
         unset($_SESSION['password']);
         return false;
      }
      return true;
   }
   /* User not logged in */
   else{
      return false;
   }
}
global $logged_in;
$logged_in = checkLogin();
function checkAccess(){
if (checkLogin()==true){
 global $host;
 global $user;
global $pass;
global $database;
$dbh=mysql_connect($host, $user, $pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db($database, $dbh); 
$result=mysql_query("SELECT `access` FROM `members` WHERE `username`='".$_SESSION['username']."' AND `access`=1") or die (mysql_error());
if (mysql_num_rows($result)==0){
return false;
echo "<script>alert('not enough access')</script>";
}
else{
return true;
}

}
else{
return false;
echo "not logged in";
}
}
global $check_access;
$check_access=checkAccess();
?>
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Jan 2006
Posts: 53
Reputation: Barnz is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
Barnz Barnz is offline Offline
Junior Poster in Training

Re: problems with sessions and login.php

  #2  
Sep 1st, 2006
Hello I do not know the answer to your problem but I noticed you are outputting HTML to the browser before calling the header(); function.

You may get errors doing that.
Reply With Quote  
Join Date: Sep 2005
Posts: 591
Reputation: digital-ether will become famous soon enough digital-ether will become famous soon enough 
Rep Power: 5
Solved Threads: 37
Moderator
digital-ether's Avatar
digital-ether digital-ether is offline Offline
Posting Pro

Re: problems with sessions and login.php

  #3  
Sep 1st, 2006
Hi cjm771,

In your login form, you're setting the action of the form to:

/login.php?url=<?echo $_GET['url']?>

The form sends its data to the server via HTTP POST and you have a URI string that would usually be sent via a HTTP GET.
It usually works, but maybe Safari isn't sending the url param for some reason?
What you could do is use a hidden field instead of appending it to the url.
<input type="hidden" name="url" value="<?php echo $_POST['url']; ?>" />

but for some strange reason if there is $_GET['url'], the session is only set for the pages in the /cp directory, even if the $_GET['url'] is in the same directory as login.php.
Isnt sessions limited only by domain? It doesnt matter which directory is it.

The frequent problem is if you redirect to say: http://www.example.com/ when you set the session for http://example.com
Browsers treat www.example.com as a different domain from example.com

Its a bit hard to read your code, I suggest you seperate the database connection into a seperate class or function. Maybe just calling functions instead of making database calls in login.php (so that all the functions that call the database are in config.php or a seperate file). Just a suggestion.
www.fijiwebdesign.com - web design and development and fun
Cpanel Email - Let users Register email accounts on your website upon registration
Ajax Chat - Fully browser based chat!
Reply With Quote  
Reply

Only community members can participate in forum threads. You must register or log in to contribute.

Register
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

DaniWeb PHP Marketplace
Thread Tools Display Modes
Linear Mode Linear Mode

blog competition daniweb gentoo linux news php security spam web
Similar Threads
Other Threads in the PHP Forum

Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 9:42 pm.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC