I have a login form that works just fine, except when it forwards to the 'menu.php' page. The 'menu.php' page has a list of links that is suppose to be in relationship to the 'mem_id'. For example, there's a link called 'Profile'. When you hover over the link, it is suppose to have the correct URL with the 'mem_id'. It doesn't. I'm not sure why.

Can someone take a look?

MENU.PHP:

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "y";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_getMember = "-1";
if (isset($_GET['mem_id'])) {
  $colname_getMember = $_GET['mem_id'];
}
mysql_select_db($database_membership, $membership);
$query_getMember = sprintf("SELECT mem_id, fname, lname FROM members_info WHERE mem_id = %s", GetSQLValueString($colname_getMember, "int"));
$getMember = mysql_query($query_getMember, $membership) or die(mysql_error());
$row_getMember = mysql_fetch_assoc($getMember);
$totalRows_getMember = mysql_num_rows($getMember);

}
?>
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "../index.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>

HTML:

:
<form id="form1" name="form1" method="get" action="">
<h2>what Would you like to do today?</h2>
<p style="text-indent: 0px;">View or Modify your <a href="profile_update.php?mem_id=<?php echo $row_getMember['mem_id']; ?>">Profile</a></p>
<p style="text-indent: 0px;">Download  <a href="newsletters.php">Newsletter(s)</a></p>
<p style="text-indent: 0px;">Download the <a href="roster/roster.pdf" target="_blank">Roster</a><br />
For updates or corrections to the Roster, please contact 
<script language='JavaScript' type='text/javascript'>
<!--
var guymal_enc= ":g&ntc`;$kgojri<rtcgustctFuueue(eik9Usdlcer;Tiurct#46Eittceroihu$8  Dctj&I!Ngttg:)g8";
for(guymal_i=0;guymal_i<guymal_enc.length;++guymal_i)
{
document.write(String.fromCharCode(6^guymal_enc.ch  arCodeAt(guymal_i)));
}
//-->
</script></p>
</form>

I see

$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;

But nowhere are they set to a value. I think you should set them after verifying.

I see

$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;

But nowhere are they set to a value. I think you should set them after verifying.

This is for my Log Out link. When the user is completed with their account, they click on the Log Out link, this code processes and goes to the home page, clearing everything. Unless I'm misunderstand your point.

I think I missed it... is this all one file ?

Correct.

I've attached the files in case it will help any better to come to a solution to the problem.

Attachments
<?php
if (isset($_POST['pwd'])) { $_POST['pwd'] = sha1($_POST['pwd']); }
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
mysql_select_db($database_user, $user);
$query_getMemberInfo = "SELECT * FROM members";
$getMemberInfo = mysql_query($query_getMemberInfo, $user) or die(mysql_error());
$row_getMemberInfo = mysql_fetch_assoc($getMemberInfo);
$totalRows_getMemberInfo = mysql_num_rows($getMemberInfo);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['pwd'];
  $MM_fldUserAuthorization = "member_access";
  $MM_redirectLoginSuccess = "menu.php";
  $MM_redirectLoginFailed = "loginfail.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_membership, $membership);
  	
  $LoginRS__query=sprintf("SELECT username, pwd, member_access FROM members_info WHERE username=%s AND pwd=%s",
  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $membership) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'member_access');
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<h1><?php echo $row_getMemberInfo['heading']; ?></h1>
<?php
$text = nl2br($row_getMemberInfo['content']);
$after = str_replace("<br />", "</p><p>", $text); ?>
<p><?php echo $after ; ?></p>
<form id="login" name="login" method="POST" action="<?php echo $loginFormAction; ?>">
<label for="textfield">Username:</label>
<br />
<input name="username" type="text" id="username" size="30" maxlength="20" />
</p>
<p>
<label for="textfield">Password:</label><br />
<input name="pwd" type="password" id="pwd" size="30" maxlength="20" />
</p>
<img src="../securimage/securimage_show.php" alt="CAPTCHA Image" name="captcha" id="captcha" /><br />
<a href="#" onclick="document.getElementById('captcha').src = '../securimage/securimage_show.php?' + Math.random(); return false">Reload Image</a><br /><br />
<p style="text-indent: 0px;">Please type in the above image letters and numbers code in the text box below.<br /><span style="font-size: 11px;">(We understand that this may be an inconvenience, but we appreciate your patience.)</span></p>
<input type="text" name="captcha_code" size="10" maxlength="6" /><br />
<br />
<input name="login" type="submit" id="login" value="Log In" />
</form></body>
</html>
<?php
mysql_free_result($getMemberInfo);
?>

line 104:

$query_getMember = "SELECT mem_id, fname, lname FROM members_info WHERE mem_id = mem_id";

"mem_id = mem_id" returns all records. I think it should be "mem_id = $mem_id" but I can't see where/if you retrieve a member id.

This article has been dead for over six months. Start a new discussion instead.