Hi I'm making a login panel which sends data to the same page and I use a class made by me and called 'user' that stored user information and autentification. When I refresh the page I check if any session was created before (it was created at first successfull login containing the email and encoded password).
The problem is when I output the session variables, email contains nothing, password is ok. I don't know why. I rechecked the user object and my script, I cannot find what's going on. Please help.
Here is the code for login:
<?php
session_start();
include("connect.php");
include("user_class.php");
$user = new user();
/* check session variables if ok - email contains nothing */
echo $_SESSION["email"];
echo " * ".$_SESSION["password"];
if(!isset($_SESSION["email"]) && !isset($_SESSION["password"])){//daca sesiunea nu exista
echo"1";
if($user->auth($_POST["email"],sha1($_POST["password"])))
{
echo $user->getAuthMsg()."<br>";
$_SESSION["email"]=$user->getEmail();
$_SESSION["password"]=$user->getPassword();
/* check session variables if ok - all OK. This means user object works fine, no? */
echo $_SESSION["email"];
echo " * ".$_SESSION["password"];
}
else
{
echo $user->getAuthMsg();
session_destroy();
}
}
else if(isset($_SESSION["email"]) && isset($_SESSION["password"])){//daca sesiunea exista ne autentificam pentru acele date
echo"2";
/************* I could never enter here ******************/
if($user->auth($_SESSION["email"],$_SESSION["password"]))
{ echo"2da";
echo $user->getAuthMsg()."<br>";
$_SESSION["email"]=$user->getEmail();
$_SESSION["password"]=$user->getPassword();
}
else
{echo"2nu";
echo $user->getAuthMsg();
session_destroy();
}
}
else
{
/************* I always enter here cause $_SESSION["email"] is allways empty :( ******************/
}
?>
<?php if(!$user->isAuth){ ?>
<table border="1">
<form name="login_member" id="login_member" action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
<tr>
<td>Email:</td><td><input type="text" name="email" id="email" /></td>
</tr>
<tr>
<td>Password:</td><td><input type="password" name="password" id="password" /></td>
</tr>
<td colspan="2" align="center"><input type="submit" name="submit" id="submit" value="Login"></td>
</tr>
</form>
</table>
<?php exit;}else{?>
<a href="overall.php">Overall view</a> :: <a href="sections.php">Sections</a> :: <a href="members.php">Members</a> ::
<a href="requests.php">Requests</a> :: <a href="visitors.php">Visitors</a> :: <a href="account.php">Account Settings</a>
<?php } ?>Here is user class script:
<?php
class user{
// DATE MEMBRU
var $email;
var $password;
var $ip;
var $banned;
var $allowEditContent;
var $allowViewStatistics;
var $allowAddArticle;
var $allowDELETE;
var $authMsg;
var $isAuth=false;
var $isAlive=false;
// CONSTRUCTOR
/*
function user($mail,$pass,$ip_address,$banned_ip,$allowEditC,$allowViewS,$allowAddA,$allowDEL){
$this->email=$mail;
$this->password=$pass;
$this->ip=$ip_address;
$this->banned=$banned_ip;
$this->allowEditContent=$allowEditC;
$this->allowViewStatistics=$allowViewS;
$this->allowAddArticle=$allowAddA;
$this->allowDELETE=$allowDEL;
}*/
// functii SET
function user(){
$this->alive=true;
$this->email="";
$this->password="";
$this->ip="";
$this->banned=true;
$this->allowEditContent=false;
$this->allowViewStatistics=false;
$this->allowAddArticle=false;
$this->allowDELETE=false;
$authMsg="";
}
function setEmail($mail){
echo "Setam email:".$this->email=$mail;
}
function setPassword($pass){
echo "Setam parola:".$this->password=$pass;
}
function setIp($ip_address){
$this->ip=$ip_address;
}
function setBanned($banned_ip){
$this->banned=$banned_ip;
}
function setAllowEditContent($allowEditC){
$this->allowEditContent=$allowEditC;
}
function setAllowViewStatistics($allowViewS){
$this->allowViewStatistics=$allowViewS;
}
function setAllowAddArticle($allowAddA){
$this->allowAddArticle=$allowAddA;
}
function setAllowDELETE($allowDEL){
$this->allowDELETE=$allowDEL;
}
//functii GET
function getEmail(){
return $this->email=$mail;
}
function getPassword(){
return $this->password;
}
function getIp(){
return $this->ip;
}
function getBanned(){
return $this->banned;
}
function getAllowEditContent(){
return $this->allowEditContent;
}
function getAllowViewStatistics(){
return $this->allowViewStatistics;
}
function getAllowAddArticle(){
return $this->allowAddArticle;
}
function getAllowDELETE(){
return $this->allowDELETE;
}
//functii speciale
function isAlive()
{ return $this->alive; }
function getAuthMsg(){
return $this->authMsg;
}
function auth($mail,$pass){
// authentification with mysql database
$this->setEmail($mail);
$this->setPassword($pass);
$mail=trim(htmlspecialchars($mail));
$pass=trim(htmlspecialchars($pass));
if($mail!="" && $pass!="")
{
$q="SELECT * FROM members WHERE email='".$mail."' AND password='".$pass."'";
$res=mysql_query($q);
if(!$res)
{
$this->authMsg="Eroare trimitere date:".mysql_error();
return false;
}
else
{ $numrows=mysql_num_rows($res);
if($numrows==1)
{
$this->authMsg="Autentificat!";
$this->isAuth=true;
return isAuth;
}
else
{
$this->authMsg="Nume sau parola gresite!";
$this->isAuth=false;
return $this->isAuth;
}
}
}
else
{
$this->authMsg="Va rugam completati corespunzator formularul!";
$this->isAuth=false;
return $this->isAuth;
}
}
};
?>