0

Hi I'm making a login panel which sends data to the same page and I use a class made by me and called 'user' that stored user information and autentification. When I refresh the page I check if any session was created before (it was created at first successfull login containing the email and encoded password).
The problem is when I output the session variables, email contains nothing, password is ok. I don't know why. I rechecked the user object and my script, I cannot find what's going on. Please help.
Here is the code for login:

<?php
session_start();

include("connect.php");
include("user_class.php");

$user = new user();
/* check session variables if ok  - email contains nothing */
		echo $_SESSION["email"];
		echo " * ".$_SESSION["password"];

if(!isset($_SESSION["email"]) && !isset($_SESSION["password"])){//daca sesiunea nu exista
echo"1";

	if($user->auth($_POST["email"],sha1($_POST["password"]))) 
	{	
		echo $user->getAuthMsg()."<br>";
		$_SESSION["email"]=$user->getEmail();
		$_SESSION["password"]=$user->getPassword();
		/* check session variables if ok  - all OK. This means user object works fine, no? */
		echo $_SESSION["email"];
		echo " * ".$_SESSION["password"];
	}

	else 
	{
		echo $user->getAuthMsg();
		session_destroy();
	}
}
else if(isset($_SESSION["email"]) && isset($_SESSION["password"])){//daca sesiunea exista ne autentificam pentru acele date
echo"2";
/*************  I could never enter here ******************/
	if($user->auth($_SESSION["email"],$_SESSION["password"])) 
	{	echo"2da";
		echo $user->getAuthMsg()."<br>";
		$_SESSION["email"]=$user->getEmail();
		$_SESSION["password"]=$user->getPassword();
	}

	else 
	{echo"2nu";
		echo $user->getAuthMsg();
		session_destroy();
	}	
}
else
{
/*************  I always enter here cause $_SESSION["email"] is allways empty :( ******************/
}


?>



<?php if(!$user->isAuth){ ?>
<table border="1">
<form name="login_member" id="login_member" action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="POST">
	<tr>
		<td>Email:</td><td><input type="text" name="email" id="email" /></td>
	</tr>
	<tr>
		<td>Password:</td><td><input type="password" name="password" id="password" /></td>
	</tr>
		<td colspan="2" align="center"><input type="submit" name="submit" id="submit" value="Login"></td>
	</tr>
</form>
</table>
<?php exit;}else{?>

<a href="overall.php">Overall view</a> :: <a href="sections.php">Sections</a> :: <a href="members.php">Members</a> :: 
<a href="requests.php">Requests</a> :: <a href="visitors.php">Visitors</a> :: <a href="account.php">Account Settings</a>


<?php } ?>

Here is user class script:

<?php
class user{
	// DATE MEMBRU
    var $email;
	var $password;
	var $ip;
	var $banned;
	var $allowEditContent;
	var $allowViewStatistics;
	var $allowAddArticle;
	var $allowDELETE;
	
    var $authMsg;
	var $isAuth=false;
	
	var $isAlive=false;
	// CONSTRUCTOR
	/*
	function user($mail,$pass,$ip_address,$banned_ip,$allowEditC,$allowViewS,$allowAddA,$allowDEL){
		$this->email=$mail;
		$this->password=$pass;
		$this->ip=$ip_address;
		$this->banned=$banned_ip;
		$this->allowEditContent=$allowEditC;
		$this->allowViewStatistics=$allowViewS;
		$this->allowAddArticle=$allowAddA;
		$this->allowDELETE=$allowDEL;
	}*/
	// functii SET
	function user(){
		$this->alive=true;
	
	    $this->email="";
		$this->password="";
		$this->ip="";
		$this->banned=true;
		$this->allowEditContent=false;
		$this->allowViewStatistics=false;
		$this->allowAddArticle=false;
		$this->allowDELETE=false;
	
        $authMsg="";
	}
	
	function setEmail($mail){
		echo "Setam email:".$this->email=$mail;
	}
	
	function setPassword($pass){
		echo "Setam parola:".$this->password=$pass;
	}
	
	function setIp($ip_address){
		$this->ip=$ip_address;
	}
	
	function setBanned($banned_ip){
		$this->banned=$banned_ip;
	}
	
	function setAllowEditContent($allowEditC){
		$this->allowEditContent=$allowEditC;
	}
	
	function setAllowViewStatistics($allowViewS){
		$this->allowViewStatistics=$allowViewS;
	}
	
	function setAllowAddArticle($allowAddA){
		$this->allowAddArticle=$allowAddA;
	}
	
	function setAllowDELETE($allowDEL){
		$this->allowDELETE=$allowDEL;
	}
	
	//functii GET
	function getEmail(){
		return $this->email=$mail;
	}
	
	function getPassword(){
		return $this->password;
	}
	
	function getIp(){
		return $this->ip; 
	}
	
	function getBanned(){
		return $this->banned;
	}
	
	function getAllowEditContent(){
		return $this->allowEditContent;
	}
	
	function getAllowViewStatistics(){
		return $this->allowViewStatistics;
	}
	
	function getAllowAddArticle(){
		return $this->allowAddArticle;
	}
	
	function getAllowDELETE(){
		return $this->allowDELETE;
	}
	
	
	//functii speciale
	function isAlive()
	{ return $this->alive; }
	
	function getAuthMsg(){
		return $this->authMsg;
	}
	
	function auth($mail,$pass){ 
	// authentification with mysql database
	
	  $this->setEmail($mail);
	  $this->setPassword($pass);
	
	  $mail=trim(htmlspecialchars($mail));
	  $pass=trim(htmlspecialchars($pass));
	  if($mail!="" && $pass!="")
	  {
	
		$q="SELECT * FROM members WHERE email='".$mail."' AND password='".$pass."'";
		$res=mysql_query($q);
		if(!$res) 
		{
		    $this->authMsg="Eroare trimitere date:".mysql_error();
			return false;
		}
		else
		{   $numrows=mysql_num_rows($res);
			if($numrows==1)
			{
				 $this->authMsg="Autentificat!";
			     $this->isAuth=true;
				 return isAuth;
  			}
			else
			{
				$this->authMsg="Nume sau parola gresite!";
				$this->isAuth=false;
				return $this->isAuth;
			}
		}
	  }
	  else
	  {
				$this->authMsg="Va rugam completati corespunzator formularul!";
				$this->isAuth=false;
				return $this->isAuth;
	  }
	}

};
?>
2
Contributors
2
Replies
4
Views
7 Years
Discussion Span
Last Post by darius_#2
0

I FOUND IT!

function getEmail(){
		return $this->email=$mail;//incorrect. must be "return $this->email;"
	}

Sorry I am very tired, I couldn't see it for hours. Anyone can do a mistake like that when is very tired :). You just CAN'T see it. Thanks all for reading. Thread solved.

Edited by Clawsy: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.