For some strange reason I am having problems with sessions, ainly in safari I believe which is wierd considering php is a server-side programming language. anyways, when a person goes to /cp (control panel) for example, it redirects them to login.php?url=/cp. then they login, the sessions are created, and then it redirects them to /cp. but for some strange reason if there is $_GET, the session is only set for the pages in the /cp directory, even if the $_GET is in the same directory as login.php. Its strange. can anyone help me out?
Login.php
<?
ob_start();
session_start();
include ("config.php");
?>
<html>
<head>
<title>login</title>
<LINK REL=StyleSheet HREF="/style.css" TITLE="main" TYPE="text/css">
</head>
<body background="bg.bmp">
<?require 'header.php';?>
<h2>Login</h2>
<?
if ($logged_in){
echo "you are already logged in!";
}else
{
if ($_POST['username'] || $_POST['password'])
{
$dbh=mysql_connect($host, $user, $pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db($database, $dbh);
$result=mysql_query("SELECT * FROM `members` WHERE `username`='".$_POST['username']."' AND `password`='".$_POST['password']."'") or die ("error in login.php" . mysql_error());
if (!$_POST['username'] || !$_POST['password']){
echo "<div id='error'>Please fill in all fields</div>";
}
else if (mysql_num_rows($result)==0){
echo "<div id='error'>That username/password you entered is incorrect</div>";
}
else
{
if(isset($_POST['rememberme'])){
setcookie("username", $_POST['username'], time()+60*60*24*100, "/");
setcookie("password", $_POST['password'], time()+60*60*24*100, "/");
}
$_SESSION['username']=$_POST['username'];
$_SESSION['password']=$_POST['password'];
session_write_close();
header("location:".$_GET['url']);
exit;
}
}
if (!$_GET['url'])
$_GET['url']="/cp";
?>
Please enter your username and password to continue
<form method="post" action="/login.php?url=<?echo $_GET['url']?>">
<table border="0">
<tr><td>Username:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" size="20"></td></tr>
<tr><td></td><td><input type="checkbox" name="rememberme">Remember me?</td></tr>
<tr><td></td><td><input type="submit" value="login"></td></tr>
<tr><td></td><td><a href="/forgot.php">forgot password?</a></td></tr>
<tr><td></td><td><a href="/register.php">not registered?</a></td></tr>
</table>
</form>
<?
}
include('footer.php');?>
</body>
</html>
<?ob_end_flush();?>
config.php
<?
$host=""; //host
$user=""; //username
$pass=""; //password
$database=""; //db
function confirmUser($username, $password){
global $host;
global $user;
global $pass;
global $database;
if(!get_magic_quotes_gpc()) {
//$username = addslashes($username);
}
$dbh=mysql_connect($host, $user, $pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db($database, $dbh);
$q = "SELECT `password` FROM `members` WHERE `username`= '".$username."'";
$result = mysql_query($q) or die("error in config.php".mysql_error());
if(!$result || (mysql_num_rows($result) < 1)){
return 1; //Indicates username failure
}
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);
/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['username']) && isset($_COOKIE['password'])){
$_SESSION['username'] = $_COOKIE['username'];
$_SESSION['password'] = $_COOKIE['password'];
}
/* Username and password have been set */
if(isset($_SESSION['username']) && isset($_SESSION['password'])){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
}
global $logged_in;
$logged_in = checkLogin();
function checkAccess(){
if (checkLogin()==true){
global $host;
global $user;
global $pass;
global $database;
$dbh=mysql_connect($host, $user, $pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db($database, $dbh);
$result=mysql_query("SELECT `access` FROM `members` WHERE `username`='".$_SESSION['username']."' AND `access`=1") or die (mysql_error());
if (mysql_num_rows($result)==0){
return false;
echo "<script>alert('not enough access')</script>";
}
else{
return true;
}
}
else{
return false;
echo "not logged in";
}
}
global $check_access;
$check_access=checkAccess();
?>