Remeber Me???

[dptr1988]

Seperate the code that is required for the login from the code that just used printing headers and footers. Put them in different include files

[DeanWhitehouse]

huh? u kinda lost me, is that not waht i already have

[dptr1988]

Well if you have code that outputs HTML data and yet is still required to for the login process, then it is not seperated. Most large programs will keep all code that contains and prints HTML in serperate file and the rest of the code that does the 'thinking' in other files.

[DeanWhitehouse]

Ok, i don't have a clue about what you just said,lol,

soz,

shall i just add the session start to the top of everypage??

[dptr1988]

Only 1 session_start() per browser request.

 

You can make sure that you get that by, putting a session_start() ( or including the a file that has it ) into each page that can be accessed directly from the browser.

[DeanWhitehouse]

fixed, i just added session_start(); to the top of the login script, as all my other pages contain the session_start(); part in the header.php file

 

[DeanWhitehouse]

Another problem,

this code

if ($user_level == 1) {
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = 	'$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		echo "<meta http-equiv='refresh' content='0; url=$_SERVER[REQUEST_URI]'>";
		$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];

	} 
	elseif ($user_level == 2){    
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		echo "<meta http-equiv='refresh' content='0; url=../index.php'>";
		$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];
	}
}

how can i stop it reposting the data, as it does store the session, but when it takes you back to the page it reposts the data(which is blank)

[dptr1988]

Huh? How can a server-side script cause the browser to repost a form?

 

Does it have anything to do with you useing a meta refresh rather then a 'Location:' header?

 

I would really recommend using header('Location: URL'); rather then a meta refresh.

 

[DeanWhitehouse]

yer because it is resending the data. is there anyway to stop it doing this, as i don't think/no if i can add a header instead of the meta refresh

[dptr1988]

If you can send cookies, you can send a location header.

[DeanWhitehouse]

erm, well, using this code i get the error, not all fields field in, but the session is created for the admin so it has logged in, but resent so thats why the error is showing.

to see for your self,

http://deanwhitehouse.awardspace.co.uk/admin/admin_centre.php

Username:

Blade280891

 

Password:

Natasha

 

case sensitive. The error appears at the top left, and refresh to see the admin centre

 

<?php
require_once '../includes/main.inc.php';
require_once '../includes/db_connect.php';
require_once '../includes/config_table.inc.php';
session_start();



// Only include the header and footers if you have to print errors
function print_error($err_message)
{
require_once '../includes/header.php';
require_once '../includes/footer.php';
require_once '../nav_bar.php';
echo $err_message;
exit;
}

$user_name = $_POST["user_name"];        
$user_password = $_POST["user_password"];    
$verify_username = strlen($user_name);
$verify_pass = strlen($user_password);
if ($verify_pass > 0 && $verify_username > 0)
{
$salt = substr($user_password, 0, 2);
$userPswd = crypt($user_password, $salt);
$sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1){
	$row = mysql_fetch_assoc($result);
	$user_level = $row['userlevel'];
	if ($user_level == 1) {
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = 	'$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		header("Location:".$_SERVER[REQUEST_URI]);
		$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];

	} 
	elseif ($user_level == 2){    
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		echo "<meta http-equiv='refresh' content='0; url=../index.php'>";
		$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];
	}
}
else{
	print_error( 'Login failed. Username and Password did not match database entries.');    
}
}

else
{
print_error( "Form was not completed. Please go back and make sure that the form was fully completed.");    
}


mysql_close();
?> 

[DeanWhitehouse]

does anyone no??