Jump to content


Photo

Login Script, problems.


  • Please log in to reply
No replies to this topic

#1 entity

entity
  • Members
  • PipPip
  • Member
  • 15 posts
  • LocationEngland, UK

Posted 04 June 2006 - 12:17 PM

Well within a few weeks I've decided to script a login script as part of my news script (please bare in mind I've only just started with MySQL this week) and I've finally come to a brick wall. Each and everytime I edit this script it seems to result in undesirable effects. My login script is based around Cookies and MySQL (I find MySQL easier than a Flat File login script... I can't handle those damn writing permissions ^_^) Anyway, my first problem is the login verification file (loginV.php), everytime I use it it logs me in, but in the meta tag redirector it wont echo the variables although meta tag redirection supports variable URLs (which the header() command doesn't seem to from my experience), here is my loginV.php file anyway:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
<?php
if($submit == "") {
echo("<div class=\"warning\">Fatal Error Script Ended</div>");
}
elseif($submit == "submitted") {
require_once("config.php");
$username = $_POST['user']; //pulls the username from the form
$password = $_POST['password']; //pulls the pass from the form
$password2 = md5($password); //makes our password an md5
//selects info from our table if the row has the same user and pass that our form does
$login = mysql_query("SELECT * FROM users WHERE `user` = '$username' AND `password` = '$password'");
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
echo("Password or username is wrong, try again!\n");
echo("<meta http-equiv=\"refresh\" content=\"0; URL=http://eagame.entitys-arena.co.uk/V2LC/index.php?eagame=login\">"); //redirects to our login page
}
else {
$results = mysql_query("SELECT * FROM users WHERE `user` = '$username' AND `password` = '$password'");
$row = mysql_fetch_array($results);
//sets our user cookie
$rk = $row['rank'];
$username = $row['user'];
$navID = $row['id'];
setcookie("user", $username, time()+3600);
//sets our pass cookie
setcookie("pass", $password2, time()+3600);
//instead of yourpage.php it would be your protected page
echo("Thank you $username, you are being redirected to the news center!");
echo("$rk $un $navID");
echo("<meta http-equiv=\"refresh\" content=\"5; URL=http://eagame.entitys-arena.co.uk/V2LC/index.php?eagame=news&action=users&uid=$navID&un=$un&rank=$rk\">"); //redirects to our login page
}
}
?>
[/quote]

What the file does is set two cookies, one for the password and one for the username that works fine, but then something REALLY annoying happens, I have three users, I have logged in as each as them and it happens with each one. First off the navigation.php file is supposed to change dynamically if the username and password cookies exist if they do it includes the extra navigation once thats done it checks to see which rank that the user is if the user is an Administrator or a Co-Administrator then they would get more options than someone who is just a News Editor or News Reporter. Well what used to happen is each time I logged in even if it was as say Bob instead of Entity it would still login as Entity which isn't very useful or safe. Now what happens is everytime I log in the navigation gets every users menu and displays it, I think this is mostly due to the while() code I'm using, but I've run out of ideas and I really cannot seem to do anything to make this right. Here is navigation.php

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
<table width="100%">
<tr><td>Navigation</td></tr>
<tr>
<td class="navigation">
<ul>
<li><a href="/V2LC/index.php">Index</a></li>
<li><a href="index.php?eagame=info">Information</a></li>
<li><a href="index.php?eagame=about">About</a></li>
</ul>
<?php
// Check if cookie exists...
if(isset($_COOKIE['user']) && isset($_COOKIE['pass'])) {
require_once("config.php");
echo("<ul>");
$navID = $_GET['$navID'];
$navRank = $_GET['$rk'];
$username = $_GET['$un'];
$result = mysql_query("SELECT * FROM users");
echo mysql_error($con);
while($row = mysql_fetch_array($result)) {
$navID = $row['id'];
$navRank = $row['rank'];
$username = $row['user'];
echo("Welcome $username\n<br />\nRank: $navRank\n");
if($navRank == "Administrator") {
echo("<li><a href=\"index.php?eagame=news&action=userCP&uid=$navID\">User Control Panel</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=register\">Register A User</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=users\">Views Users</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=addartcile\">Add Article</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=logout\">Log Out</a></li>\n");
}
elseif($navRank == "Co-Administrator") {
echo("<li><a href=\"index.php?eagame=news&action=userCP&id=$id\">User Control Panel</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=register\">Register A User</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=users\">Views Users</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=addartcile\">Add Article</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=logout\">Log Out</a></li>\n");
}
elseif($navRank == "News Editor") {
echo("<li><a href=\"index.php?eagame=news&action=userCP&id=$id\">User Control Panel</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=addartcile\">Add Article</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=logout\">Log Out</a></li>\n");
}
elseif($navRank == "News Reporter") {
echo("<li><a href=\"index.php?eagame=news&action=userCP&id=$id\">User Control Panel</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=addartcile\">Add Article</a></li>\n");
echo("<li><a href=\"index.php?eagame=news&action=logout\">Log Out</a></li>\n");
}
echo("</ul>");
}
}
elseif(empty($_COOKIE['user']) && empty($_COOKIE['pass'])) {
echo("<ul>");
echo("<li><a href=\"index.php?eagame=login\">Staff Login</a></li>\n");
echo("</ul>");
}
?>
</td>
</tr>
</table>
[/quote]

Also, something may be wrong with my log out script that may not be deleting my cookies fully, but from the looks of things, everything seems OK. But here is logout.php
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
<?php
$username = "";
$password2 = "";
//sets our user cookie
setcookie("user", $username);
//sets our pass cookie
setcookie("pass", $password2);
echo("$username; You have been logged out, redirecting to home page!");
echo("<meta http-equiv=\"refresh\" content=\"5; URL=http://eagame.entitys-arena.co.uk/V2LC/index.php\">"); //redirects to our login page
?>
[/quote]

So far with this news script I have successfully made a user list where I can see they're details (e.g password, email, name, id) and I can also delete or edit these users, then just for a bit of fun I've added an ORDER BY with variables to order the content...

Anyway, if anyone can help me with this problem, I would be very very happy! And I can continue on with life normally!

Regards, entity.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users