rnintulsa Posted August 4, 2008 Share Posted August 4, 2008 My login script needs to allow 5 companies to login and then be redirected to their personal page. So far I am working with 3 of the companies: orion, primetech and southern. This is the login check page: <?php session_start( ); error_reporting(E_ALL); ini_set ("display_errors", "1"); // if username and password are set and not empty then proceed with the rest of the process if( isset( $_POST[ 'username' ] ) && isset( $_POST[ 'company' ] ) && $_POST[ 'username' ] != '' && $_POST[ 'company' ] != '' ) { $link = mysql_connect( 'host', 'username', 'password' ); $db_selected = mysql_select_db('dbname', $link); $username = mysql_real_escape_string($_POST['username'], $link); $company = mysql_real_escape_string($_POST['company'], $link); if (!$db_selected) { echo"Connection to the database failed. Please try again later." ; exit; } $results = mysql_query("select * from access where username='" . $username . "' and company = '" . $company . "'" ,$link ) or die(mysql_error()); $num_rows = mysql_num_rows($results); //greater than zero if( $num_rows > 0 ) { $_SESSION['username'] = $username; //redirect $data = mysql_fetch_array($results); header("Location: {$data['company']}.php"); } else { header("Location: login_error.htm"); } } ?> On the individual company pages my code first starts the session: <?php session_start( ); error_reporting(E_ALL); ini_set ("display_errors", "1"); ?> And then on the individual company pages after the html begins I have this: <div id="center_column"> <?php if (isset($_SESSION['username']) && $_SESSION['company'] == "southern") { echo'<br /><br /><br />'; echo '<p>You are logged in as '.$_SESSION['username'].'</p>'; echo'<a href="#nogo">Project</a><br><br>'; echo'<a href="#nogo">Links</a><br><br>'; echo'<a href="#nogo">Will</a><br><br>'; echo'<a href="#nogo">Go</a><br><br>'; echo'<a href="#nogo">Here</a><br><br><br><br>'; } else { echo '<p>You are not logged in.</p>'; echo '<p>Only logged in members may visit these pages.</p>'; echo '<p><a href="login_access.php">Client login Page</a><br /><br /></p>'; } ?> </div> I am quite sure the problem is with this line in the above code: if (isset($_SESSION['username']) && $_SESSION['company'] == "southern") "southern" is interchanged for the page it is on. southern.php, orion.php or primetech.php This code ends up giving me my error from the else part of the if statement: else { echo '<p>You are not logged in.</p>'; echo '<p>Only logged in members may visit these pages.</p>'; echo '<p><a href="login.php">Client login Page</a><br /><br /></p>'; } The reason I think that line is causing the problem is because when i change it back to just: if (isset($_SESSION['username'])) it works just fine. Only problem is that anyone logged in the session can see any of the other companies pages by keying in the address. Nothing to keep them out. Not good. I appreciate any feedback and especially helpful is explanations as I am new to php and there is so much that I don't understand. Quote Link to comment Share on other sites More sharing options...
MatthewJ Posted August 4, 2008 Share Posted August 4, 2008 You should print out the $_SESSION['company'] variable to confirm it holds what you think it does since removing it seems to make the code work. Quote Link to comment Share on other sites More sharing options...
budimir Posted August 4, 2008 Share Posted August 4, 2008 Hey there, I see you are still strugling with the problem. $_SESSION['company'] Where do you set this variable????? I can't see it! Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted August 4, 2008 Share Posted August 4, 2008 at login, I would make a session that validates to TRUE if they log in correctly. then on all the pages, just check that value. SO... processlogin.php // connect to db and do a login query if(mysql_num_rows($sql) > 0){ $row = mysql_fetch_array($sql); session_start(); $_SESSION['name'] = $row['name']; // set other sessions values here $_SESSION['logged'] = TRUE; } pages that require a login: session_start(); if(!$_SESSION['logged']){ header("Location: /login.php"); exit; } // The rest of you page here. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted August 4, 2008 Share Posted August 4, 2008 oh, this may help finding if it is set... session_start(); print_r($_SESSION); Quote Link to comment Share on other sites More sharing options...
rnintulsa Posted August 4, 2008 Author Share Posted August 4, 2008 Ok, thanks, MatthewJ, how do I do that? Newbie. I have an idea as I had to do something like that yesterday, but how do I do it for $_SESSION['company']? budmir, yes you are so right. Still struggling, but I won't give up! I thought I set the variable back in the login check page. $company = mysql_real_escape_string($_POST['company'], $link); Please set me straight. Quote Link to comment Share on other sites More sharing options...
rnintulsa Posted August 4, 2008 Author Share Posted August 4, 2008 Little guy, I am trying to wrap my limited knowledge around what you sent to do. I will try it. May take a bit as I am slow in this. Thank you. Quote Link to comment Share on other sites More sharing options...
budimir Posted August 4, 2008 Share Posted August 4, 2008 Don't give up, you'll get the idea what is wrong!!! OK, I think you have only missed one step: You did this yesterday $_SESSION['username'] = $username; You know what you need to do with... $_SESSION['company'] You get the idea???? Quote Link to comment Share on other sites More sharing options...
rnintulsa Posted August 4, 2008 Author Share Posted August 4, 2008 Thanks budimir for your leading me. going to try it like this, as not sure how it is supposed to be written in the numrows if statement. if( $num_rows > 0 ) { $_SESSION['username'] = $username; $_SESSION['company'] = $company; //redirect $data = mysql_fetch_array($results); header("Location: {$data['company']}.php"); } Quote Link to comment Share on other sites More sharing options...
rnintulsa Posted August 4, 2008 Author Share Posted August 4, 2008 or is it this way rather: $_SESSION['username'] = $username && $_SESSION['company'] = $company; Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted August 4, 2008 Share Posted August 4, 2008 or is it this way rather: $_SESSION['username'] = $username && $_SESSION['company'] = $company; No, your previous way is the right way. Quote Link to comment Share on other sites More sharing options...
budimir Posted August 4, 2008 Share Posted August 4, 2008 This is the correct way if( $num_rows > 0 ) { $_SESSION['username'] = $username; $_SESSION['company'] = $company; //redirect $data = mysql_fetch_array($results); header("Location: {$data['company']}.php"); } Is it working now???? Quote Link to comment Share on other sites More sharing options...
rnintulsa Posted August 4, 2008 Author Share Posted August 4, 2008 Oh yes, it is working. I can't thank you enough. Smiling ear to ear. Bless you all. Quote Link to comment Share on other sites More sharing options...
budimir Posted August 4, 2008 Share Posted August 4, 2008 Great!!! This was your problem $_SESSION['company'] = $company; Hit "Topic solved" and enjoy!!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.