session trouble

dennismonsewicz · September 24, 2008

I have a login system that checks to see if the username and password are there and if they are the script is supposed to then login you in and off you go on your marry way

Well here is my code:

$login_error = '<h2 style="color: red">Login Failed, Try Again</h2>
							<form action="index.php?action=login" method="post">
								<label>Username:</label> <input type="text" name="username" id="username" />
								<label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" />
								<label><input type="submit" value="Login" style="margin-top: 5px;" /></label>
							</form>';

			if($_POST) {

				if($_POST['username'] || $_POST['password']) {
							$_SESSION['username'] = stripslashes($_POST['username']);
							$_SESSION['password'] = stripslashes($_POST['password']);
						}
				}


			switch($action) {

				case "login":
					$result = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND password = '".mysql_real_escape_string($_SESSION['password'])."'") or die(mysql_error());
					$num_rows = mysql_num_rows($result);

					if($num_rows == 0) {
						echo $login_error;
						}
					else {
						header("location:index.php?session_start=yes");
						}
				break;

				case "logout":
					session_destroy();
					ob_end_flush();
					header("location:index.php");
				break;	
			}

			$login = '<h2>Login</h2>
							<form action="index.php?action=login" method="post">
								<label>Username:</label> <input type="text" name="username" id="username" />
								<label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" />
								<label><input type="submit" value="Login" style="margin-top: 5px;" /></label>
							</form>';

					if(!$_SESSION) {
						echo $login;
					 } else {
						echo '<h2>Recent Projects</h2>';
							echo '<ul>';
							$query = mysql_query("SELECT * FROM added_projects ORDER BY id DESC LIMIT 0,10") or die(mysql_error());
								while($results = mysql_fetch_object($query)) {
									echo '<li><a href="tools.php?action=view&id=' . $results->id . '">' . $results->project . '</a></li>';
								}
							echo '</ul>';

						}

When you login, even if the login is correct, the script displays the $login_error var and also displays the unordered list in the while statement

Any ideas?

dennismonsewicz · September 24, 2008

the session_start() and ob_start() are located in the header file:

$session = $_GET['session_start'];

	switch($session) {
		case "yes":
			session_start();
			ob_start();
		break;
	}

dennismonsewicz · September 24, 2008

anyone have any ideas?

.josh · September 24, 2008

- where is $action being set?

- is the pw encrypted in the db? because i see no kind of encryption of the pw being checked.

dennismonsewicz · September 24, 2008

$action is being set above the $login_error var

$action = $_GET['action'];

And no the pw is not encrypted. I will worry about that a little later I am just trying to get the dern thing working to full capacity

.josh · September 24, 2008

did you try separating your query string from your mysql_query and echoing it out to see if it's holding what you expect? And running it directly in phpmyadmin or w/e?

Sign In

session trouble

Recommended Posts

dennismonsewicz

Link to comment

Share on other sites

dennismonsewicz

Link to comment

Share on other sites

dennismonsewicz

Link to comment

Share on other sites

.josh

Link to comment

Share on other sites

dennismonsewicz

Link to comment

Share on other sites

.josh

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information