Jump to content

[SOLVED] Session problems still

dennismonsewicz

By dennismonsewicz
in PHP Coding Help

Recommended Posts

dennismonsewicz Advanced Member

dennismonsewicz

Posted
Posted

I have this code:

 

<?php

			session_start();
						ob_start();

			include "sql.php";

			$action = $_GET['action'];

			$login_error = '<h2 style="color: red">Login Failed, Try Again</h2>
							<form action="index.php?action=login" method="post">
								<label>Username:</label> <input type="text" name="username" id="username" />
								<label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" />
								<label><input type="submit" value="Login" style="margin-top: 5px;" /></label>
							</form>';

			$login = '<h2>Login</h2>
							<form action="index.php?action=login" method="post">
								<label>Username:</label> <input type="text" name="username" id="username" />
								<label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" />
								<label><input type="submit" value="Login" style="margin-top: 5px;" /></label>
							</form>';

			if($_POST) {

						if($_POST['username'] || $_POST['password']) {
									$_SESSION['username'] = stripslashes($_POST['username']);
									$_SESSION['password'] = stripslashes($_POST['password']);
								}
						}


			switch($action) {

				case "login":

					$result = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND password = '".mysql_real_escape_string($_SESSION['password'])."'") or die(mysql_error());
					$num_rows = mysql_num_rows($result);

					if($num_rows == 0) {
						echo $login_error;
						}
					else {
						header("location:index.php");
						}
				break;

				case "logout":
					session_destroy();
					ob_end_flush();
					echo $login;
					header("location:index.php");
				break;	
			}

			$sql = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND password = '".mysql_real_escape_string($_SESSION['password'])."'") or die(mysql_error());
			$results = mysql_fetch_object($sql);

			$username = $results->username;

			if(!$_SESSION['username']) {
					echo $login; 
					} else {
						echo '<h2>Recent Projects</h2>';
							echo '<ul>';
							$query = mysql_query("SELECT * FROM added_projects ORDER BY id DESC LIMIT 0,10") or die(mysql_error());
								while($results = mysql_fetch_object($query)) {
									echo '<li><a href="tools.php?action=view&id=' . $results->id . '">' . $results->project . '</a></li>';
								}
							echo '</ul>';
						}

				?>

 

The above code is in a file called rightnav.php and is included on the individual pages

 

I also duplicated the session_start code in the included header file (that is also included on every page):

 

session_start();
ob_start();

 

When I login using a wrong username and/or password (for testing) I receive the $login_error var but the While statement displays results and if you refresh the page the session begins! Any ideas on how to fix this?

Link to comment
https://forums.phpfreaks.com/topic/125663-solved-session-problems-still/
Share on other sites
jonsjava Member

jonsjava

Posted
Posted

Wow. Impatient. Well, if you are including a file that has session_start, and the page that is requesting the inclusion also has session start, you're doing it one time too many.  including a file is the same as every line of the script being in the file requesting the inclusion.  Second. Bumping 2 times in an hour is kinda annoying. Third.  Your code is messy. Here's a cleaned up version:

<?php
session_start();
ob_start();
include "sql.php";
$action = $_GET['action'];
$login_error = '<h2 style="color: red">Login Failed, Try Again</h2>
<form action="index.php?action=login" method="post">
<label>Username:</label> <input type="text" name="username" id="username" />
<label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" />
<label><input type="submit" value="Login" style="margin-top: 5px;" /></label>
</form>';

$login = '<h2>Login</h2>
<form action="index.php?action=login" method="post">
<label>Username:</label> <input type="text" name="username" id="username" />
<label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" />
<label><input type="submit" value="Login" style="margin-top: 5px;" /></label>
</form>';

if($_POST) {
if($_POST['username'] || $_POST['password']) {
	$_SESSION['username'] = stripslashes($_POST['username']);
	$_SESSION['password'] = stripslashes($_POST['password']);
}
}
switch($action) {
case "login":
	$result = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND password = '".mysql_real_escape_string($_SESSION['password'])."'") or die(mysql_error());
	$num_rows = mysql_num_rows($result);
	if($num_rows == 0) {
		echo $login_error;
	}
	else {
		header("location:index.php");
	}
	break;
case "logout":
	session_destroy();
	ob_end_flush();
	echo $login;
	header("location:index.php");
	break;
}
$sql = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND password = '".mysql_real_escape_string($_SESSION['password'])."'") or die(mysql_error());
$results = mysql_fetch_object($sql);
$username = $results->username;
if(!$_SESSION['username']) {
echo $login;
} else {
echo '<h2>Recent Projects</h2>';
echo '<ul>';
$query = mysql_query("SELECT * FROM added_projects ORDER BY id DESC LIMIT 0,10") or die(mysql_error());
while($results = mysql_fetch_object($query)) {
	echo '<li><a href="tools.php?action=view&id=' . $results->id . '">' . $results->project . '</a></li>';
}
echo '</ul>';
}
?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.