dennismonsewicz Posted September 24, 2008 Share Posted September 24, 2008 I have this code: <?php session_start(); ob_start(); include "sql.php"; $action = $_GET['action']; $login_error = '<h2 style="color: red">Login Failed, Try Again</h2> <form action="index.php?action=login" method="post"> <label>Username:</label> <input type="text" name="username" id="username" /> <label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" /> <label><input type="submit" value="Login" style="margin-top: 5px;" /></label> </form>'; $login = '<h2>Login</h2> <form action="index.php?action=login" method="post"> <label>Username:</label> <input type="text" name="username" id="username" /> <label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" /> <label><input type="submit" value="Login" style="margin-top: 5px;" /></label> </form>'; if($_POST) { if($_POST['username'] || $_POST['password']) { $_SESSION['username'] = stripslashes($_POST['username']); $_SESSION['password'] = stripslashes($_POST['password']); } } switch($action) { case "login": $result = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND password = '".mysql_real_escape_string($_SESSION['password'])."'") or die(mysql_error()); $num_rows = mysql_num_rows($result); if($num_rows == 0) { echo $login_error; } else { header("location:index.php"); } break; case "logout": session_destroy(); ob_end_flush(); echo $login; header("location:index.php"); break; } $sql = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND password = '".mysql_real_escape_string($_SESSION['password'])."'") or die(mysql_error()); $results = mysql_fetch_object($sql); $username = $results->username; if(!$_SESSION['username']) { echo $login; } else { echo '<h2>Recent Projects</h2>'; echo '<ul>'; $query = mysql_query("SELECT * FROM added_projects ORDER BY id DESC LIMIT 0,10") or die(mysql_error()); while($results = mysql_fetch_object($query)) { echo '<li><a href="tools.php?action=view&id=' . $results->id . '">' . $results->project . '</a></li>'; } echo '</ul>'; } ?> The above code is in a file called rightnav.php and is included on the individual pages I also duplicated the session_start code in the included header file (that is also included on every page): session_start(); ob_start(); When I login using a wrong username and/or password (for testing) I receive the $login_error var but the While statement displays results and if you refresh the page the session begins! Any ideas on how to fix this? Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted September 24, 2008 Author Share Posted September 24, 2008 bump Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted September 24, 2008 Author Share Posted September 24, 2008 can anyone help? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted September 24, 2008 Share Posted September 24, 2008 Wow. Impatient. Well, if you are including a file that has session_start, and the page that is requesting the inclusion also has session start, you're doing it one time too many. including a file is the same as every line of the script being in the file requesting the inclusion. Second. Bumping 2 times in an hour is kinda annoying. Third. Your code is messy. Here's a cleaned up version: <?php session_start(); ob_start(); include "sql.php"; $action = $_GET['action']; $login_error = '<h2 style="color: red">Login Failed, Try Again</h2> <form action="index.php?action=login" method="post"> <label>Username:</label> <input type="text" name="username" id="username" /> <label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" /> <label><input type="submit" value="Login" style="margin-top: 5px;" /></label> </form>'; $login = '<h2>Login</h2> <form action="index.php?action=login" method="post"> <label>Username:</label> <input type="text" name="username" id="username" /> <label style="margin-top: 5px;">Password: </label> <input type="password" name="password" id="password" /> <label><input type="submit" value="Login" style="margin-top: 5px;" /></label> </form>'; if($_POST) { if($_POST['username'] || $_POST['password']) { $_SESSION['username'] = stripslashes($_POST['username']); $_SESSION['password'] = stripslashes($_POST['password']); } } switch($action) { case "login": $result = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND password = '".mysql_real_escape_string($_SESSION['password'])."'") or die(mysql_error()); $num_rows = mysql_num_rows($result); if($num_rows == 0) { echo $login_error; } else { header("location:index.php"); } break; case "logout": session_destroy(); ob_end_flush(); echo $login; header("location:index.php"); break; } $sql = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['username'])."' AND password = '".mysql_real_escape_string($_SESSION['password'])."'") or die(mysql_error()); $results = mysql_fetch_object($sql); $username = $results->username; if(!$_SESSION['username']) { echo $login; } else { echo '<h2>Recent Projects</h2>'; echo '<ul>'; $query = mysql_query("SELECT * FROM added_projects ORDER BY id DESC LIMIT 0,10") or die(mysql_error()); while($results = mysql_fetch_object($query)) { echo '<li><a href="tools.php?action=view&id=' . $results->id . '">' . $results->project . '</a></li>'; } echo '</ul>'; } ?> Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted September 24, 2008 Author Share Posted September 24, 2008 sorry for the bumping saga, I have fixed my issue. I placed the rightnav.php file in the header.php file and everything began working itself out after I weaked some more of the code. Thanks again! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.