Jump to content

[SOLVED] I'm having trouble with sessions and my login script and members only page.


vetman

Recommended Posts

I could use some help or direction, I'm having trouble with sessions and my login script and members only page. My login seems to work but when I try to use sessions I can't get it to work right. If I dont put in the correct password it should not let me see the webpage, but it does. Any help would be appreciated.

Thanks in advance.

Checklogin code:

<?php
session_start();

ini_set( 'display_errors', '1' );
error_reporting ( 2047 );

$host="xxxxxxx.net"; // Host name
$username="xxxxxxxx"; // Mysql username
$password="xxxxxxxx"; // Mysql password
$db_name="xxxxxx"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

if(isset($_POST['submit']));
// Username and password sent from signup form
// First we remove all HTML-tags and PHP-tags, then we create a sha1-hash

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die(mysql_error());

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_session['myusername'] = $myusername;
$_session['mypassword'] = $mypassword;

header("location:login_success.php");



}
else {
header("location:login_fail.php");
}
?>

 

Login_success code:

 

<?php
session_start();
?>
<?php include('header.php');?>
<?php include('mainnav.php');?>
<?php
include 'config.php';


// Connect to server and select database.
mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect");
mysql_select_db("vvvvvv")or die("cannot select DB");

$result = mysql_query("SELECT * FROM $dbname") or die(mysql_error());
// store the record of the "lakestmill" table into $row
$current = '';

// keeps getting the next row until there are no more to get
while($row = mysql_fetch_array( $result )) {
$id = $row['id'];
if (!$current) {
echo "<center><div><table border='1' width='300'>";
$current = $id;
} elseif ($current != $id){
echo "</table></div><br><br><div><table border='1' width='300'>";
$current = $id;
}
?>

<tr><th width='80' height='3'> Unit No.</th><td><?= $row['unit']; ?></td></tr>
<tr><th> Company</th><td><?= $row['company']; ?></td></tr>
<tr><th> FirstName</th><td><?= $row['firstname']; ?></td></tr>
<tr><th> LastName</th><td><?= $row['lastname']; ?></td></tr>
<tr><th> Email</th><td><a href="mailto:<?= $row['email']; ?>"><?= $row['email']; ?></a></td></tr>
<tr><th> Address</th><td><?= $row['address']; ?></td></tr>
<tr><th> City</th><td><?= $row['city']; ?></td></tr>
<tr><th> State</th><td><?= $row['state']; ?></td></tr>
<tr><th> Zip Code</th><td><?= $row['zip']; ?></td></tr>
<tr><th> Phone</th><td><?= $row['phone']; ?></td></tr>
<tr><th>Update</th><td><a href="update_ls.php?id=<? echo $row['id'];?>">update</a></td></tr>
<?php
}
echo "</table></div></center></body></html><br>";
?>
<?php
mysql_close();
?>
<?php include('footer.php');?>

 

You need something like

<?php
session_start();
if(!isset($_session['mypassword']))
{
header("Location:NoSession.php");
}
?>

Have a look at my example login code

http://djw-webdesign.awardspace.com/snippet.php?cat=1#Basic%20Login_9

I made you suggested change, now it does not let me see members only like it should, but the login doesn't work either now.

This is what I've changed.

 

<?php
session_start();
if(!isset($_session['mypassword']))
{
header("Location:main_login.php");
}
?>
<?php include('header.php');?>
<?php include('mainnav.php');?>
<?php
include 'config.php';


// Connect to server and select database.
mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect");
mysql_select_db("vetmanpc")or die("cannot select DB");

$result = mysql_query("SELECT * FROM $dbname") or die(mysql_error());
// store the record of the "lakestmill" table into $row
$current = '';

// keeps getting the next row until there are no more to get
while($row = mysql_fetch_array( $result )) {
$id = $row['id'];
if (!$current) {
echo "<center><div><table border='1' width='300'>";
$current = $id;
} elseif ($current != $id){
echo "</table></div><br><br><div><table border='1' width='300'>";
$current = $id;
}
echo $myusername;
echo $mypassword;
?>

<tr><th width='80' height='3'> Unit No.</th><td><?= $row['unit']; ?></td></tr>
<tr><th> Company</th><td><?= $row['company']; ?></td></tr>
<tr><th> FirstName</th><td><?= $row['firstname']; ?></td></tr>
<tr><th> LastName</th><td><?= $row['lastname']; ?></td></tr>
<tr><th> Email</th><td><a href="mailto:<?= $row['email']; ?>"><?= $row['email']; ?></a></td></tr>
<tr><th> Address</th><td><?= $row['address']; ?></td></tr>
<tr><th> City</th><td><?= $row['city']; ?></td></tr>
<tr><th> State</th><td><?= $row['state']; ?></td></tr>
<tr><th> Zip Code</th><td><?= $row['zip']; ?></td></tr>
<tr><th> Phone</th><td><?= $row['phone']; ?></td></tr>
<tr><th>Update</th><td><a href="update_ls.php?id=<? echo $row['id'];?>">update</a></td></tr>
<?php
}
echo "</table></div></center></body></html><br>";
?>
<?php
mysql_close();
?>
<?php include('footer.php');?>

 

My login script is below:

 

<?php
session_start();

ini_set( 'display_errors', '1' );
error_reporting ( 2047 );

$host="xxxxxxx.net"; // Host name
$username="xxxxxxxx"; // Mysql username
$password="xxxxxxx"; // Mysql password
$db_name="xxxxxxx"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

// Username and password sent from signup form
// First we remove all HTML-tags and PHP-tags, then we create a sha1-hash

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die(mysql_error());

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_session['myusername'] = $myusername;
$_session['mypassword'] = $mypassword;

header("location:login_success.php");



}
else {
header("location:login_fail.php");
}
?>

 

The fail part of the script still works.

Any other suggestions?

Thanks again.

 

<?php
error_reporting(E_ALL);
ini_set('display_errors',true);
session_start();
if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != true)
{
header("Location:main_login.php");
}

require_once'header.php';
require_once'mainnav.php';
require_once 'config.php';


// Connect to server and select database.
mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect");
mysql_select_db("vetmanpc")or die("cannot select DB");

$result = mysql_query("SELECT * FROM $dbname") or die(mysql_error());
// store the record of the "lakestmill" table into $row
$current = '';

// keeps getting the next row until there are no more to get
while($row = mysql_fetch_array( $result )) 
{
   $id = $row['id'];
if (!$current) 
{
   echo "<center><div><table border='1' width='300'>";
   $current = $id;
} 
elseif ($current != $id)
{
   echo "</table></div><br><br><div><table border='1' width='300'>";
   $current = $id;
}
echo $myusername;
echo $mypassword;
?>
<tr><th width='80' height='3'> Unit No.</th><td><?= $row['unit']; ?></td></tr>
<tr><th> Company</th><td><?= $row['company']; ?></td></tr>
<tr><th> FirstName</th><td><?= $row['firstname']; ?></td></tr>
<tr><th> LastName</th><td><?= $row['lastname']; ?></td></tr>
<tr><th> Email</th><td><a href="mailto:<?= $row['email']; ?>"><?= $row['email']; ?></a></td></tr>
<tr><th> Address</th><td><?= $row['address']; ?></td></tr>
<tr><th> City</th><td><?= $row['city']; ?></td></tr>
<tr><th> State</th><td><?= $row['state']; ?></td></tr>
<tr><th> Zip Code</th><td><?= $row['zip']; ?></td></tr>
<tr><th> Phone</th><td><?= $row['phone']; ?></td></tr>
<tr><th>Update</th><td><a href="update_ls.php?id=<? echo $row['id'];?>">update</a></td></tr>
<?php
}
echo "</table></div></center></body></html><br>";

mysql_close();
include('footer.php');
?>

<?php
error_reporting(E_ALL);
ini_set('display_errors',true);
session_start();
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true)
{
header("Location:members.php");//the page you go once you have logged in
}
$host="p41mysql141.secureserver.net"; // Host name
$username="rwts_webmaster"; // Mysql username
$password="Pfcram1910"; // Mysql password
$db_name="rwts_webmaster"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

// Username and password sent from signup form
// First we remove all HTML-tags and PHP-tags, then we create a sha1-hash

// username and password sent from form
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die(mysql_error());

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['logged_in'] = true;
$_session['myusername'] = $myusername;
$_session['mypassword'] = $mypassword;
header("location:login_success.php");
}
else 
{
header("location:login_fail.php");
}
?>

Try them , they are untested but look ok.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.