Jump to content

[SOLVED] I'm having trouble with sessions and my login script and members only page.


Recommended Posts

I could use some help or direction, I'm having trouble with sessions and my login script and members only page. My login seems to work but when I try to use sessions I can't get it to work right. If I dont put in the correct password it should not let me see the webpage, but it does. Any help would be appreciated.

Thanks in advance.

Checklogin code:

<?php
session_start();

ini_set( 'display_errors', '1' );
error_reporting ( 2047 );

$host="xxxxxxx.net"; // Host name
$username="xxxxxxxx"; // Mysql username
$password="xxxxxxxx"; // Mysql password
$db_name="xxxxxx"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

if(isset($_POST['submit']));
// Username and password sent from signup form
// First we remove all HTML-tags and PHP-tags, then we create a sha1-hash

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die(mysql_error());

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_session['myusername'] = $myusername;
$_session['mypassword'] = $mypassword;

header("location:login_success.php");



}
else {
header("location:login_fail.php");
}
?>

 

Login_success code:

 

<?php
session_start();
?>
<?php include('header.php');?>
<?php include('mainnav.php');?>
<?php
include 'config.php';


// Connect to server and select database.
mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect");
mysql_select_db("vvvvvv")or die("cannot select DB");

$result = mysql_query("SELECT * FROM $dbname") or die(mysql_error());
// store the record of the "lakestmill" table into $row
$current = '';

// keeps getting the next row until there are no more to get
while($row = mysql_fetch_array( $result )) {
$id = $row['id'];
if (!$current) {
echo "<center><div><table border='1' width='300'>";
$current = $id;
} elseif ($current != $id){
echo "</table></div><br><br><div><table border='1' width='300'>";
$current = $id;
}
?>

<tr><th width='80' height='3'> Unit No.</th><td><?= $row['unit']; ?></td></tr>
<tr><th> Company</th><td><?= $row['company']; ?></td></tr>
<tr><th> FirstName</th><td><?= $row['firstname']; ?></td></tr>
<tr><th> LastName</th><td><?= $row['lastname']; ?></td></tr>
<tr><th> Email</th><td><a href="mailto:<?= $row['email']; ?>"><?= $row['email']; ?></a></td></tr>
<tr><th> Address</th><td><?= $row['address']; ?></td></tr>
<tr><th> City</th><td><?= $row['city']; ?></td></tr>
<tr><th> State</th><td><?= $row['state']; ?></td></tr>
<tr><th> Zip Code</th><td><?= $row['zip']; ?></td></tr>
<tr><th> Phone</th><td><?= $row['phone']; ?></td></tr>
<tr><th>Update</th><td><a href="update_ls.php?id=<? echo $row['id'];?>">update</a></td></tr>
<?php
}
echo "</table></div></center></body></html><br>";
?>
<?php
mysql_close();
?>
<?php include('footer.php');?>

 

You need something like

<?php
session_start();
if(!isset($_session['mypassword']))
{
header("Location:NoSession.php");
}
?>

Have a look at my example login code

http://djw-webdesign.awardspace.com/snippet.php?cat=1#Basic%20Login_9

I made you suggested change, now it does not let me see members only like it should, but the login doesn't work either now.

This is what I've changed.

 

<?php
session_start();
if(!isset($_session['mypassword']))
{
header("Location:main_login.php");
}
?>
<?php include('header.php');?>
<?php include('mainnav.php');?>
<?php
include 'config.php';


// Connect to server and select database.
mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect");
mysql_select_db("vetmanpc")or die("cannot select DB");

$result = mysql_query("SELECT * FROM $dbname") or die(mysql_error());
// store the record of the "lakestmill" table into $row
$current = '';

// keeps getting the next row until there are no more to get
while($row = mysql_fetch_array( $result )) {
$id = $row['id'];
if (!$current) {
echo "<center><div><table border='1' width='300'>";
$current = $id;
} elseif ($current != $id){
echo "</table></div><br><br><div><table border='1' width='300'>";
$current = $id;
}
echo $myusername;
echo $mypassword;
?>

<tr><th width='80' height='3'> Unit No.</th><td><?= $row['unit']; ?></td></tr>
<tr><th> Company</th><td><?= $row['company']; ?></td></tr>
<tr><th> FirstName</th><td><?= $row['firstname']; ?></td></tr>
<tr><th> LastName</th><td><?= $row['lastname']; ?></td></tr>
<tr><th> Email</th><td><a href="mailto:<?= $row['email']; ?>"><?= $row['email']; ?></a></td></tr>
<tr><th> Address</th><td><?= $row['address']; ?></td></tr>
<tr><th> City</th><td><?= $row['city']; ?></td></tr>
<tr><th> State</th><td><?= $row['state']; ?></td></tr>
<tr><th> Zip Code</th><td><?= $row['zip']; ?></td></tr>
<tr><th> Phone</th><td><?= $row['phone']; ?></td></tr>
<tr><th>Update</th><td><a href="update_ls.php?id=<? echo $row['id'];?>">update</a></td></tr>
<?php
}
echo "</table></div></center></body></html><br>";
?>
<?php
mysql_close();
?>
<?php include('footer.php');?>

 

My login script is below:

 

<?php
session_start();

ini_set( 'display_errors', '1' );
error_reporting ( 2047 );

$host="xxxxxxx.net"; // Host name
$username="xxxxxxxx"; // Mysql username
$password="xxxxxxx"; // Mysql password
$db_name="xxxxxxx"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

// Username and password sent from signup form
// First we remove all HTML-tags and PHP-tags, then we create a sha1-hash

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die(mysql_error());

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_session['myusername'] = $myusername;
$_session['mypassword'] = $mypassword;

header("location:login_success.php");



}
else {
header("location:login_fail.php");
}
?>

 

The fail part of the script still works.

Any other suggestions?

Thanks again.

 

<?php
error_reporting(E_ALL);
ini_set('display_errors',true);
session_start();
if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != true)
{
header("Location:main_login.php");
}

require_once'header.php';
require_once'mainnav.php';
require_once 'config.php';


// Connect to server and select database.
mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect");
mysql_select_db("vetmanpc")or die("cannot select DB");

$result = mysql_query("SELECT * FROM $dbname") or die(mysql_error());
// store the record of the "lakestmill" table into $row
$current = '';

// keeps getting the next row until there are no more to get
while($row = mysql_fetch_array( $result )) 
{
   $id = $row['id'];
if (!$current) 
{
   echo "<center><div><table border='1' width='300'>";
   $current = $id;
} 
elseif ($current != $id)
{
   echo "</table></div><br><br><div><table border='1' width='300'>";
   $current = $id;
}
echo $myusername;
echo $mypassword;
?>
<tr><th width='80' height='3'> Unit No.</th><td><?= $row['unit']; ?></td></tr>
<tr><th> Company</th><td><?= $row['company']; ?></td></tr>
<tr><th> FirstName</th><td><?= $row['firstname']; ?></td></tr>
<tr><th> LastName</th><td><?= $row['lastname']; ?></td></tr>
<tr><th> Email</th><td><a href="mailto:<?= $row['email']; ?>"><?= $row['email']; ?></a></td></tr>
<tr><th> Address</th><td><?= $row['address']; ?></td></tr>
<tr><th> City</th><td><?= $row['city']; ?></td></tr>
<tr><th> State</th><td><?= $row['state']; ?></td></tr>
<tr><th> Zip Code</th><td><?= $row['zip']; ?></td></tr>
<tr><th> Phone</th><td><?= $row['phone']; ?></td></tr>
<tr><th>Update</th><td><a href="update_ls.php?id=<? echo $row['id'];?>">update</a></td></tr>
<?php
}
echo "</table></div></center></body></html><br>";

mysql_close();
include('footer.php');
?>

<?php
error_reporting(E_ALL);
ini_set('display_errors',true);
session_start();
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true)
{
header("Location:members.php");//the page you go once you have logged in
}
$host="p41mysql141.secureserver.net"; // Host name
$username="rwts_webmaster"; // Mysql username
$password="Pfcram1910"; // Mysql password
$db_name="rwts_webmaster"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

// Username and password sent from signup form
// First we remove all HTML-tags and PHP-tags, then we create a sha1-hash

// username and password sent from form
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die(mysql_error());

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['logged_in'] = true;
$_session['myusername'] = $myusername;
$_session['mypassword'] = $mypassword;
header("location:login_success.php");
}
else 
{
header("location:login_fail.php");
}
?>

Try them , they are untested but look ok.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.