vetman Posted November 25, 2008 Share Posted November 25, 2008 I could use some help or direction, I'm having trouble with sessions and my login script and members only page. My login seems to work but when I try to use sessions I can't get it to work right. If I dont put in the correct password it should not let me see the webpage, but it does. Any help would be appreciated. Thanks in advance. Checklogin code: <?php session_start(); ini_set( 'display_errors', '1' ); error_reporting ( 2047 ); $host="xxxxxxx.net"; // Host name $username="xxxxxxxx"; // Mysql username $password="xxxxxxxx"; // Mysql password $db_name="xxxxxx"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect($host, $username, $password)or die("cannot connect"); mysql_select_db($db_name)or die("cannot select DB"); if(isset($_POST['submit'])); // Username and password sent from signup form // First we remove all HTML-tags and PHP-tags, then we create a sha1-hash // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql) or die(mysql_error()); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_session['myusername'] = $myusername; $_session['mypassword'] = $mypassword; header("location:login_success.php"); } else { header("location:login_fail.php"); } ?> Login_success code: <?php session_start(); ?> <?php include('header.php');?> <?php include('mainnav.php');?> <?php include 'config.php'; // Connect to server and select database. mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect"); mysql_select_db("vvvvvv")or die("cannot select DB"); $result = mysql_query("SELECT * FROM $dbname") or die(mysql_error()); // store the record of the "lakestmill" table into $row $current = ''; // keeps getting the next row until there are no more to get while($row = mysql_fetch_array( $result )) { $id = $row['id']; if (!$current) { echo "<center><div><table border='1' width='300'>"; $current = $id; } elseif ($current != $id){ echo "</table></div><br><br><div><table border='1' width='300'>"; $current = $id; } ?> <tr><th width='80' height='3'> Unit No.</th><td><?= $row['unit']; ?></td></tr> <tr><th> Company</th><td><?= $row['company']; ?></td></tr> <tr><th> FirstName</th><td><?= $row['firstname']; ?></td></tr> <tr><th> LastName</th><td><?= $row['lastname']; ?></td></tr> <tr><th> Email</th><td><a href="mailto:<?= $row['email']; ?>"><?= $row['email']; ?></a></td></tr> <tr><th> Address</th><td><?= $row['address']; ?></td></tr> <tr><th> City</th><td><?= $row['city']; ?></td></tr> <tr><th> State</th><td><?= $row['state']; ?></td></tr> <tr><th> Zip Code</th><td><?= $row['zip']; ?></td></tr> <tr><th> Phone</th><td><?= $row['phone']; ?></td></tr> <tr><th>Update</th><td><a href="update_ls.php?id=<? echo $row['id'];?>">update</a></td></tr> <?php } echo "</table></div></center></body></html><br>"; ?> <?php mysql_close(); ?> <?php include('footer.php');?> Quote Link to comment https://forums.phpfreaks.com/topic/134282-solved-im-having-trouble-with-sessions-and-my-login-script-and-members-only-page/ Share on other sites More sharing options...
DeanWhitehouse Posted November 25, 2008 Share Posted November 25, 2008 You need something like <?php session_start(); if(!isset($_session['mypassword'])) { header("Location:NoSession.php"); } ?> Have a look at my example login code http://djw-webdesign.awardspace.com/snippet.php?cat=1#Basic%20Login_9 Quote Link to comment https://forums.phpfreaks.com/topic/134282-solved-im-having-trouble-with-sessions-and-my-login-script-and-members-only-page/#findComment-699066 Share on other sites More sharing options...
vetman Posted November 26, 2008 Author Share Posted November 26, 2008 I made you suggested change, now it does not let me see members only like it should, but the login doesn't work either now. This is what I've changed. <?php session_start(); if(!isset($_session['mypassword'])) { header("Location:main_login.php"); } ?> <?php include('header.php');?> <?php include('mainnav.php');?> <?php include 'config.php'; // Connect to server and select database. mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect"); mysql_select_db("vetmanpc")or die("cannot select DB"); $result = mysql_query("SELECT * FROM $dbname") or die(mysql_error()); // store the record of the "lakestmill" table into $row $current = ''; // keeps getting the next row until there are no more to get while($row = mysql_fetch_array( $result )) { $id = $row['id']; if (!$current) { echo "<center><div><table border='1' width='300'>"; $current = $id; } elseif ($current != $id){ echo "</table></div><br><br><div><table border='1' width='300'>"; $current = $id; } echo $myusername; echo $mypassword; ?> <tr><th width='80' height='3'> Unit No.</th><td><?= $row['unit']; ?></td></tr> <tr><th> Company</th><td><?= $row['company']; ?></td></tr> <tr><th> FirstName</th><td><?= $row['firstname']; ?></td></tr> <tr><th> LastName</th><td><?= $row['lastname']; ?></td></tr> <tr><th> Email</th><td><a href="mailto:<?= $row['email']; ?>"><?= $row['email']; ?></a></td></tr> <tr><th> Address</th><td><?= $row['address']; ?></td></tr> <tr><th> City</th><td><?= $row['city']; ?></td></tr> <tr><th> State</th><td><?= $row['state']; ?></td></tr> <tr><th> Zip Code</th><td><?= $row['zip']; ?></td></tr> <tr><th> Phone</th><td><?= $row['phone']; ?></td></tr> <tr><th>Update</th><td><a href="update_ls.php?id=<? echo $row['id'];?>">update</a></td></tr> <?php } echo "</table></div></center></body></html><br>"; ?> <?php mysql_close(); ?> <?php include('footer.php');?> My login script is below: <?php session_start(); ini_set( 'display_errors', '1' ); error_reporting ( 2047 ); $host="xxxxxxx.net"; // Host name $username="xxxxxxxx"; // Mysql username $password="xxxxxxx"; // Mysql password $db_name="xxxxxxx"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect($host, $username, $password)or die("cannot connect"); mysql_select_db($db_name)or die("cannot select DB"); // Username and password sent from signup form // First we remove all HTML-tags and PHP-tags, then we create a sha1-hash // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql) or die(mysql_error()); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_session['myusername'] = $myusername; $_session['mypassword'] = $mypassword; header("location:login_success.php"); } else { header("location:login_fail.php"); } ?> The fail part of the script still works. Any other suggestions? Thanks again. Quote Link to comment https://forums.phpfreaks.com/topic/134282-solved-im-having-trouble-with-sessions-and-my-login-script-and-members-only-page/#findComment-699095 Share on other sites More sharing options...
DeanWhitehouse Posted November 26, 2008 Share Posted November 26, 2008 <?php error_reporting(E_ALL); ini_set('display_errors',true); session_start(); if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != true) { header("Location:main_login.php"); } require_once'header.php'; require_once'mainnav.php'; require_once 'config.php'; // Connect to server and select database. mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect"); mysql_select_db("vetmanpc")or die("cannot select DB"); $result = mysql_query("SELECT * FROM $dbname") or die(mysql_error()); // store the record of the "lakestmill" table into $row $current = ''; // keeps getting the next row until there are no more to get while($row = mysql_fetch_array( $result )) { $id = $row['id']; if (!$current) { echo "<center><div><table border='1' width='300'>"; $current = $id; } elseif ($current != $id) { echo "</table></div><br><br><div><table border='1' width='300'>"; $current = $id; } echo $myusername; echo $mypassword; ?> <tr><th width='80' height='3'> Unit No.</th><td><?= $row['unit']; ?></td></tr> <tr><th> Company</th><td><?= $row['company']; ?></td></tr> <tr><th> FirstName</th><td><?= $row['firstname']; ?></td></tr> <tr><th> LastName</th><td><?= $row['lastname']; ?></td></tr> <tr><th> Email</th><td><a href="mailto:<?= $row['email']; ?>"><?= $row['email']; ?></a></td></tr> <tr><th> Address</th><td><?= $row['address']; ?></td></tr> <tr><th> City</th><td><?= $row['city']; ?></td></tr> <tr><th> State</th><td><?= $row['state']; ?></td></tr> <tr><th> Zip Code</th><td><?= $row['zip']; ?></td></tr> <tr><th> Phone</th><td><?= $row['phone']; ?></td></tr> <tr><th>Update</th><td><a href="update_ls.php?id=<? echo $row['id'];?>">update</a></td></tr> <?php } echo "</table></div></center></body></html><br>"; mysql_close(); include('footer.php'); ?> <?php error_reporting(E_ALL); ini_set('display_errors',true); session_start(); if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) { header("Location:members.php");//the page you go once you have logged in } $host="p41mysql141.secureserver.net"; // Host name $username="rwts_webmaster"; // Mysql username $password="Pfcram1910"; // Mysql password $db_name="rwts_webmaster"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect($host, $username, $password)or die("cannot connect"); mysql_select_db($db_name)or die("cannot select DB"); // Username and password sent from signup form // First we remove all HTML-tags and PHP-tags, then we create a sha1-hash // username and password sent from form $myusername = $_POST['myusername']; $mypassword = $_POST['mypassword']; // To protect MySQL injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql) or die(mysql_error()); // Mysql_num_row is counting table row $count = mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['logged_in'] = true; $_session['myusername'] = $myusername; $_session['mypassword'] = $mypassword; header("location:login_success.php"); } else { header("location:login_fail.php"); } ?> Try them , they are untested but look ok. Quote Link to comment https://forums.phpfreaks.com/topic/134282-solved-im-having-trouble-with-sessions-and-my-login-script-and-members-only-page/#findComment-699098 Share on other sites More sharing options...
vetman Posted November 26, 2008 Author Share Posted November 26, 2008 Hey Blade280891 works the balls! Thanks for your help. I can see by your knowledge I have a very lot to learn. I really appreciate your help. Quote Link to comment https://forums.phpfreaks.com/topic/134282-solved-im-having-trouble-with-sessions-and-my-login-script-and-members-only-page/#findComment-699113 Share on other sites More sharing options...
EchoFool Posted November 26, 2008 Share Posted November 26, 2008 Don't forget to hit the topic solved button if your problem is solved vetman Quote Link to comment https://forums.phpfreaks.com/topic/134282-solved-im-having-trouble-with-sessions-and-my-login-script-and-members-only-page/#findComment-699114 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.