Jump to content

help with sessions and login in

ROCKINDANO

By ROCKINDANO
in PHP Coding Help

 Share

Recommended Posts

ROCKINDANO Member

ROCKINDANO

Posted
Posted

Hello all,

 

i am working on a project on posting job openings. i have 2 tables (fulltime and parttime). they list all opening available. so i have a log in page (login.php) where user types user name and password. then goes to validate and then takes them to the form that must be filled to update db.

 

however, when i log in it show my user name and takes me to the form. but once i update a table, i have a confirmation page that list links to view posting or back to the update form.

 

but when i click on the post another which will take me back to the update form it throws me back to the login page instead. ??? i am guessing its with the sessions on keeping the ip_addr or user_id.

 

any help?

 

here are my five files:

login.php

	<form method="post" action="validatehr.php">
          <div class="intro">
            <p style="color:#999999">Welcome, you have reached the City of Edinburg's Human Resource login form. Please log in using your login credentials, in order to update job postings. After logging in you will be prompt to choose whether you want to up date the full-time or part-time openings.</p>
          </div>
          <div class="loginform"><br />
            <p style="color:#999999">User Name:
              <input type="text" name="user_name" size="15" maxlength="25" style="border:1px solid #999999" />
                </p>
            <p style="color:#999999">Password:  
        <input type="password" name="password" size="15" maxlength="25" /><br />
            </p>
            <br />
            <input type="submit" name="submit" value="Login" />
            <input type="submit" name="Cancle" value="Close Window" onclick="window.close()" />

          </div>
          
	</form>

 

validatehr.php

<?php

	if(!isset($_POST["user_name"]) || !isset($_POST["password"]))
	die("invalid operation5555555555");
	$goback = "<br /><br />Please <a href=\"login.html\">go back</a> and try again.";

	if(empty($_POST["user_name"])) die("<br />The username field cannot be left blank11111.");
	if(empty($_POST["password"])) die("<br />The Password field cannot be left blank");
	$user_name = $_POST["user_name"];
	$password = md5(trim($_POST["password"]));
//		$user_name = mysql_real_escape_string($_POST["user_name"]);

	if (!$db = mysql_connect('localhost','XXXXX','pass'))
	{
	print"Error: could not connect to the database.<br>".mysql_error();
	exit;
	}

	@mysql_select_db('edinburg_site') or die(mysql_error());  



	$query = "SELECT * FROM `users` WHERE user_name = '{$user_name}' AND password = '{$password}'";
	$result = mysql_query($query) or die(mysql_error());

	if(mysql_num_rows($result) == 0)
		die("<br />Invalid username or password!<br />{$goback}");

		$row = mysql_fetch_array($result);
		session_start();
		$_SESSION["user_id"]=$row["user_id"];
		$_SESSION["ip_addr"]=$_SERVER["REMOTE_ADDR"];
		$_SESSION["user_name"]=$row["user_name"];

		header("LOCATION: hrupdatefull.php");
		?>

 

hrupdatefull.php


    <?php
				$user_id=$_SESSION["user_id"];
				$ip_addr=$_SESSION["ip_addr"];

				if($ip_addr != $_SERVER["REMOTE_ADDR"])
				 die("invalid operation!!!<br /> please login first");

		//DISPLAYS USERNAME IF ALREADY LOGGED IN. 
		if(isset($_SESSION["user_name"])) 
		{
			print"<div style=\"float:right; border:1px solid $000000\"><p style=\"font-size: 10px\">You are logged in as:   <br />";
			print "".$_SESSION["user_name"]." ";			
			if(isset($_SESSION["user_name"])) 
			print"<a href=\"logout.php\">Logout!</a></p></div><br />";
				print"Hello, {$_SESSION['user_name']} ";
				print"Welcome.";

				print $user_id;
				print $user_name;
		}
			else {header("location: login.php");}
?>
<div class="form1">
<div id="logo"><img src="images/citylogo.png" title="" border="0" /></div>
<p>Please fill out the form below to update a new job opening. Once you have filled the form completely, check the correct radio button at the bottom of the form, for the appropriate update (full-time or part-time). If you wish to delete a opening that has been filled please click on view all openings and delete the opening that you want to delete.
  <form method="post" action="updatefulltime.php">
    <table width="80%" border="0" cellspacing="5" cellpadding="0">
  <tr><td colspan="2">Title & Department: <input name="department" type="text" value=" " size="50" maxlength="100" /></td></tr>
  <tr><td colspan="2">Pay Rate: <input name="pay" type="text" value=" " size="10" maxlength="4"  /></td></tr>
  <tr><td colspan="2">Job #: <input name="jobnum" type="text" value=" " size="10" maxlength="10" /></td></tr>
  <tr><td colspan="2">Closing Date: <input name="dateclose" type="text" value=" " size="15" maxlength="15" /></td></tr>
  <tr><td colspan="2">Job Summary:</td></tr>
  <tr><td colspan="2"><textarea name="summary" cols="100" rows="10"></textarea></td></tr>
  <tr><td colspan="2">Example of work:</td></tr>
  <tr><td colspan="2"><textarea name="ex" cols="100" rows="10"></textarea></td></tr>
  <tr><td colspan="2">Equipment and Materials: </td></tr>
  <tr><td colspan="2"><textarea name="description" cols="100" rows="10"></textarea></td></tr>
  <tr><td colspan="2">Conditions:</td></tr>
  <tr><td colspan="2"><textarea name="conditions" cols="100" rows="10"></textarea></td></tr>
  <tr><td colspan="2">Education:</td></tr>
  <tr><td colspan="2"><textarea name="ed" cols="100" rows="10"></textarea></td></tr>
  <tr><td><input type="radio" name="searchType" checked="checked" value="fulltime" />full time<br /><input type="radio" name="searchType" value="parttime" />part time</td></tr>
  <tr><td colspan="2"><input name="submit" type="submit" value="submit" /><input type="reset" name="Reset" value="Clear Fields" /></td></tr>
</table>
  </form>

 

updatefulltime.php

		<?php

		//DISPLAYS USERNAME IF ALREADY LOGGED IN. 
		if(isset($_SESSION["user_name"])) 
		{
			print"<div style=\"float:right; border:1px solid $000000\"><p style=\"font-size: 10px\">You are logged in as:   <br />";
			print "".$_SESSION["user_name"]." ";			
			if(isset($_SESSION["user_name"])) 
			print"<a href=\"logout.php\">Logout!</a></p></div><br />";
		}

			if(!($db = @ mysql_connect('localhost', 'xxxxx', 'pass')))
			{
				print "Error: Could not connect to our database sorry for any inconvience.<br /> Please try at a later time.".mysql_error();
			}

				 //select which database you want to edit
				mysql_select_db('edinburg_site'); 
				$searchType = $_POST["searchType"];

				$department=$_POST["department"];
				$pay=$_POST["pay"];
				$jobnum=$_POST["jobnum"];
				$dateclose=$_POST["dateclose"];
				$job_id=$_POST["job_id"];
				$summary=$_POST["summary"];
				$description=$_POST["description"];
				$conditions=$_POST["conditions"];
				$ex=$_POST["ex"];
				$ed=$_POST["ed"];

				if(empty($department) || empty($pay))
				die ("<p>You can't leave the title field blanck.</p>");

					else
					{
						if($searchType=="fulltime") 
						{
							$query= "INSERT INTO fulltime VALUES ('{$department}','{$pay}','{$jobnum}','{$dateclose}',null, '{$summary}','{$description}','{$conditions}','{$ex}','{$ed}')";
							$result = mysql_query($query) or die(mysql_error());
							$job_id = mysql_insert_id();

							print "You just have updated the Full-Time Employment Database. What do you want to do next? Please select from the following list.";
							print "<ul>";
							print "<li><a href=\"fullemp.php\">View a updated Full-Time Job Postings</a></li>";
							print "<li><a href=\"hrupdatefull.php\">Add another position</a></li>";
							print "</ul>";

						}
						else if($searchType == "parttime")
						{
							$query= "INSERT INTO parttime VALUES (null,'{$department}','{$pay}','{$jobnum}','{$dateclose}', '{$summary}','{$description}','{$conditions}','{$ex}','{$ed}')";
							$result = mysql_query($query) or die(mysql_error());
							$job_id = mysql_insert_id();

							print "You just have updated the Part-Time Employment Database. What do you want to do next? Please select from the following list.";
							print "<ul>";
							print "<li><a href=\"partime.php\">View a updated Part-Time Job Postings</a></li>";
							print "<li><a href=\"hrupdatefull.php\">Add another position</a></li>";
							print "</ul>";
						}
					}

				session_start();
				$_SESSION["user_id"] = $user_id;
				$_SESSION["ip_addr"] = $_SERVER["REMOTE_ADDR"];
				$_SESSION["user_name"] = $user_name;
				print $user_id;
				print $user_name;

		?>

 

logout.php

				<?php
					session_start();
					if(!isset($_SESSION["user_id"]) || !isset($_SESSION["ip_addr"]))
				 	die("invalid operation!!!<br /> please login first");

					$user_id=$_SESSION["user_id"];
					$ip_addr=$_SESSION["ip_addr"];

					if ($ip_addr != $_SERVER["REMOTE_ADDR"])
					 die("invalid operation!!!<br /> please login first1111111111111111");

					session_destroy();
					header("Location: login.php");
				?>

Link to comment
https://forums.phpfreaks.com/topic/142176-help-with-sessions-and-login-in/
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.