r2ks Posted June 10, 2009 Share Posted June 10, 2009 Ok i am a Total newbie at all this i have a Site working on i uploaded and here is what is going on the Login form i sign into it takes me to the page i want to go to. Here is the Kicker ( when i Close the Browser and Go back to the Site i should get the Login form it takes me directly to the Page no signing in at all ) i have tried everything..( Clear Cache in browser, delete cookies ) help !!! <?php if ($_SESSION["admin"] == 0) Header("Location: sponser.php"); else { //redirect to Guest area Header("Location: admin.php"); } ?> <?php include ('conn.php'); session_start(); //$pass5= md5($password); //TEST TO SEE IF THE ENCRYPTED PASSWORD MATCHES IN THE DB, WHICH IT DON'T! //echo $password2; if(isset($_GET['op']) and $_GET['op'] == 'login') { if (!$_POST["username"] || !$_POST["password"]) { die("You need to provide a username and password. Please Hit the Back Button"); } // Create query $q = "SELECT * FROM `users` " ."WHERE `username`='".$_POST["username"]."' " ."AND `password`='".md5 ($_POST["password"])."' " ."LIMIT 1 "; // Run query $r = mysql_query($q); if ( $obj = mysql_fetch_object($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["username"]; $_SESSION["valid_time"] = time(); $_SESSION["admin"] = $obj->admin; // Redirect to member page } else { // Login not successful die("Sorry, could not log you in. Wrong login information.<a href=\"index.php\">PLEASE Sign Back in</a>"); } } else { //If all went right the Web form appears and users can log in echo "<form action=\"?op=login\" method=\"POST\">"; echo "Username: <input name=\"username\" size=\"15\"><br />"; echo "Password: <input type=\"password\" name=\"password\" size=\"15\"><br />"; echo "<input type=\"submit\" value=\"Login\">"; echo "</form>"; } ?> Quote Link to comment Share on other sites More sharing options...
r2ks Posted June 10, 2009 Author Share Posted June 10, 2009 Ok I will Reply back to my self LOL here is what i have done changed the website Directory by one letter and it worked i got the Login page again, Logged in and it did it again. it continues to bring me to the Page i can not move away from the Page i typed in the URL and index.php foward me right to the sponser.php page . I have tried session_unset(); session_destroy(); Nothing can anyone explain what is going on with this. Quote Link to comment Share on other sites More sharing options...
mattal999 Posted June 10, 2009 Share Posted June 10, 2009 This code, regardless of whether the SESSION admin is set or not redirects you. <?php if ($_SESSION["admin"] == 0) Header("Location: sponser.php"); else { //redirect to Guest area Header("Location: admin.php"); } ?> It checks if the SESSION 'admin' is 0, and if it is, go to sponser.php. However, the else says that no matter what the value of 'admin' is (even if it is not set), go to admin.php. You need to check that all 4 sessions are set before even attempting a redirect. Quote Link to comment Share on other sites More sharing options...
r2ks Posted June 10, 2009 Author Share Posted June 10, 2009 Thanks so Much it Make so much since here is what i did ??? if ($_SESSION["admin"] = 0) { Header("Location: sponser.php"); } else if ($_SESSION["admin"] = 1) { //redirect to Guest area Header("Location: admin.php"); exit(); } if i click on logout on the sponser.php page it Just Loops me Back to the Sponser.php page it should bring me back to index.php if i remove this info it works ??? Quote Link to comment Share on other sites More sharing options...
taquitosensei Posted June 10, 2009 Share Posted June 10, 2009 use double equals if ($_SESSION["admin"] == 0) { Header("Location: sponser.php"); } else if ($_SESSION["admin"] == 1) { //redirect to Guest area Header("Location: admin.php"); exit(); } Quote Link to comment Share on other sites More sharing options...
r2ks Posted June 10, 2009 Author Share Posted June 10, 2009 if ($_SESSION["admin"] == 0) { Header("Location: sponser.php"); } else if ($_SESSION["admin"] == 1) { //redirect to Guest area Header("Location: admin.php"); exit(); I did place error checking on ini_set ("display_errors", "1"); error_reporting(E_ALL); and i get this Notice: Undefined variable: _SESSION in /home/realityt/public_html/eventtracker/index.php on line 4 Warning: Cannot modify header information - headers already sent by (output started at /home/realityt/public_html/eventtracker/index.php:4) in /home/realityt/public_html/eventtracker/index.php on line 6 Quote Link to comment Share on other sites More sharing options...
r2ks Posted June 10, 2009 Author Share Posted June 10, 2009 <?php if ($_SESSION["admin"] == 0) { Header("Location: sponser.php"); } else if ($_SESSION["admin"] == 1) { //redirect to Guest area Header("Location: admin.php"); exit(); ?> This is the Problem where in the Code is the Problem anyone it just keeps looping me back to the sponser.php page ??? Quote Link to comment Share on other sites More sharing options...
mattal999 Posted June 11, 2009 Share Posted June 11, 2009 Oh my bad. If I remember correctly, you need to start sessions at the start of any session related code. <?php session_start(); if ($_SESSION["admin"] == 0) { header("Location: sponser.php"); } else if ($_SESSION["admin"] == 1) { // Redirect to Guest area header("Location: admin.php"); exit(); } ?> Quote Link to comment Share on other sites More sharing options...
r2ks Posted June 11, 2009 Author Share Posted June 11, 2009 Here is my whole login.php Page and it still is not working all it does is bring me to Sponsor.php Totally bypasses the Login screen.. ??? if i Remove the First PHP code login screen Comes up. ANY ONE Please HELP I am so lost with This ??? <?php session_start(); if ($_SESSION["admin"] == 0) { header("Location: sponser.php"); } else if ($_SESSION["admin"] == 1) { // Redirect to Guest area header("Location: admin.php"); exit(); } ?> <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Pledge Site</title> <link rel="stylesheet" type="text/css" href="fw-2-1-col/main.css" /> <style type="text/css"> <!-- .style1 {font-size: 24px} .style2 { font: bold 18px; color: #000000; font-size: medium; } .style3 { font-size: 36px; font-family: Galliard, Lorrenne; } --> </style> </head> <body> <!-- Begin Wrapper --> <div id="wrapper"> <!-- Begin Header --> <div class="style1" id="header"> Welcome to Event Tracker Web Site </div> <!-- End Header --> <!-- Begin Content --> <div id="content"> <div id="Content1"> <p class="style2">Hello and Welcome to the Event Tracker web site this site is used for tracking Participants and Sponsors of Events that your Organization my put on. Please Login below if you do not have a Login ID Please call the Event organizer and get your login info.</p> <p> </p> <p> </p> </div> <div id="content2"> <div id="lock"><img src="images/lock.jpg" alt="" width="78" height="74" id="lock2" /><span class="style3">Login </span></div> <p align="left"> </p> <?php include ('conn.php'); //$pass5= md5($password); //TEST TO SEE IF THE ENCRYPTED PASSWORD MATCHES IN THE DB, WHICH IT DON'T! //echo $password2; if(isset($_GET['op']) and $_GET['op'] == 'login') { if (!$_POST["username"] || !$_POST["password"]) { die("You need to provide a username and password. Please Hit the Back Button"); } // Create query $q = "SELECT * FROM `users` " ."WHERE `username`='".$_POST["username"]."' " ."AND `password`='".md5 ($_POST["password"])."' " ."LIMIT 1 "; // Run query $r = mysql_query($q); if ( $obj = mysql_fetch_row($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["username"]; $_SESSION["valid_time"] = time(); $_SESSION["admin"] = $obj->admin; // Redirect to member page } else { // Login not successful die("Sorry, could not log you in. Wrong login information.<a href=\"index.php\">PLEASE Sign Back in</a>"); } } else { //If all went right the Web form appears and users can log in echo "<form action=\"?op=login\" method=\"POST\">"; echo "Username: <input name=\"username\" size=\"15\"><br />"; echo "Password: <input type=\"password\" name=\"password\" size=\"15\"><br />"; echo "<input type=\"submit\" value=\"Login\">"; echo "</form>"; } ?> <p align="left"> </p> <p align="left"><br /> </p> </div> </div> <!-- End Content --> <!-- Begin Footer --> <div class="style2" id="footer"></div> <!-- End Footer --> </div> <!-- End Wrapper --> </body> Quote Link to comment Share on other sites More sharing options...
taquitosensei Posted June 11, 2009 Share Posted June 11, 2009 echo $_SESSION['admin'] just before the if/else if to make sure that it's the value you're expecting. <?php session_start(); echo $_SESSION['admin'];die(); // this is so it quits here and doesn't redirect you before you have a chance to see what the value is. if ($_SESSION["admin"] == 0) { header("Location: sponser.php"); } else if ($_SESSION["admin"] == 1) { // Redirect to Guest area header("Location: admin.php"); exit(); } ?> <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); ?> Quote Link to comment Share on other sites More sharing options...
r2ks Posted June 11, 2009 Author Share Posted June 11, 2009 Thank you for you help i did try this and i get a Blank Page.I have Read and read and i am not sure why this is happening.. Quote Link to comment Share on other sites More sharing options...
taquitosensei Posted June 11, 2009 Share Posted June 11, 2009 try print_r($_SESSION); instead of echo $_SESSION['admin']; it sounds like $_SESSION['admin'] isn't set to anything which evaluates to False, same thing as 0. If 'admin' is empty then that's why and you'll need to troubleshoot your database/login section. Quote Link to comment Share on other sites More sharing options...
r2ks Posted June 11, 2009 Author Share Posted June 11, 2009 Thank you so MUCH for helping me with this i have spent all day trying to figure this out. Here are the Results Array ( [valid_id] => [valid_user] => 2222 [valid_time] => 1244746613 [admin] => ) Could you be so Kind to Look at my login script and Rip it apart for Me Any one Please <?php session_start(); print_r ($_SESSION);die(); // this is so it quits here and doesn't redirect you before you have a chance to see what the value is. if ($_SESSION["admin"] == 0) { header("Location: sponser.php"); } else if ($_SESSION["admin"] == 1) { // Redirect to Guest area header("Location: admin.php"); exit(); } ?> <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); ?> ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Pledge Site</title> <link rel="stylesheet" type="text/css" href="fw-2-1-col/main.css" /> <style type="text/css"> <!-- .style1 {font-size: 24px} .style2 { font: bold 18px; color: #000000; font-size: medium; } .style3 { font-size: 36px; font-family: Galliard, Lorrenne; } --> </style> </head> <body> <!-- Begin Wrapper --> <div id="wrapper"> <!-- Begin Header --> <div class="style1" id="header"> Welcome to Event Tracker Web Site </div> <!-- End Header --> <!-- Begin Content --> <div id="content"> <div id="Content1"> <p class="style2">Hello and Welcome to the Event Tracker web site this site is used for tracking Participants and Sponsors of Events that your Organization my put on. Please Login below if you do not have a Login ID Please call the Event organizer and get your login info.</p> <p> </p> <p> </p> </div> <div id="content2"> <div id="lock"><img src="images/lock.jpg" alt="" width="78" height="74" id="lock2" /><span class="style3">Login </span></div> <p align="left"> </p> <?php include ('conn.php'); //include ('function.php'); //$pass5= md5($password); //TEST TO SEE IF THE ENCRYPTED PASSWORD MATCHES IN THE DB, WHICH IT DON'T! //echo $password2; if(isset($_GET['op']) and $_GET['op'] == 'login') { if (!$_POST["username"] || !$_POST["password"]) { die("You need to provide a username and password. Please Hit the Back Button"); } // Create query $q = "SELECT * FROM `users` " ."WHERE `username`='".$_POST["username"]."' " ."AND `password`='".md5 ($_POST["password"])."' " ."LIMIT 1 "; // Run query $r = mysql_query($q); if ( $obj = mysql_fetch_row($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["username"]; $_SESSION["valid_time"] = time(); $_SESSION["admin"] = $obj->admin; // Redirect to member page } else { // Login not successful die("Sorry, could not log you in. Wrong login information.<a href=\"index.php\">PLEASE Sign Back in</a>"); } } else { //If all went right the Web form appears and users can log in echo "<form action=\"?op=login\" method=\"POST\">"; echo "Username: <input name=\"username\" size=\"15\"><br />"; echo "Password: <input type=\"password\" name=\"password\" size=\"15\"><br />"; echo "<input type=\"submit\" value=\"Login\">"; echo "</form>"; } ?> <p align="left"> </p> <p align="left"><br /> </p> </div> </div> <!-- End Content --> <!-- Begin Footer --> <div class="style2" id="footer"></div> <!-- End Footer --> </div> <!-- End Wrapper --> </body> Quote Link to comment Share on other sites More sharing options...
r2ks Posted June 12, 2009 Author Share Posted June 12, 2009 Any one i have tried to resolve this ??? does any one have a simple login script that would allow them if they where Admin to go to this Page and User Got to this page... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.