thurmanmurman Posted July 14, 2009 Share Posted July 14, 2009 Hello All, I am having a bit of a problem. Here is whats going on: I have a php client login site which uses a check login page to authenticate the user and then redirects the user to their own site based on directory information stored in the mySQL db. I am able to login and all is well on that front, but the issue i'm having comes when I try to login as another user on the same machine. After I've logged in once and I try to login as another user, it takes me to the first user's page UNLESS i clear/delete cookies from my browser. I think this is probably a simple fix somewhere, i just don't know where to start. Any help would be appreciated. Here is the code: CHECK LOGIN PAGE <?php ob_start(); $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); ##### function mysql_evaluate($query, $default_value="undefined") { $result = mysql_query($query); if (mysql_num_rows($result)==0) return $default_value; else return mysql_result($result,0); } ##### // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $mydirectory = mysql_evaluate("SELECT directory FROM $tbl_name WHERE 'username='$myusername'"); // encrypt password $encrypted_mypassword=md5($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'"; $result=mysql_query($sql); // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword, $mydirecory and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); session_register("mydirectory"); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $directory = mysql_evaluate("SELECT directory FROM $tbl_name WHERE username='$myusername'"); $extra = 'index.php'; header("Location: http://$host$uri/$directory/$extra"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> USER PAGE <? // Check if session is not registered , redirect back to main page. // Put this code in first line of web page. session_start(); if(!session_is_registered(myusername)){ header("location:main_login.php"); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> <style type="text/css"> <!-- .style1 { font-size: 100px; font-weight: bold; } --> </style> </head> <body> <span class="style1">JOHN</span> </body> </html> Link to comment https://forums.phpfreaks.com/topic/165965-problem-with-login-cookies/ Share on other sites More sharing options...
seventheyejosh Posted July 14, 2009 Share Posted July 14, 2009 put your code inbetween [ php ] [ /php ] tags (no spaces.) Link to comment https://forums.phpfreaks.com/topic/165965-problem-with-login-cookies/#findComment-875323 Share on other sites More sharing options...
thurmanmurman Posted July 14, 2009 Author Share Posted July 14, 2009 on the check login or user page? Link to comment https://forums.phpfreaks.com/topic/165965-problem-with-login-cookies/#findComment-875324 Share on other sites More sharing options...
PFMaBiSmAd Posted July 14, 2009 Share Posted July 14, 2009 That reply meant to use those tags when you post your code in the forum. session_register() and session_is_registered() were turned off by default 7 years ago and have been completely removed in php6. You need to use the $_SESSION array for setting and referencing session variables. Link to comment https://forums.phpfreaks.com/topic/165965-problem-with-login-cookies/#findComment-875382 Share on other sites More sharing options...
thurmanmurman Posted July 15, 2009 Author Share Posted July 15, 2009 Hello, I have changed the code to reflect the $_SESSION array and i seem to be getting to the right location. I seem to be having one final problem. I can change the address bar to another user's directory and I can see their private page. I would like for it to throw a 403 page if on any other page the the logged-in user. Any Ideas? UPDATED CODE CHECK LOGIN ob_start(); session_start(); $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); ##### function mysql_evaluate($query, $default_value="undefined") { $result=mysql_query($query); if (mysql_num_rows($result)==0) return $default_value; else return mysql_result($result,0); } ##### // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $mydirectory=mysql_evaluate("SELECT directory FROM $tbl_name WHERE 'username='$myusername'"); // encrypt password $encrypted_mypassword=md5($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'"; $result=mysql_query($sql); // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword, $mydirecory and redirect to file "login_success.php" $_SESSION['myusername']; $_SESSION['mypassword']; $_SESSION['mydirectory']; $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $directory = mysql_evaluate("SELECT directory FROM $tbl_name WHERE username='$myusername'"); $extra = 'index.php'; header("Location: http://$host$uri/$directory/$extra"); } else { echo "Wrong Username or Password"; } ob_end_flush(); USER PAGE // Check if session is not registered , redirect back to main page. session_start(); if($_SESSION['myusername']): header("location:main_login.php"); endif; <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> <style type="text/css"> <!-- .style1 { font-size: 100px; font-weight: bold; } --> </style> </head> <body> <span class="style1">GRETCHEN</span> </body> </html> Link to comment https://forums.phpfreaks.com/topic/165965-problem-with-login-cookies/#findComment-875560 Share on other sites More sharing options...
seventheyejosh Posted July 15, 2009 Share Posted July 15, 2009 // Register $myusername, $mypassword, $mydirecory and redirect to file "login_success.php" $_SESSION['myusername']; $_SESSION['mypassword']; $_SESSION['mydirectory']; should be something like this $_SESSION['myusername']=$USERNAMEVAR; $_SESSION['mypassword']=$PASSWORDVAR; $_SESSION['mydirectory']=$MYDIRVAR; you have to put something into the session vars not just define them. Link to comment https://forums.phpfreaks.com/topic/165965-problem-with-login-cookies/#findComment-875754 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.