Jump to content

PHP Login Script Problem (Sessions)

Weered

By Weered
in PHP Coding Help

Recommended Posts

Weered Newbie

Weered

Posted
Posted

Hi Guys,

 

Here is my problem. Basically I am running a site off PHPNuke 8.0. I am building a separate login page to privatize the site which will actually end up being the splash page. PHPNuke runs beautifully with no problems and the page I have designed as a separate login works. It checks the "nukeusers" table in the database with the fields used for the separate login. It will then redirect you to the site or indicate you have entered incorrect information. However, it will not open a session. Once it has authenticated your information it simply redirects you to the actual site as a guest. So here is the code I have used. I am sorry but it has some of the page design information in it:

 

<?php require_once('Connections/CampusHalifax.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }

 

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

?>

<?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

  session_start();

}

 

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

  $_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

 

if (isset($_POST['username'])) {

  $loginUsername=$_POST['username'];

  $password=md5($_POST['password']);

  $MM_fldUserAuthorization = "user_level";

  $MM_redirectLoginSuccess = "http://campushalifax.com/PHP/html/index.php";

  $MM_redirectLoginFailed = "http://campushalifax.com/PHP/html/index.php";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_CampusHalifax, $CampusHalifax);

 

  $LoginRS__query=sprintf("SELECT username, user_password, user_level FROM nuke_users WHERE username=%s AND user_password=%s",

  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

 

  $LoginRS = mysql_query($LoginRS__query, $CampusHalifax) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

  if ($loginFoundUser) {

   

    $loginStrGroup  = mysql_result($LoginRS,0,'user_level');

   

    //declare two session variables and assign them

    $_SESSION['UNAME']=$username['username'] ; 

 

    if (isset($_SESSION['PrevUrl']) && false) {

      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

  session_write_close();

 

    }

    header("Location: " . $MM_redirectLoginSuccess );

  }

  else {

    header("Location: ". $MM_redirectLoginFailed );

  }

}

?>

 

 

<style type="text/css">

<!--

body {

background-image: url(http://campushalifax.com/PHP/html/themes/PNT_Hosting/images/bgmoviesite.png);

}

-->

</style>

<table width="100%" border="0" cellspacing="0" cellpadding="0">

  <tr>

    <td> </td>

  </tr>

</table>

<table width="100%" border="0" cellpadding="0">

  <tr>

    <td height="116"><div align="center">

      <p><img src="Campus.png" width="441" height="89" /></p>

      <p><div align="center">

<form name="form1" method="POST" onsubmit="hashPass();" action="<?php echo $loginFormAction; ?>">

<table width="400" border="0" cellspacing="0" cellpadding="3">

<tr>

<td width="100">Username:</td>

<td><input name="username" type="text" id="username"></td>

</tr>

<tr>

<td width="100">Password:</td>

<td><input name="password" type="password" id="password"></td>

</tr>

<tr>

<td width="100"> </td>

<td><input type="submit" name="Submit" value="Submit"></td>

</tr>

</table>

<p> </p>

<p> </p>

<p> </p>

</form>

</div> </p>

    </div></td>

  </tr>

  <tr>

    <td height="117"> </td>

  </tr>

</table>

 

Link to comment
https://forums.phpfreaks.com/topic/169084-php-login-script-problem-sessions/
Share on other sites
Adam Advanced Member

Adam

Posted
Posted

Probably get more responses if you just post the relevant code. I think the problem is this:

 

$username['username'] ;

 

Where is that set? The sessions are working as you're only redirecting if there's a session variable. What's probably happening is it's validating the login successful but once it's redirected $_SESSION['UNAME'] hasn't been set (as there's no $username['username']) and so the script thinks you're a guest still.

Weered Newbie

Weered

Posted
  • Author
Posted

Alright good, I thought this might be my problem. Here is what the tables and fields are:

 

all the information is stored in the "nukeusers" table. Here is where "nukeuser" and "user_password" are stored. (Password is MD5 encrypted which was a pain in the ass to get around)

 

Then this is where I get confused. The session data is stored in the "nuke_session" table and the "username" field is actually called "uname".

 

Hence the

 

$_SESSION['UNAME']=$username['username'] ; 

 

which I think is wrong

Adam Advanced Member

Adam

Posted
Posted

Try this:

 

  if ($loginFoundUser) {

    $loginData = mysql_fetch_assoc($LoginRS);
   
    //declare two session variables and assign them
    $_SESSION['UNAME'] = $loginData['username']

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];   
     session_write_close();

    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

 

You don't seem to be using $loginStrGroup anywhere so removing that shouldn't cause any problems, however should you need it the equivalent would now be $loginData['user_level'].

 

I'm not sure what you mean by field name is actually "uname", but if you mean within the database change the query to select that instead of "username", and change $loginData['username'] to $loginData['uname'].

Weered Newbie

Weered

Posted
  • Author
Posted

I will try that out now and get back to you.

 

What I mean by uname is that when I look in the table of current users online (nuke_session) the column that shows the user name is not "nukeuser" like in the actual users table but instead it is "uname". I am not even sure if that table matters? I don't know about sessions. Is it usually just stored in the browser temp or cookies? I think for some of my modules to work that table is necessary?

Adam Advanced Member

Adam

Posted
Posted

The syntax error was in your original code, but I don't know what you're trying to do with false.

 

I'm still a little hazy as to what you mean to be honest, within the database table, actual database, what is the field name? Whatever that is, use that.

Weered Newbie

Weered

Posted
  • Author
Posted

To be honest, I a friend of mine sent me this script. He wasn't using it with phpnuke but I figured I could make it work. Would you happen to have a login script that would work with what I am doing? With perhaps a "remember me" check box? I am at wits end with the script and it is far to complicated for what it actually is.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.