LostKID Posted September 15, 2009 Author Share Posted September 15, 2009 anyone know why it doesnt show any php in my CP.php now? im so confused lol Quote Link to comment https://forums.phpfreaks.com/topic/174253-solved-signing-in-as-someone-else-with-sessions/page/2/#findComment-919028 Share on other sites More sharing options...
Philip Posted September 15, 2009 Share Posted September 15, 2009 On your login script: $_SESSION['username'] = $username; $username is undefined, you never set it to any value. Also, make sure to sanitize your inputs! Quote Link to comment https://forums.phpfreaks.com/topic/174253-solved-signing-in-as-someone-else-with-sessions/page/2/#findComment-919030 Share on other sites More sharing options...
LostKID Posted September 15, 2009 Author Share Posted September 15, 2009 On your login script: $_SESSION['username'] = $username; $username is undefined, you never set it to any value. Also, make sure to sanitize your inputs! i tried here is my new script, but even this still doesnt work. <? include("connect.php"); // CALL IN VARIABLES $email = strip_tags(mysql_real_escape_string($_POST['email'])); $password = strip_tags(mysql_real_escape_string($_POST['password'])); $username = strip_tags(mysql_real_escape_string($_POST['username'])); // VALIDATION if($password == ""){ echo("you didnt enter anything for your password, please try again"); exit(); } if($email == ""){ echo("you didnt enter anything into the email address, please try again"); exit(); } if(!ereg("^.+@.+\\..+$", $email)){ echo("the email you entered was not valid, please try again"); exit(); } // CHECK IF EMAIL EXISTS $email = $_POST['email']; $sql = "SELECT * FROM user WHERE email = '$email'"; $result = mysql_query($sql) or die("couldnt confirm email"); $num = mysql_num_rows($result); if($num == 1){ $sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'"; $result2 = mysql_query($sql2) or die("couldnt confirm password"); $num2 = mysql_num_rows($result2); if($num2 > 0 ){ session_start(); $_SESSION['auth'] = "yes"; $_SESSION['username'] = $username; print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">"; } else{ echo "wrong password"; } } else{ echo "no account exists"; } ?> <script type="text/javascript"> <!-- setTimeout('Redirect()',4000); function Redirect() { location.href='index.php'; } //--> </script> Quote Link to comment https://forums.phpfreaks.com/topic/174253-solved-signing-in-as-someone-else-with-sessions/page/2/#findComment-919037 Share on other sites More sharing options...
mikesta707 Posted September 15, 2009 Share Posted September 15, 2009 this is your login script right? On the login page, I never saw 3 fields, only an email and password field. thats probably why your username is never set. try if($num == 1){ $sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'"; $result2 = mysql_query($sql2) or die("couldnt confirm password"); $num2 = mysql_num_rows($result2); if($num2 > 0 ){ session_start(); $row = mysql_fetch_assoc($result2); $username = $row['username']; $_SESSION['auth'] = "yes"; $_SESSION['username'] = $username; print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">"; } else{ echo "wrong password"; } } else{ Quote Link to comment https://forums.phpfreaks.com/topic/174253-solved-signing-in-as-someone-else-with-sessions/page/2/#findComment-919040 Share on other sites More sharing options...
LostKID Posted September 15, 2009 Author Share Posted September 15, 2009 this is your login script right? On the login page, I never saw 3 fields, only an email and password field. thats probably why your username is never set. try if($num == 1){ $sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'"; $result2 = mysql_query($sql2) or die("couldnt confirm password"); $num2 = mysql_num_rows($result2); if($num2 > 0 ){ session_start(); $row = mysql_fetch_assoc($result2); $username = $row['username']; $_SESSION['auth'] = "yes"; $_SESSION['username'] = $username; print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">"; } else{ echo "wrong password"; } } else{ holy....lmao omg.. haha yeah your right crap.. wow.. omg.. duh my bad wow.. nice eye i didnt even notice! good job! thank you! im confident this will sort it out straight away! Quote Link to comment https://forums.phpfreaks.com/topic/174253-solved-signing-in-as-someone-else-with-sessions/page/2/#findComment-919052 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.