Jump to content

[SOLVED] Signing in as someone else with sessions?


Recommended Posts

On your login script:

$_SESSION['username'] = $username;

$username is undefined, you never set it to any value.

 

Also, make sure to sanitize your inputs! ;)

 

i tried here is my new script, but even this still doesnt work.

 

<? 
include("connect.php");

// CALL IN VARIABLES
$email = strip_tags(mysql_real_escape_string($_POST['email']));
$password = strip_tags(mysql_real_escape_string($_POST['password']));
$username = strip_tags(mysql_real_escape_string($_POST['username']));

// VALIDATION
if($password == ""){
echo("you didnt enter anything for your password, please try again");
exit();
}
if($email == ""){
echo("you didnt enter anything into the email address, please try again");
exit();
}
if(!ereg("^.+@.+\\..+$", $email)){
echo("the email you entered was not valid, please try again");
exit();
}

// CHECK IF EMAIL EXISTS
$email = $_POST['email'];
$sql = "SELECT * FROM user WHERE email = '$email'";
$result = mysql_query($sql) or die("couldnt confirm email");
$num = mysql_num_rows($result);
if($num == 1){
$sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'";
$result2 = mysql_query($sql2) or die("couldnt confirm password");
$num2 = mysql_num_rows($result2);
if($num2 > 0 ){
	session_start();
	$_SESSION['auth'] = "yes";
	$_SESSION['username'] = $username;
	print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
}
else{
	echo "wrong password";
}
}
else{
echo "no account exists";
}
?>
<script type="text/javascript">
<!--
setTimeout('Redirect()',4000);
function Redirect()
{
location.href='index.php';
}
//-->
</script>

this is your login script right? On the login page, I never saw 3 fields, only an email and password field. thats probably why your username is never set. try

if($num == 1){
   $sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'";
   $result2 = mysql_query($sql2) or die("couldnt confirm password");
   $num2 = mysql_num_rows($result2);
   if($num2 > 0 ){
      session_start();
      $row = mysql_fetch_assoc($result2);
      $username = $row['username'];
      $_SESSION['auth'] = "yes";
      $_SESSION['username'] = $username;
      print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
   }
   else{
      echo "wrong password";
   }
}
else{

this is your login script right? On the login page, I never saw 3 fields, only an email and password field. thats probably why your username is never set. try

if($num == 1){
   $sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'";
   $result2 = mysql_query($sql2) or die("couldnt confirm password");
   $num2 = mysql_num_rows($result2);
   if($num2 > 0 ){
      session_start();
      $row = mysql_fetch_assoc($result2);
      $username = $row['username'];
      $_SESSION['auth'] = "yes";
      $_SESSION['username'] = $username;
      print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
   }
   else{
      echo "wrong password";
   }
}
else{

 

holy....lmao omg.. haha yeah your right crap.. wow.. omg.. duh my bad wow.. nice eye i didnt even notice! good job! thank you! im confident this will sort it out straight away!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.