Jump to content

[SOLVED] Signing in as someone else with sessions?

LostKID

By LostKID
in PHP Coding Help

Recommended Posts

LostKID Member

LostKID

Posted
  • Author
Posted

On your login script:

$_SESSION['username'] = $username;

$username is undefined, you never set it to any value.

 

Also, make sure to sanitize your inputs! ;)

 

i tried here is my new script, but even this still doesnt work.

 

<? 
include("connect.php");

// CALL IN VARIABLES
$email = strip_tags(mysql_real_escape_string($_POST['email']));
$password = strip_tags(mysql_real_escape_string($_POST['password']));
$username = strip_tags(mysql_real_escape_string($_POST['username']));

// VALIDATION
if($password == ""){
echo("you didnt enter anything for your password, please try again");
exit();
}
if($email == ""){
echo("you didnt enter anything into the email address, please try again");
exit();
}
if(!ereg("^.+@.+\\..+$", $email)){
echo("the email you entered was not valid, please try again");
exit();
}

// CHECK IF EMAIL EXISTS
$email = $_POST['email'];
$sql = "SELECT * FROM user WHERE email = '$email'";
$result = mysql_query($sql) or die("couldnt confirm email");
$num = mysql_num_rows($result);
if($num == 1){
$sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'";
$result2 = mysql_query($sql2) or die("couldnt confirm password");
$num2 = mysql_num_rows($result2);
if($num2 > 0 ){
	session_start();
	$_SESSION['auth'] = "yes";
	$_SESSION['username'] = $username;
	print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
}
else{
	echo "wrong password";
}
}
else{
echo "no account exists";
}
?>
<script type="text/javascript">
<!--
setTimeout('Redirect()',4000);
function Redirect()
{
location.href='index.php';
}
//-->
</script>

mikesta707 Member

mikesta707

Posted
Posted

this is your login script right? On the login page, I never saw 3 fields, only an email and password field. thats probably why your username is never set. try

if($num == 1){
   $sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'";
   $result2 = mysql_query($sql2) or die("couldnt confirm password");
   $num2 = mysql_num_rows($result2);
   if($num2 > 0 ){
      session_start();
      $row = mysql_fetch_assoc($result2);
      $username = $row['username'];
      $_SESSION['auth'] = "yes";
      $_SESSION['username'] = $username;
      print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
   }
   else{
      echo "wrong password";
   }
}
else{

LostKID Member

LostKID

Posted
  • Author
Posted

this is your login script right? On the login page, I never saw 3 fields, only an email and password field. thats probably why your username is never set. try

if($num == 1){
   $sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'";
   $result2 = mysql_query($sql2) or die("couldnt confirm password");
   $num2 = mysql_num_rows($result2);
   if($num2 > 0 ){
      session_start();
      $row = mysql_fetch_assoc($result2);
      $username = $row['username'];
      $_SESSION['auth'] = "yes";
      $_SESSION['username'] = $username;
      print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
   }
   else{
      echo "wrong password";
   }
}
else{

 

holy....lmao omg.. haha yeah your right crap.. wow.. omg.. duh my bad wow.. nice eye i didnt even notice! good job! thank you! im confident this will sort it out straight away!

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.