Jump to content

Archived

This topic is now archived and is closed to further replies.

kansei

PHP authentication/session issues

Recommended Posts

Hi.. I'm no PHP developer so there's probably something really obvious here, but yeah I can't figure it out. I run a simple little php help desk app (official site here: http://phpdesk.sourceforge.net/) but well the application as it stands on sourceforge is very undeveloped. I got it 95% up and running (it is in use now where I work) but there's a couple bugs I'm still trying to work out. I figure once I get it all set I'll make it generic again (remove my company css and name from stuff) and submit some files to the sourceforge repository.

Here's the jist of what I'm working on trying to get fixed today. When a staff member replies to a support ticket, the staff member's name needs to appear alongside the post. If the 'name' variable of the session is set, that functionality works. The staff_login.php page sets the variable properly. If the session is still open (I don't remember what closes the session other than logging out) and staff.php is accessed directly (by just going to http://domain/helpdesk/staff.php), the staff-only page loads. That shouldn't happen though, since the 'name' session variable isn't set.

Here's the logic that I thought up before I checked staff.php to see how it was handling it:

In staff.php:
---------------------
if 'name' is null
    end session
    include staff_login.php

else include staff_view.php as usual.
---------------------

I went into the file and it looks like it already has something similar set up.

----------------------------------------------------
if ($_SESSION["name"] != ""){
  include("includes/staff_view.php");
}else{
  if(isset($name) && isset($password)){
    $password = md5($password);
    $sql = mysql_query("SELECT name from $phpd_table_staff where email= '$name' and password = '$password'");
    //$result = mysql_query($sql);
    $obj = mysql_fetch_object($sql);
    // if (mysql_num_rows($result) == 1) {
          if( $obj->name != "" ){
      //echo"$result";
      //echo"$obj->name";
      $_SESSION["name"] = $obj->name;
      include("includes/staff_view.php");
    } else {
      ?><span class="error"><h3>Sorry, you are not authorised! Please Try Again</h3></span><?
include("includes/staff_login.php");
    }
  }else include("includes/staff_login.php");
}
-------------------------------------------------------

That looks like it should do the job for me. Actually, it looks a bit better than the logic I set up. If the 'name' session variable isn't set, it checks the local variables and checks the database to make sure the username and password are correct, and then sets the session name variable. Unlike my logic, it wouldn't require the user to log in again if the session variable isn't set but the local variable is.

I'm just not sure why that code isn't working as I've just begun dabbling with PHP by setting up this help desk. Any help is appreciated. I'm sorry if an issue similar to this has been discussed on here before as I'm sure it has, but as I said I'm new here and to php so I wouldn't even know where to start for forming a search query to find info about this.

Thanks for all the help in advance!

Chris Lauretano

Share this post


Link to post
Share on other sites
Hmm, looks a lot like:

http://www.h2desk.com/pmos/

Maybe you would be better off using that?

Share this post


Link to post
Share on other sites
Also, just to show you what I mean when I say looks like, not only the code but the design as well: http://mach5host.com/support/index.php?department=7

Share this post


Link to post
Share on other sites
oh my.. and I've put so much work into this barely developed version :'(

I should have looked around when I saw that the last file update was a couple years old.

Thanks for the suggestion, I'll get that and give it a go on my testing server.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.