Jump to content


Photo

PHP authentication/session issues


  • Please log in to reply
3 replies to this topic

#1 kansei

kansei
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 14 August 2006 - 03:45 PM

Hi.. I'm no PHP developer so there's probably something really obvious here, but yeah I can't figure it out. I run a simple little php help desk app (official site here: http://phpdesk.sourceforge.net/) but well the application as it stands on sourceforge is very undeveloped. I got it 95% up and running (it is in use now where I work) but there's a couple bugs I'm still trying to work out. I figure once I get it all set I'll make it generic again (remove my company css and name from stuff) and submit some files to the sourceforge repository.

Here's the jist of what I'm working on trying to get fixed today. When a staff member replies to a support ticket, the staff member's name needs to appear alongside the post. If the 'name' variable of the session is set, that functionality works. The staff_login.php page sets the variable properly. If the session is still open (I don't remember what closes the session other than logging out) and staff.php is accessed directly (by just going to http://domain/helpdesk/staff.php), the staff-only page loads. That shouldn't happen though, since the 'name' session variable isn't set.

Here's the logic that I thought up before I checked staff.php to see how it was handling it:

In staff.php:
---------------------
if 'name' is null
    end session
    include staff_login.php

else include staff_view.php as usual.
---------------------

I went into the file and it looks like it already has something similar set up.

----------------------------------------------------
if ($_SESSION["name"] != ""){
  include("includes/staff_view.php");
}else{
  if(isset($name) && isset($password)){
    $password = md5($password);
    $sql = mysql_query("SELECT name from $phpd_table_staff where email= '$name' and password = '$password'");
    //$result = mysql_query($sql);
    $obj = mysql_fetch_object($sql);
    // if (mysql_num_rows($result) == 1) {
          if( $obj->name != "" ){
      //echo"$result";
      //echo"$obj->name";
      $_SESSION["name"] = $obj->name;
      include("includes/staff_view.php");
    } else {
      ?><span class="error"><h3>Sorry, you are not authorised! Please Try Again</h3></span><?
include("includes/staff_login.php");
    }
  }else include("includes/staff_login.php");
}
-------------------------------------------------------

That looks like it should do the job for me. Actually, it looks a bit better than the logic I set up. If the 'name' session variable isn't set, it checks the local variables and checks the database to make sure the username and password are correct, and then sets the session name variable. Unlike my logic, it wouldn't require the user to log in again if the session variable isn't set but the local variable is.

I'm just not sure why that code isn't working as I've just begun dabbling with PHP by setting up this help desk. Any help is appreciated. I'm sorry if an issue similar to this has been discussed on here before as I'm sure it has, but as I said I'm new here and to php so I wouldn't even know where to start for forming a search query to find info about this.

Thanks for all the help in advance!

Chris Lauretano

#2 hostfreak

hostfreak
  • Members
  • PipPipPip
  • Advanced Member
  • 581 posts

Posted 14 August 2006 - 03:51 PM

Hmm, looks a lot like:

http://www.h2desk.com/pmos/

Maybe you would be better off using that?

#3 hostfreak

hostfreak
  • Members
  • PipPipPip
  • Advanced Member
  • 581 posts

Posted 14 August 2006 - 03:55 PM

Also, just to show you what I mean when I say looks like, not only the code but the design as well: http://mach5host.com...hp?department=7

#4 kansei

kansei
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 14 August 2006 - 04:03 PM

oh my.. and I've put so much work into this barely developed version :'(

I should have looked around when I saw that the last file update was a couple years old.

Thanks for the suggestion, I'll get that and give it a go on my testing server.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users