Jump to content

PHP authentication/session issues


kansei

Recommended Posts

Hi.. I'm no PHP developer so there's probably something really obvious here, but yeah I can't figure it out. I run a simple little php help desk app (official site here: http://phpdesk.sourceforge.net/) but well the application as it stands on sourceforge is very undeveloped. I got it 95% up and running (it is in use now where I work) but there's a couple bugs I'm still trying to work out. I figure once I get it all set I'll make it generic again (remove my company css and name from stuff) and submit some files to the sourceforge repository.

Here's the jist of what I'm working on trying to get fixed today. When a staff member replies to a support ticket, the staff member's name needs to appear alongside the post. If the 'name' variable of the session is set, that functionality works. The staff_login.php page sets the variable properly. If the session is still open (I don't remember what closes the session other than logging out) and staff.php is accessed directly (by just going to http://domain/helpdesk/staff.php), the staff-only page loads. That shouldn't happen though, since the 'name' session variable isn't set.

Here's the logic that I thought up before I checked staff.php to see how it was handling it:

In staff.php:
---------------------
if 'name' is null
    end session
    include staff_login.php

else include staff_view.php as usual.
---------------------

I went into the file and it looks like it already has something similar set up.

----------------------------------------------------
if ($_SESSION["name"] != ""){
  include("includes/staff_view.php");
}else{
  if(isset($name) && isset($password)){
    $password = md5($password);
    $sql = mysql_query("SELECT name from $phpd_table_staff where email= '$name' and password = '$password'");
    //$result = mysql_query($sql);
    $obj = mysql_fetch_object($sql);
    // if (mysql_num_rows($result) == 1) {
          if( $obj->name != "" ){
      //echo"$result";
      //echo"$obj->name";
      $_SESSION["name"] = $obj->name;
      include("includes/staff_view.php");
    } else {
      ?><span class="error"><h3>Sorry, you are not authorised! Please Try Again</h3></span><?
include("includes/staff_login.php");
    }
  }else include("includes/staff_login.php");
}
-------------------------------------------------------

That looks like it should do the job for me. Actually, it looks a bit better than the logic I set up. If the 'name' session variable isn't set, it checks the local variables and checks the database to make sure the username and password are correct, and then sets the session name variable. Unlike my logic, it wouldn't require the user to log in again if the session variable isn't set but the local variable is.

I'm just not sure why that code isn't working as I've just begun dabbling with PHP by setting up this help desk. Any help is appreciated. I'm sorry if an issue similar to this has been discussed on here before as I'm sure it has, but as I said I'm new here and to php so I wouldn't even know where to start for forming a search query to find info about this.

Thanks for all the help in advance!

Chris Lauretano
Link to comment
Share on other sites

oh my.. and I've put so much work into this barely developed version :'(

I should have looked around when I saw that the last file update was a couple years old.

Thanks for the suggestion, I'll get that and give it a go on my testing server.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.