Jump to content

User Management System - Driving me mad!

tom_walters

By tom_walters
in PHP Coding Help

Recommended Posts

tom_walters Newbie

tom_walters

Posted
Posted

Okay, so I'm building this user management system for a client and up until a few day ago it was working perfectly. I mush have edited some code or done something because now it just ain't working! Have been looking through the code for ages now and I just can't find any errors. Can you?

 

There are 3 files: login.php, userauth.php and index.php. Login.php is where the user enters their details to login, these details are then passed to userauth.php and if correct the browser is then redirected to index.php. The problem is this. When I get to the index page the session variables are cleared. I have checked at each stage and the data is present up until the index page. Now if you were wondering there is a base.php, this is just connecting to the database - and no there aren't any errors or odd code in there, but I'm not too keen on sharing my login details with you as you can imagine!

 

login.php:

<?php require("base.php"); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>St Ann's Church | Login</title>
	<link href="styleEdit.css" rel="stylesheet" type="text/css" />
</head>
<body>
	<div id="wrapper">
		<?php if(!empty($_GET['m'])){ echo "<a id=\"error\">Please enter a valid Username and Password!\t\t</a>"; } ?>
		<form id="editor" action="userauth.php" method="post">
			<label class="edit" for="username">Username: </label>
			<input type="text" id="title" name="username" />
			<br />
			<br />
			<label class="edit" for="password">Password: </label>
			<input type="password" name="password" id="title" />
			<br />
			<br />
			<input type="submit" class="submit" value="Enter" />
		</form>
	</div>
</body>
</html>

 

userauth.php:

<?php
require("base.php");
session_start();
session_cache_expire (15);
$iusername= $_POST['username'];	//INPUT USERNAME
$ipassword = md5($_POST['password']);   // INPUT PASSWORD
$date = date("d-m-y");
if(empty($iusername) || empty($ipassword)){ echo "<meta http-equiv=\"refresh\" content=\"0;url=http://urbanmandesign.com/stanns/cms/login.php?m=1\">"; }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>St Ann's Church | Login</title>
	<link href="styleEdit.css" rel="stylesheet" type="text/css" />
</head>
<body>
	<?php 

		$result = mysql_query("SELECT * FROM users WHERE username = '".$iusername."'");
		$row = mysql_fetch_array($result);
		$dbusername = $row['username'];	//DATABASE USERNAME
		$dbpassword = $row['password']; //DATABASE PASSWORD

		if($iusername == $dbusername && $ipassword == $dbpassword)
		{
			$_SESSION['loggedin'] = '1';
			$_SESSION['username'] = $iusername;
			$_SESSION['password'] = $ipassword;
			$_SESSION['firstname'] = $row['firstName'];
			if(empty($dbusername)){ echo "<meta http-equiv=\"refresh\" content=\"0;url=http://urbanmandesign.com/stanns/cms/login.php?m=1\">"; };
			if($row['firstLogin'] == 0){ mysql_query("UPDATE users SET firstLogin='".$date."' WHERE username='".$iusername."'"); };
			mysql_query("UPDATE users SET lastLogin='".$date."' WHERE username='".$iusername."'");
			mysql_query("UPDATE users SET online='1' WHERE username='".$iusername."'");
			echo "<meta http-equiv=\"refresh\" content=\"0;url=http://urbanmandesign.com/stanns/cms/index.php\">";
		}
		else {
			echo "<meta http-equiv=\"refresh\" content=\"0;url=http://urbanmandesign.com/stanns/cms/login.php?m=1\">";
			session_destroy();
		}

	?>

</body>
</html>

 

index.php:

<?php require("base.php"); 
if(isset($_SESSION['loggedin'])) { /*echo "<meta http-equiv=\"refresh\" content=\"0;url=http://urbanmandesign.com/stanns/cms/login.php\">"; die();*/ echo "N
DR"; };
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/x
html1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>St Ann's Church | CMS</title>
	<link href="styleEdit.css" rel="stylesheet" type="text/css" />
</head>
<body>
	<div id="wrapper">
		<h1>Welcome to the index <?php echo $_SESSION['firstname'] ?>!</h1>
		<a class="big" href="http://urbanmandesign.com/stanns/cms/edit.php?page=home">Edit the Homepage</a><br />
		<br />
		<a class="big" href="http://urbanmandesign.com/stanns/cms/editinfo.php">Edit your Information</a><br />
		<br />
		<?php echo $_SESSION['loggedin']; ?>
		<br />
		<?php echo $_SESSION['username']; ?>
		<br />
		<?php echo $_SESSION['password']; ?>
		<br />
	</div>
</body>
</html>

 

I have been pulling my hair out over this and if you can tell me why it isn't playing ball I would be really grateful.

 

Thanks guys.

 

-Tom

Link to comment
https://forums.phpfreaks.com/topic/175764-user-management-system-driving-me-mad/
Share on other sites
Zyx Newbie

Zyx

Posted
Posted

I simply don't see session_start() in index.php.

 

BTW. Small improvements:

 

$result = mysql_query("SELECT * FROM users WHERE username = '".$iusername."'");
$row = mysql_fetch_array($result);
$dbusername = $row['username'];	//DATABASE USERNAME
$dbpassword = $row['password']; //DATABASE PASSWORD

if($iusername == $dbusername && $ipassword == $dbpassword)

 

1. You do not check, if the row is actually returned - this will lead you to many warnings, if the error reporting level will be too low.

2. Rewriting the values from $row['username'] to another variable is unnecessary. Do not introduce new variables just to make them be.

3. $iusername == $dbusername - this is not needed. You do know that this is equal, because you have used the same condition to fetch the row from the database.

 

mysql_query("UPDATE users SET lastLogin='".$date."' WHERE username='".$iusername."'");
mysql_query("UPDATE users SET online='1' WHERE username='".$iusername."'");

 

Why don't you use one query here?

tom_walters Newbie

tom_walters

Posted
  • Author
Posted

Thanks very much for the speedy reply, the whole session_start() thing seems to have worked - so does that mean that I will need to have it at the top of every other page that needs you to be logged into? Also the point about the split query's is a long story, but point taken.

 

Thanks again.

 

-Tom

mattal999 Regular Member

mattal999

Posted
Posted

Thanks very much for the speedy reply, the whole session_start() thing seems to have worked - so does that mean that I will need to have it at the top of every other page that needs you to be logged into? Also the point about the split query's is a long story, but point taken.

 

Thanks again.

 

-Tom

 

Yes. It will need to be used on all pages that require the use of SESSIONs.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.