Session Acknowledging

tymlls05 · December 8, 2009

Hi, I have been trying to alter a script to fit my system and am trying to implement the scripts login sys to fit mine. After logging in, the script directs the user to the users page. The problem is the script is actually just making a loop back to the login page.

If I log in, then manually go to the user page everything works out fine and I can continue browsing the user end.

Here is what the script looks like:

Login

<form action="actions.php" method="post">
		<table>
			<tr>
				<td>E-mail:</td><td><input type="text" name="email" size="30"></td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type="password" name="password" size="30"></td>
			</tr>
		</table>
		<input type="hidden" name="return_to" value="index.php">
		<input type="submit" name="mode" value="Log In" />
	</form>

Actions.php

<?
include "includes/start.php";
global $table_prefix, $link, $common_get;
if(get_magic_quotes_gpc()) {
    	$saemail = mysql_real_escape_string(stripslashes($_POST["email"]));
	$password = mysql_real_escape_string(stripslashes($_POST["password"]));

     } else {
       	$saemail = mysql_real_escape_string($_POST["email"]);
	$password = mysql_real_escape_string($_POST["password"]);
     }


$md5_pass = md5($password);

$query = mysql_query("Select uid, saemail, temp_password from agents where saemail='".$saemail."' and password='$md5_pass' OR saemail='".$saemail."' and temp_password='$md5_pass'");

$total_row = mysql_numrows($query);
if($total_row>0){
	$row = mysql_fetch_array($query);
	$_SESSION['uid'] = $row['uid'];
	$_SESSION['email'] = $row['saemail'];
	if ($row['temp_password'] == $md5_pass) {
		mysql_query("UPDATE agents set password = '".$row['temp_password']."', temp_password = NULL WHERE uid ='".$row['uid']."'");
		mysql_close($link);
		header("Location: index.php");
	} else {
		mysql_close($link);
		if ($_POST["return_to"]) {
			header("Location: ".$_POST["return_to"]);
/*				header("Location: ".$_POST["return_to"]); */
		} else {
			header("Location: index.php");
		}
	}
} else {
	mysql_close($link);
	header("Location: index.php");
}
?>

start.php

<?
include "config.php";
include "includes/session_start.php";
if (!$_SESSION['uid']) header('Location: login.php');?>

session_start.php

<?
$expireTime = 60*60*2; // 2 hours
session_set_cookie_params($expireTime);
session_start();
$sess_id = session_id(); 
header("Cache-control: private");
?>

Index.php

<?
//First Line of index.php
include "includes/start.php"; //activate session, if logged in

?>

mikesta707 · December 8, 2009

well you include includes/start.php before you check the login and create the header, so this part

if (!$_SESSION['uid']) header('Location: login.php');?>

gets run before $_SESSION['uid'] is set. since $_SESSION['uid'] hasn't been set yet, that if statements becomes true

premiso · December 8, 2009

You want to change this:

if (!$_SESSION['uid']) header('Location: login.php');?>

To:

if (!isset($_SESSION['uid']) || !$_SESSION['uid']) header('Location: login.php');?>

EDIT:

Basically what mike said, just provided a solution Using isset checks if it is set, so if it is not set they are definitely not logged in.

tymlls05 · December 8, 2009

Wow! I find it humorous what can be overlooked. Swapping the positions didn't immediately resolve this problem. But doing that and tweaking a few related items caused by the issue that you guys pointed out took care of it.

Thanks, friends.

Sign In

Session Acknowledging

Recommended Posts

tymlls05

Link to comment

Share on other sites

mikesta707

Link to comment

Share on other sites

premiso

Link to comment

Share on other sites

tymlls05

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information