Jump to content

Session Acknowledging

tymlls05

By tymlls05
in PHP Coding Help

Recommended Posts

tymlls05 Newbie

tymlls05

Posted
Posted

Hi, I have been trying to alter a script to fit my system and am trying to implement the scripts login sys to fit mine. After logging in, the script directs the user to the users page. The problem is the script is actually just making a loop back to the login page.

 

If I log in, then manually go to the user page everything works out fine and I can continue browsing the user end.

 

Here is what the script looks like:

Login

<form action="actions.php" method="post">
		<table>
			<tr>
				<td>E-mail:</td><td><input type="text" name="email" size="30"></td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type="password" name="password" size="30"></td>
			</tr>
		</table>
		<input type="hidden" name="return_to" value="index.php">
		<input type="submit" name="mode" value="Log In" />
	</form>

 

Actions.php

<?
include "includes/start.php";
global $table_prefix, $link, $common_get;
if(get_magic_quotes_gpc()) {
    	$saemail = mysql_real_escape_string(stripslashes($_POST["email"]));
	$password = mysql_real_escape_string(stripslashes($_POST["password"]));

     } else {
       	$saemail = mysql_real_escape_string($_POST["email"]);
	$password = mysql_real_escape_string($_POST["password"]);
     }


$md5_pass = md5($password);

$query = mysql_query("Select uid, saemail, temp_password from agents where saemail='".$saemail."' and password='$md5_pass' OR saemail='".$saemail."' and temp_password='$md5_pass'");

$total_row = mysql_numrows($query);
if($total_row>0){
	$row = mysql_fetch_array($query);
	$_SESSION['uid'] = $row['uid'];
	$_SESSION['email'] = $row['saemail'];
	if ($row['temp_password'] == $md5_pass) {
		mysql_query("UPDATE agents set password = '".$row['temp_password']."', temp_password = NULL WHERE uid ='".$row['uid']."'");
		mysql_close($link);
		header("Location: index.php");
	} else {
		mysql_close($link);
		if ($_POST["return_to"]) {
			header("Location: ".$_POST["return_to"]);
/*				header("Location: ".$_POST["return_to"]); */
		} else {
			header("Location: index.php");
		}
	}
} else {
	mysql_close($link);
	header("Location: index.php");
}
?>

 

start.php

<?
include "config.php";
include "includes/session_start.php";
if (!$_SESSION['uid']) header('Location: login.php');?>

 

session_start.php

<?
$expireTime = 60*60*2; // 2 hours
session_set_cookie_params($expireTime);
session_start();
$sess_id = session_id(); 
header("Cache-control: private");
?>

 

Index.php

<?
//First Line of index.php
include "includes/start.php"; //activate session, if logged in

?>

Link to comment
https://forums.phpfreaks.com/topic/184450-session-acknowledging/
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

well you include includes/start.php before you check the login and create the header, so this part

if (!$_SESSION['uid']) header('Location: login.php');?>

gets run before $_SESSION['uid'] is set. since $_SESSION['uid'] hasn't been set yet, that if statements becomes true

premiso Regular Member

premiso

Posted
Posted

You want to change this:

if (!$_SESSION['uid']) header('Location: login.php');?>

 

To:

if (!isset($_SESSION['uid']) || !$_SESSION['uid']) header('Location: login.php');?>

 

EDIT:

Basically what mike said, just provided a solution :) Using isset checks if it is set, so if it is not set they are definitely not logged in.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.