Jump to content

Archived

This topic is now archived and is closed to further replies.

whare

login problem

Recommended Posts

Hi all

right my login script dont seem to work well work correctly

You can fill out all the info and it seems to login put after you have logged in the login form should convert to a menu (links dependant on user level) but it dont update with the menu after login here is the code

page with the menu/login form (sorry about the lenth but it is all built into the page)

[code]<? session_start();
include '../pirep2/includes/config.php';
$name = $_SESSION['fullname'];
$userlevel = $_SESSION['userlevel'];
$result = mysql_query("SELECT * FROM pilot")
or die(mysql_error());
while($row = mysql_fetch_array( $result ))
$name1 = $row['fullname'];

?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Header</title>
</head>

<body LINK="#FFFFff"
    VLINK="#ffffff"
    ALINK="#ffffff">

<div align="center">
  <center>

<table border="0" width="877" height="326" bordercolor="#FFFFFF" bordercolorlight="#FFFFFF"

bordercolordark="#FFFFFF">
  <tr>
    <td width="869" colspan="2" height="223" valign="top" align="left">
      <table border="1" width="100%" bordercolor="#800000" cellpadding="0" bordercolorlight="#800000"

bordercolordark="#800000" height="216">
        <tr>
          <td width="100%" height="191"><img border="0" src="images/header.gif" width="861" height="191"></td>
        </tr>
        <tr>
          <td width="100%" bgcolor="#800000" bordercolor="#800000" bordercolorlight="#800000"

bordercolordark="#800000" height="17" color="#FFFFFF">
            <p align="center"><font face="Arial" size="2" color="#FFFFFF"><b>
<?php include("menu/top.php"); ?><br><?
if($_SESSION['fullname'] == $row['fullname']){
echo "£new menu";
if($userlevel == 0){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File Pirep</a>0";
}
if($userlevel == 1){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>1";
}
if($userlevel == 2){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>2";
}
if($userlevel == 3){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>3";
}
if($userlevel == 4){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>4";
}
if($userlevel == 5){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>5";
}
if($userlevel == 6){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>6";
}
if($userlevel == 7){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>7";
}



} else {

echo "<form method='POST' action='../pirep2/includes/check1.php'>
  <p align='center'><font face='Arial' size='2'>| Username:<input type='text' name='username' size='10'

style='font-family: Arial; font-size: 10px; background-color: #800000; color: #FFFFFF; border: 1 double #FFFFFF'

class='headform' id='01'>
  | Password:<input type='password' name='password' size='10' style='font-family: Arial; font-size: 10px;

background-color: #800000; color: #FFFFFF; border: 1 double #FFFFFF' class='headform' id='01' |</font>
  | <input type='submit' value='Login' name='B1' style='font-family: Arial; font-size: 10px; color: #FFFFFF;

font-weight: bold; background-color: #800000; border: 1 double #FFFFFF'>
  |</form>";
}


?></b></font>
          </td>
        </tr>
      </table>
    </td>
  </tr>
  <tr>
    <td height="104" width="109" valign="top" align="left" bgcolor="#800000" bordercolor="#FFFFFF"

cellspacing="1" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF">
      <font face="Arial" size="2" color="#FFFFFF" align="center"><b>
<?php include("menu/side.php"); ?></b></font>
    </td>
    <td height="104" width="754" valign="top" align="left">
<? include ("news.php")?><BR>
      <div align="center">
        <center>
      <table bordercolor="#800000" width="468" border="1" bordercolorlight="#800000" bordercolordark="#800000">
      <TR>
      <TD><iframe src="http://www.vaad.org/login/banners.asp" align="center" width="468" height="60"

scrolling="no" frameborder="0" marginheight="0" marginwidth="0" target="_blank"></iframe>
      </TD>
      </TR>
      </TABLE>
        </center>
      </div>
    </td>
  </tr>
  <tr>
  <TD colspan="2" bgcolor="#FFFFFF" bordercolor="#FFFFFF" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF"

align="left" width="869" height="16" valign="top">
    <table border="1" width="100%" bgcolor="#800000" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF"

bordercolor="#FFFFFF">
      <tr>
        <td width="100%">
          <p align="center"><b><font color="#FFFFFF" face="Arial" size="1">Copyright
    2003 - 2006 Dash Airways</font></b></td>
      </tr>
    </table>
  </TD>
  </TR>
</table>

  </center>
</div>

</body>

</html>
[/code]

Once posted it is sent to check1.php

[code]<?
session_start();

include 'config.php';

$username = $_POST['username'];
$password = $_POST['password'];

if((!$username) || (!$password)){

echo 'Please enter all the information on the login form';
include '../../site/index.php';
exit();
}

$password = md5($password);

$sql = mysql_query("SELECT * FROM pilot Where username='$username' AND password='$password' AND active='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}

session_register('fullname');
$_SESSION['fullname'] = $fullname;
session_register('username');
$_SESSION['username'] = $username;
session_register('special_user');
$_SESSION['userlevel'] = $userlevel;
session_register('userid');
$_SESSION['userid'] = $userid;

mysql_query("UPDATE pilot SET lastlog=now() WHERE userid='$userid'");

header("location: ../../site/index.php");
}
} else {
echo "You could not be logged in! Either the username and password do not match or you have not

activated your account!<br />
Please correct the problem and try again!<br />";
include '../../site/index.php';
}
?>[/code]

Once check1 has done its work it sends back to the page and should update using sessions to show the new menu but as i said befor it dont so anybody with some ideas on this

Thanx
Whare

Share this post


Link to post
Share on other sites
try changing

[code=php:0]
$result = mysql_query("SELECT * FROM pilot")
[/code]

to
[code=php:0]
$result = mysql_query("SELECT * FROM pilot WHERE username = " . $_SESSION['username']);
[/code]

You are selecting every full name with that while loop. You need a WHERE clause to specify which fullname you want.

Hope this helps,
Tom

Share this post


Link to post
Share on other sites
tom sad to say i did not work im still having the same problem

But i have updated the code with what you said :)

Thanx

Share this post


Link to post
Share on other sites
You coluld try replacing

[code]if($_SESSION['fullname'] == $row['fullname']){[/code]

with

[code]if(isset($_SESSION["fullname"])) {[/code]

Share this post


Link to post
Share on other sites
Ok you don't need to use [code=php:0]session_register[/code] any more(in you check1.php). All you have to do is define the [code=php:0]$_SESSION['whatever'] = $whatever;[/code]

Now the way that I do for the setting of extra session values is this.

[code=php:0]
if($login_check > 0){
  while($row = mysql_fetch_array($sql)){
       $_SESSION['fullname'] = $row['fullname'];
       $_SESSION['username'] = $row['username'];
       $_SESSION['userlevel'] = $row['userlevel'];
       $_SESSION['userid'] = $row['userid'];
  }
[/code]

Also You might want to user [code=php:0]mysql_real_escape_string[/code].

like this

[code=php:0]
$username = mysql_real_escape_string(trim($_POST['username']));
$password = mysql_real_escape_string(trim($_POST['password']));
[/code]

This will prevent unwanted caractures (database insertion).

Good Luck,
Tom


Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.