Jump to content


Photo

login problem


  • Please log in to reply
5 replies to this topic

#1 whare

whare
  • Members
  • PipPipPip
  • Advanced Member
  • 75 posts

Posted 26 August 2006 - 08:47 PM

Hi all

right my login script dont seem to work well work correctly

You can fill out all the info and it seems to login put after you have logged in the login form should convert to a menu (links dependant on user level) but it dont update with the menu after login here is the code

page with the menu/login form (sorry about the lenth but it is all built into the page)

<? session_start();
include '../pirep2/includes/config.php';
$name = $_SESSION['fullname'];
$userlevel = $_SESSION['userlevel'];
$result = mysql_query("SELECT * FROM pilot") 
or die(mysql_error());
while($row = mysql_fetch_array( $result ))
$name1 = $row['fullname'];

?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Header</title>
</head>

<body LINK="#FFFFff" 
    VLINK="#ffffff" 
    ALINK="#ffffff">

<div align="center">
  <center>

<table border="0" width="877" height="326" bordercolor="#FFFFFF" bordercolorlight="#FFFFFF" 

bordercolordark="#FFFFFF">
  <tr>
    <td width="869" colspan="2" height="223" valign="top" align="left">
      <table border="1" width="100%" bordercolor="#800000" cellpadding="0" bordercolorlight="#800000" 

bordercolordark="#800000" height="216">
        <tr>
          <td width="100%" height="191"><img border="0" src="images/header.gif" width="861" height="191"></td>
        </tr>
        <tr>
          <td width="100%" bgcolor="#800000" bordercolor="#800000" bordercolorlight="#800000" 

bordercolordark="#800000" height="17" color="#FFFFFF">
            <p align="center"><font face="Arial" size="2" color="#FFFFFF"><b>
<?php include("menu/top.php"); ?><br><?
if($_SESSION['fullname'] == $row['fullname']){
echo "£new menu";
if($userlevel == 0){
	echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File Pirep</a>0";
}
if($userlevel == 1){
	echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File 

Pirep</a></b></font>1";
}
if($userlevel == 2){
	echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File 

Pirep</a></b></font>2";
}
if($userlevel == 3){
	echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File 

Pirep</a></b></font>3";
}
if($userlevel == 4){
	echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File 

Pirep</a></b></font>4";
}
if($userlevel == 5){
	echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File 

Pirep</a></b></font>5";
}
if($userlevel == 6){
	echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File 

Pirep</a></b></font>6";
}
if($userlevel == 7){
	echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File 

Pirep</a></b></font>7";
}



} else {

	echo "<form method='POST' action='../pirep2/includes/check1.php'>
  <p align='center'><font face='Arial' size='2'>| Username:<input type='text' name='username' size='10' 

style='font-family: Arial; font-size: 10px; background-color: #800000; color: #FFFFFF; border: 1 double #FFFFFF' 

class='headform' id='01'>
  | Password:<input type='password' name='password' size='10' style='font-family: Arial; font-size: 10px; 

background-color: #800000; color: #FFFFFF; border: 1 double #FFFFFF' class='headform' id='01' |</font>
  | <input type='submit' value='Login' name='B1' style='font-family: Arial; font-size: 10px; color: #FFFFFF; 

font-weight: bold; background-color: #800000; border: 1 double #FFFFFF'>
  |</form>";
}


?></b></font>
          </td>
        </tr>
      </table>
    </td>
  </tr>
  <tr>
    <td height="104" width="109" valign="top" align="left" bgcolor="#800000" bordercolor="#FFFFFF" 

cellspacing="1" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF">
      <font face="Arial" size="2" color="#FFFFFF" align="center"><b>
<?php include("menu/side.php"); ?></b></font>
    </td>
    <td height="104" width="754" valign="top" align="left">
<? include ("news.php")?><BR>
      <div align="center">
        <center>
      <table bordercolor="#800000" width="468" border="1" bordercolorlight="#800000" bordercolordark="#800000">
      <TR>
      <TD><iframe src="http://www.vaad.org/login/banners.asp" align="center" width="468" height="60" 

scrolling="no" frameborder="0" marginheight="0" marginwidth="0" target="_blank"></iframe>
      </TD>
      </TR>
      </TABLE>
        </center>
      </div>
    </td>
  </tr>
  <tr>
  <TD colspan="2" bgcolor="#FFFFFF" bordercolor="#FFFFFF" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" 

align="left" width="869" height="16" valign="top">
    <table border="1" width="100%" bgcolor="#800000" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF" 

bordercolor="#FFFFFF">
      <tr>
        <td width="100%">
          <p align="center"><b><font color="#FFFFFF" face="Arial" size="1">Copyright
    2003 - 2006 Dash Airways</font></b></td>
      </tr>
    </table>
  </TD>
  </TR>
</table>

  </center>
</div>

</body>

</html>

Once posted it is sent to check1.php

<?
session_start();

include 'config.php';

$username = $_POST['username'];
$password = $_POST['password'];

if((!$username) || (!$password)){

	echo 'Please enter all the information on the login form';
	include '../../site/index.php';
	exit();
}

$password = md5($password);

$sql = mysql_query("SELECT * FROM pilot Where username='$username' AND password='$password' AND active='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
	while($row = mysql_fetch_array($sql)){
	foreach( $row AS $key => $val ){
		$$key = stripslashes( $val );
	}

	session_register('fullname');
	$_SESSION['fullname'] = $fullname;
	session_register('username');
	$_SESSION['username'] = $username;
	session_register('special_user');
	$_SESSION['userlevel'] = $userlevel;
	session_register('userid');
	$_SESSION['userid'] = $userid;

	mysql_query("UPDATE pilot SET lastlog=now() WHERE userid='$userid'");

	header("location: ../../site/index.php");
	}
} else {
	echo "You could not be logged in! Either the username and password do not match or you have not 

activated your account!<br />
Please correct the problem and try again!<br />";
	include '../../site/index.php';
}
?>

Once check1 has done its work it sends back to the page and should update using sessions to show the new menu but as i said befor it dont so anybody with some ideas on this

Thanx
Whare

#2 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 26 August 2006 - 08:53 PM

try changing

$result = mysql_query("SELECT * FROM pilot")

to
$result = mysql_query("SELECT * FROM pilot WHERE username = " . $_SESSION['username']);

You are selecting every full name with that while loop. You need a WHERE clause to specify which fullname you want.

Hope this helps,
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#3 whare

whare
  • Members
  • PipPipPip
  • Advanced Member
  • 75 posts

Posted 26 August 2006 - 09:07 PM

tom sad to say i did not work im still having the same problem

But i have updated the code with what you said :)

Thanx

#4 AdRock

AdRock
  • Members
  • PipPipPip
  • Advanced Member
  • 911 posts

Posted 26 August 2006 - 09:21 PM

You coluld try replacing

if($_SESSION['fullname'] == $row['fullname']){

with

if(isset($_SESSION["fullname"])) {


If your topic has been solved, please mark the topic as SOLVED.

This helps others from identifying which topics need help still

#5 whare

whare
  • Members
  • PipPipPip
  • Advanced Member
  • 75 posts

Posted 26 August 2006 - 09:24 PM

Now that works

Thanx Rock :D

#6 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 26 August 2006 - 09:27 PM

Ok you don't need to use
session_register
any more(in you check1.php). All you have to do is define the
$_SESSION['whatever'] = $whatever;

Now the way that I do for the setting of extra session values is this.

if($login_check > 0){
   while($row = mysql_fetch_array($sql)){
        $_SESSION['fullname'] = $row['fullname'];
        $_SESSION['username'] = $row['username'];
        $_SESSION['userlevel'] = $row['userlevel'];
        $_SESSION['userid'] = $row['userid'];
   }

Also You might want to user
mysql_real_escape_string
.

like this

$username = mysql_real_escape_string(trim($_POST['username']));
$password = mysql_real_escape_string(trim($_POST['password']));

This will prevent unwanted caractures (database insertion).

Good Luck,
Tom



Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users