Jump to content

login problem


whare

Recommended Posts

Hi all

right my login script dont seem to work well work correctly

You can fill out all the info and it seems to login put after you have logged in the login form should convert to a menu (links dependant on user level) but it dont update with the menu after login here is the code

page with the menu/login form (sorry about the lenth but it is all built into the page)

[code]<? session_start();
include '../pirep2/includes/config.php';
$name = $_SESSION['fullname'];
$userlevel = $_SESSION['userlevel'];
$result = mysql_query("SELECT * FROM pilot")
or die(mysql_error());
while($row = mysql_fetch_array( $result ))
$name1 = $row['fullname'];

?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Header</title>
</head>

<body LINK="#FFFFff"
    VLINK="#ffffff"
    ALINK="#ffffff">

<div align="center">
  <center>

<table border="0" width="877" height="326" bordercolor="#FFFFFF" bordercolorlight="#FFFFFF"

bordercolordark="#FFFFFF">
  <tr>
    <td width="869" colspan="2" height="223" valign="top" align="left">
      <table border="1" width="100%" bordercolor="#800000" cellpadding="0" bordercolorlight="#800000"

bordercolordark="#800000" height="216">
        <tr>
          <td width="100%" height="191"><img border="0" src="images/header.gif" width="861" height="191"></td>
        </tr>
        <tr>
          <td width="100%" bgcolor="#800000" bordercolor="#800000" bordercolorlight="#800000"

bordercolordark="#800000" height="17" color="#FFFFFF">
            <p align="center"><font face="Arial" size="2" color="#FFFFFF"><b>
<?php include("menu/top.php"); ?><br><?
if($_SESSION['fullname'] == $row['fullname']){
echo "£new menu";
if($userlevel == 0){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File Pirep</a>0";
}
if($userlevel == 1){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>1";
}
if($userlevel == 2){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>2";
}
if($userlevel == 3){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>3";
}
if($userlevel == 4){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>4";
}
if($userlevel == 5){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>5";
}
if($userlevel == 6){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>6";
}
if($userlevel == 7){
echo "| <a href='pchange.php'>Change Password or Email</a> | <a href='pirep.php'>File

Pirep</a></b></font>7";
}



} else {

echo "<form method='POST' action='../pirep2/includes/check1.php'>
  <p align='center'><font face='Arial' size='2'>| Username:<input type='text' name='username' size='10'

style='font-family: Arial; font-size: 10px; background-color: #800000; color: #FFFFFF; border: 1 double #FFFFFF'

class='headform' id='01'>
  | Password:<input type='password' name='password' size='10' style='font-family: Arial; font-size: 10px;

background-color: #800000; color: #FFFFFF; border: 1 double #FFFFFF' class='headform' id='01' |</font>
  | <input type='submit' value='Login' name='B1' style='font-family: Arial; font-size: 10px; color: #FFFFFF;

font-weight: bold; background-color: #800000; border: 1 double #FFFFFF'>
  |</form>";
}


?></b></font>
          </td>
        </tr>
      </table>
    </td>
  </tr>
  <tr>
    <td height="104" width="109" valign="top" align="left" bgcolor="#800000" bordercolor="#FFFFFF"

cellspacing="1" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF">
      <font face="Arial" size="2" color="#FFFFFF" align="center"><b>
<?php include("menu/side.php"); ?></b></font>
    </td>
    <td height="104" width="754" valign="top" align="left">
<? include ("news.php")?><BR>
      <div align="center">
        <center>
      <table bordercolor="#800000" width="468" border="1" bordercolorlight="#800000" bordercolordark="#800000">
      <TR>
      <TD><iframe src="http://www.vaad.org/login/banners.asp" align="center" width="468" height="60"

scrolling="no" frameborder="0" marginheight="0" marginwidth="0" target="_blank"></iframe>
      </TD>
      </TR>
      </TABLE>
        </center>
      </div>
    </td>
  </tr>
  <tr>
  <TD colspan="2" bgcolor="#FFFFFF" bordercolor="#FFFFFF" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF"

align="left" width="869" height="16" valign="top">
    <table border="1" width="100%" bgcolor="#800000" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF"

bordercolor="#FFFFFF">
      <tr>
        <td width="100%">
          <p align="center"><b><font color="#FFFFFF" face="Arial" size="1">Copyright
    2003 - 2006 Dash Airways</font></b></td>
      </tr>
    </table>
  </TD>
  </TR>
</table>

  </center>
</div>

</body>

</html>
[/code]

Once posted it is sent to check1.php

[code]<?
session_start();

include 'config.php';

$username = $_POST['username'];
$password = $_POST['password'];

if((!$username) || (!$password)){

echo 'Please enter all the information on the login form';
include '../../site/index.php';
exit();
}

$password = md5($password);

$sql = mysql_query("SELECT * FROM pilot Where username='$username' AND password='$password' AND active='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}

session_register('fullname');
$_SESSION['fullname'] = $fullname;
session_register('username');
$_SESSION['username'] = $username;
session_register('special_user');
$_SESSION['userlevel'] = $userlevel;
session_register('userid');
$_SESSION['userid'] = $userid;

mysql_query("UPDATE pilot SET lastlog=now() WHERE userid='$userid'");

header("location: ../../site/index.php");
}
} else {
echo "You could not be logged in! Either the username and password do not match or you have not

activated your account!<br />
Please correct the problem and try again!<br />";
include '../../site/index.php';
}
?>[/code]

Once check1 has done its work it sends back to the page and should update using sessions to show the new menu but as i said befor it dont so anybody with some ideas on this

Thanx
Whare
Link to comment
Share on other sites

try changing

[code=php:0]
$result = mysql_query("SELECT * FROM pilot")
[/code]

to
[code=php:0]
$result = mysql_query("SELECT * FROM pilot WHERE username = " . $_SESSION['username']);
[/code]

You are selecting every full name with that while loop. You need a WHERE clause to specify which fullname you want.

Hope this helps,
Tom
Link to comment
Share on other sites

Ok you don't need to use [code=php:0]session_register[/code] any more(in you check1.php). All you have to do is define the [code=php:0]$_SESSION['whatever'] = $whatever;[/code]

Now the way that I do for the setting of extra session values is this.

[code=php:0]
if($login_check > 0){
  while($row = mysql_fetch_array($sql)){
       $_SESSION['fullname'] = $row['fullname'];
       $_SESSION['username'] = $row['username'];
       $_SESSION['userlevel'] = $row['userlevel'];
       $_SESSION['userid'] = $row['userid'];
  }
[/code]

Also You might want to user [code=php:0]mysql_real_escape_string[/code].

like this

[code=php:0]
$username = mysql_real_escape_string(trim($_POST['username']));
$password = mysql_real_escape_string(trim($_POST['password']));
[/code]

This will prevent unwanted caractures (database insertion).

Good Luck,
Tom


Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.