simonsays Posted August 29, 2006 Share Posted August 29, 2006 I seem to be a bit in trouble with changing username or password of a logged in user. Everytime the user changes it, the username/password in session don't seem to be updated and when a user tries to go to any page he gets automatically logged out and has to log in again... How can I solve the problem?Here are both complete scripts, that I use:index.php[code]<?require_once('Smarty.class.php');$smarty = new Smarty();function checkUser($login, $pass) {$sql = mysql_query("SELECT id FROM admin WHERE login = '$login' AND password = '$pass'") or die(mysql_error());if (mysql_num_rows($sql) == 1) {return true;} else {return false;}}function GetName($login){$result=mysql_query("SELECT name FROM admin WHERE login='$login'") or die(mysql_error());return $name=mysql_result($result, 0, 'name');}include_once 'data.php';include_once 'security.php';session_start(); $junk = array(',' , '/' ,"\\", '`' , ';' , '[' , ']' , '-', '_', '*', '&', '^', '#', '!', '~', '+', '(', ')', '|', '{', '}', '<', '>', '?', ':', '"', '=', 'ь', 'х', 'д', 'ц'); if (isset($_POST['uid']) && isset($_POST['pwd'])){$len = strlen($_POST['uid']);$_POST['uid'] = str_replace($junk, '', $_POST['uid']);$test = $_POST['uid'];if(strlen($test) != $len) {$smarty->assign('viga', 1); }$passlen = strlen($_POST['pwd']);$_POST['pwd'] = str_replace($junk, '', $_POST['pwd']);$test2 = $_POST['pwd'];if(strlen($test2) != $passlen) {$smarty->assign('viga', 1); }} if (isset($_POST['uid']) && isset($_POST['pwd'])) { $uid = security($_POST['uid']);$pwd = security($_POST['pwd']);if (checkUser($uid, $pwd)) {$_SESSION['auid'] = $uid;$_SESSION['apwd'] = $pwd;$smarty->assign('uid', $_SESSION['auid']);$smarty->assign('pwd', $_SESSION['apwd']);$name=GetName($_SESSION['auid']);$smarty->assign('name', $name);} else {$smarty->assign('viga', 1);}} elseif (isset($_SESSION['auid']) && isset($_SESSION['apwd'])) {$uid = $_SESSION['auid'];$pwd = $_SESSION['apwd'];$name=GetName($_SESSION['auid']);$smarty->assign('name', $name);if (checkUser($uid, $pwd)) { $smarty->assign('uid', $uid);$smarty->assign('pwd', $pwd); } else { $smarty->assign('viga', 1); } }if ((isset($_GET['logout'])) && ($_GET['logout']==1)) { session_unset(); session_destroy(); header("Location:index.php");}switch ($_GET['page']){case 'change': $smarty->assign('show', 'change'); break; case 'addevent': $smarty->assign('show', 'addevent'); break;default: $smarty->assign('page', 1);}$smarty->assign('target', $_SERVER[PHP_SELF]);$smarty->display('back.tpl');?>[/code]change.php, that gets included into back.tpl when $_GET[page] == change[code]<?require_once('Smarty.class.php');$smarty = new Smarty();include_once 'security.php';include_once 'data.php';include_once 'checkuser2.php';if(isset($_POST['olduid'])){if($_POST['olduid']==NULL OR $_POST['uid1']==NULL OR $_POST['uid2']==NULL){$smarty->assign('emptyuser', 1);}elseif($_POST['uid1']!=$_POST['uid2']){$smarty->assign('umismatch', 1);}else{$old=security($_POST['olduid']);if ($_SESSION['auid'] == $old){$new=security($_POST['uid1']);if (checkUser2($new)==TRUE){$result=mysql_query("UPDATE admin SET login='$new' WHERE login='$old'") or die(mysql_error());$smarty->assign('uuspeh', 1);$_SESSION['auid']=$new;}else{$smarty->assign('exists', 1);}}else {$smarty->assign('wrongold', 1);}}}if(isset($_POST['oldpass'])){if($_POST['oldpass']==NULL OR $_POST['pass1']==NULL OR $_POST['pass2']==NULL){$smarty->assign('emptypass', 1);}elseif($_POST['pass1']!=$_POST['pass2']){$smarty->assign('pmismatch', 1);}else{$old=security($_POST['oldpass']);if ($_SESSION['apwd']==$old){$new=security($_POST['pass1']);$result=mysql_query("UPDATE admin SET password='$new' WHERE password='$old' AND login='$_SESSION[auid]'") or die(mysql_error());$smarty->assign('puspeh', 1);$_SESSION['apwd']=$new;} else {$smarty->assign('wrongoldp', 1);}}}$smarty->assign('target', $_SERVER[PHP_SELF]);$smarty->display('change.tpl');?>[/code] Quote Link to comment Share on other sites More sharing options...
Corona4456 Posted August 29, 2006 Share Posted August 29, 2006 [code]$_SESSION['apwd']==$new[/code]You check for equality and don't actually set the password for the session Quote Link to comment Share on other sites More sharing options...
simonsays Posted August 29, 2006 Author Share Posted August 29, 2006 that was a silly mistake. shame on me. I corrected it, but the situation seemed to be the sameThen I realized that I simply never assigned new value to Smarty engine. Thanks! Quote Link to comment Share on other sites More sharing options...
Corona4456 Posted August 29, 2006 Share Posted August 29, 2006 No problem... glad to help :). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.