two different $_SESSION

[brosskgm]

OK, I have one setup that was given to me to take subscriptions and track them with paypal. Works great.

 

I have a second set of scripts that has multiple databases in them that was written for me.

 

Now what I'm trying to do is to be able to use both these scripts. I have already made the tables with the needed changes and to not use username.

 

Or would it be easier to just create two fields in the table and put the email address in there twice?

 

they use two different types of login, one uses a username and the paypal scripts use email address.

 

These are all protected areas that only the user can see their own information. No one else and vise versa.

 

How do I tell the database scripts to use the email address as the username?

 

I have tried

 

$_SESSION['email'] = $_SESSION['username'];

with no luck

 

I have tried

 

function check_session($session){

 

        if($session == $_SESSION['email'] || $_SESSION['username'] || $_SESSION['cd_user'])

 

Then if true run the rest of the scripts, but it doesn't pass the information to the other pages.

 

It has a protected.php on the first script and a check_logged_in.php for the second one.

 

 protected.php

<?php
session_start();
include_once 'data.php';
include_once 'functions.php';
include_once 'ip-protection.php';

$email = isset($_POST['email']) ? $_POST['email'] : $_SESSION['email'];
$password = isset($_POST['password']) ? $_POST['password'] : $_SESSION['password'];

if(!isset($email)) {

include_once 'unauthorized.php'; 
exit;
}

if(isset($_POST['login'])) {

$email = $_POST['email'];
$password = $_POST['password'];

$password = md5($password);

dbConnect("$m_database");
$sql = "SELECT * FROM members WHERE email = '$email' AND password = '$password' AND (membership = 'activated' OR membership = 'enabled' OR membership = 'cancelled') ";

$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.');
}

if (mysql_num_rows($result) == 0) {
unset($_SESSION['email']);
unset($_SESSION['password']);

error("Incorrect login credentials ! \\n");

}

// IP Protection code - starts
// pass the email address to IP Protection script
// if the return message is SUCCESS, go ahead with this page codes
// else flag the return error message and go back to the signup form


$m_msg = ip($email);
if ($m_msg != "SUCCESS")
{ 
$m_error = "Your account has been suspended temporarily due to some suspecious account activity. \\n \\n".
"An email is sent to your email address >> $email << with the available details of this problem \\n \\n".
"If the problem persists you may contact the support team at: $m_support_email";

error("$m_error");
}
// IP Protection code - ends


$row = mysql_fetch_array($result);

$m_id = $row['ID'];

$m_current_logon_time = $row['curr_logon_time'];
$m_last_logon_time = $row['last_logon_time'];

$m_last_logon_time = $m_current_logon_time;

$sql = "UPDATE members SET 
last_logon_time = '$m_last_logon_time',
curr_logon_time = now()
WHERE ID = '$m_id'";

$result = mysql_query($sql);

$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
// $_SESSION['fname'] = $m_fname; 

}
include_once 'header.php';

?>

 

 check_logged_in.php

<?php

// NOTE: When you require_once() this file, you need to make sure the php tag it's enclosed in is at 
// the *absolute* beginning of the file (no whitespace). Otherwise the redirect header won't get sent.

require_once('utils.php');

session_start();

if(!isset($_SESSION['username'])) { // if not logged in
   header("Location: ".CONFIG_BASE_DIR."/loginform.html"); // redirect to login form from any url
   exit;
}

?>

 

Thanks in advance.

Bob

 

[brosskgm]

I did add the username to the table and it writes fine, but it still requires me to get both scripts to talk to each other.

 

[sader]

Hmm do U want to make login which allows user login by his user name or his email?

The way I did this is like so:

 

$login_id= $_POST['user']; //this can be user_name or user_email
$login_pass = md5($_POST['pass']);

//now look if user id actualy is email address

if(preg_match('/^[a-z0-9._%-]+@[a-z0-9.-]+\\.[a-z]{2,4}$/im', $login_id))
{
//login with user email
$result = mysql_query("SELECT * FROM acc WHERE email='$login_id' AND pass='$login_pass' LIMIT 1");
}
else
{
//login with user name
$result = mysql_query("SELECT * FROM acc WHERE name='$login_id' AND pass='$login_pass' LIMIT 1");
}

 

all data "email,name,pass" is strored in one table

[brosskgm]

Yes.

 

 

 

 

[brosskgm]

The paypal script has it so they log in with email address, The is the one we want to use. The second script uses username, we won't use that to log in with, but all the code for the second script uses the username to keep all data private. I'm trying to figure how to set the session when they login $_SESSION[email']; will also work for $_SESSION['username']; that the seconds script needs to see or it will send them to login. I was hoping that it was easy by simply adding a $_SESSION['username'] = $email; in the protected.php and check_logged_in.php?

 

I can't seem to hit the right combination.

[brosskgm]

I added a $_SESSION['username'] = $email; here in the code and it started to work.

kind of odd it didn't do that the last time I tried it.

 

Thanks for your help.

 

 

$result = mysql_query($sql);

 

$_SESSION['email'] = $email;

$_SESSION['username'] = $email;

$_SESSION['password'] = $password;

$_SESSION['fname'] = $m_fname;

 

}

include_once 'header.php';