nvee Posted February 18, 2010 Share Posted February 18, 2010 Hey Im so tired of struggling with this topic I want to write a login script which 1) Checks if $_SESSION["id"] has been set, if not, go back to index.php and 2) if $_SESSION["id"] has been set, check if the $_SESSION["id"] matches session_id() and if the $_SESSION["username"] matches that stored in the database. If it fails, go back to index.php, else continue on the page. I am getting redirecting issues, it would appear my code is running in a loop. If someone can please help me sort this out, and maybe give me a better, more situable and probably more secure version on how to run this code, I would be really happy. The coke only works with sessions as the login does not have to be stored. CODE AT THE TOP OF EACH PAGE: <?php session_start(); include("includes/admin.php"); include("includes/functions.php"); if(!isset($_SESION["id"])) { session_destroy(); header("Location:index.php"); } else { if(isset($_SESSION["id"]) && $_SESSION["id"] != session_id()) { connectdb(); $username = mysql_real_escape_string($_SESSION["username"]); // uname is the field in the database for the username $query = mysql_query("SELECT * FROM admins WHERE uname = '".$username."'"); if(!$query) { trigger_error("Error: ".mysql_error()); } $rows = mysql_num_rows($query); if($rows != 1) { session_destroy(); header("Location:index.php"); } else { include("includes/head.php"); ?> // PAGE CONTENT GOES HERE <?php } } } ?> HERE IS THE CODE WHICH DOES THE LOGIN, PLEASE ASSIST WHERE YOU CAN. IT LOGS IN PROPERLY, DONT THINK THERES SOMETHING WRONG HERE, BUT ANY SUGGESTIONS WOULD DO: <?php if($_POST["Submit"] == "login") { $uname = $_POST["uname"]; $pass = $_POST["pass"]; if(empty($uname)) { $error .= "<li>You did not supply a username</li>"; } if(empty($pass)) { $error .= "<li>You did not supply a password</li>"; } if(!empty($error)) { echo "<h3>USER LOGIN</h3>"; echo "<br />"; echo "<p>The following errors has occured:</p>"; echo "<ul>"; echo $error; echo "</ul>"; } else { connectdb(); $username = mysql_real_escape_string("$uname"); $password = mysql_real_escape_string("$pass"); $query = mysql_query("SELECT * FROM admins WHERE uname = '".$username."' AND pass = '".$password."'"); if(!$query) { trigger_error("Error: ".mysql_error()); } $rows = mysql_num_rows($query); if($rows != 1) { $errors .= "Your username and password does not match. Please try again. <strong>REMEMBER:</strong> All failed login attempts are logged!"; echo "<h3>USER LOGIN</h3>"; echo "<br />"; echo "<p>The following errors has occured:</p>"; echo "<ul>"; echo $errors; echo "</ul>"; } else { while($result = mysql_fetch_array($query)) { $_SESSION["name"] = $result["name"]; } $_SESSION["active"] = 1; $_SESSION["username"] = $username; $_SESSION["id"] = session_id(); } } } if($_SESSION["active"] != 1) { ?> <h3>Welcome Guest, please log in</h3> <br /> <p>Please log in with your details below. All incorrect attempts are logged:</p> <br /> <form action="<?php echo htmlentities($_SERVER["PHP_SELF"]); ?>" method="POST"> Username: <input name="uname" type="text" /><br /> Password: <input name="pass" type="password" /><br /> <input name="Submit" id="Submit" type="submit" value="login" /> </form> <?php } else { ?> // SOME CONTENT IN THE CONTENT AREA <?php } ?> Link to comment https://forums.phpfreaks.com/topic/192496-login-does-not-direct-properly/ Share on other sites More sharing options...
LeadingWebDev Posted February 18, 2010 Share Posted February 18, 2010 if(!isset($_SESION["id"])) { -> if(!isset($_SESSION["id"])) { Link to comment https://forums.phpfreaks.com/topic/192496-login-does-not-direct-properly/#findComment-1014238 Share on other sites More sharing options...
nvee Posted February 18, 2010 Author Share Posted February 18, 2010 thank you, that was partially helpful, but the problem still remains. I know what the problem is, but I cant seem to find a solution: The problem comes in with the first part which looks if the session exists, if not, goto index.php. The problem is obviously that this code is also located on index.php, which means that it is directing and redirecting to itself the whole time, running a loop. Im not sure what the best way is of doing this? Link to comment https://forums.phpfreaks.com/topic/192496-login-does-not-direct-properly/#findComment-1014250 Share on other sites More sharing options...
sader Posted February 18, 2010 Share Posted February 18, 2010 try add session_start(); in your login.php Link to comment https://forums.phpfreaks.com/topic/192496-login-does-not-direct-properly/#findComment-1014257 Share on other sites More sharing options...
nvee Posted February 18, 2010 Author Share Posted February 18, 2010 You see, the problem is a little more tricky. MY login.php file is actually my index.php file. Link to comment https://forums.phpfreaks.com/topic/192496-login-does-not-direct-properly/#findComment-1014259 Share on other sites More sharing options...
sader Posted February 18, 2010 Share Posted February 18, 2010 I'l try write the basic sturcture that I think should do the job. <?php session_start(); include("includes/admin.php"); include("includes/functions.php"); if($_POST['Submit']) { //mysql login stuff if(user_found_in_database) { $_SESSION['id'] = session_id(); $_SESSION['username'] = username; $_SESSION['userpass'] = userpass; $_SESSION['valid_user'] = true; } } if(isset($_SESSION['id']) && $_SESSION['id'] == session_id()) { //do mysql revalidation if(if_user_depend_on_session_data_is_incorrect) { unset($_SESSION['id']); unset($_SESSION['username']); unset($_SESSION['userpass']); unset($_SESSION['valid_user']); header("Location: index.php"); } } //now print you content if($_SESSION['valid_user']) { //hello admin } else { //hey maybe u wish to login? } ?> Link to comment https://forums.phpfreaks.com/topic/192496-login-does-not-direct-properly/#findComment-1014270 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.