Jump to content

Starting authentication issue from scratch.

paddyhaig

By paddyhaig
in PHP Coding Help

 Share

Recommended Posts

paddyhaig Member

paddyhaig

Posted
Posted

Here is my pertinent authentication page information:

 


<form action="scripts/authenticate/auth.php" method="POST">

Account:
          <input name="account" type="text" id="account" value="inter-nation-house" 

Username:
          <input name="username" type="text" id="username" size="20">

Password:
          <input name="password" type="password" id="password" size="20">

<input type="image" src="graphics/general/login_button.jpg" onClick="document.submit();>   
	 

 

Here is the authentication script used by above:

 


<?php

  if (isset($_POST['username']) && isset($_POST['password'])) {
  
  $db = mysql_connect('localhost', 'example', 'example') or die("Couldn't connect to the database<br>" . mysql_error()); 
  mysql_select_db('example', $db) or die("Couldn't select<br>" . mysql_error());
   
  $login = mysql_real_escape_string($_POST['username'], $db);
  $password = mysql_real_escape_string($_POST['password'], $db);
  
  $query = "SELECT privilege FROM auth WHERE login = '$login' AND password = '$password'";
  $result = mysql_query($query, $db) or die("Problem with the query: $query<br>" . mysql_error());
  
    if (0 == mysql_num_rows($result)) {
    header('Location: ../../index.php');
    exit(0);
  }
  
  $row = mysql_fetch_assoc($result);
  $privilege = $row['privilege'];
  
  session_start();
  $_SESSION['username'] = $login;
  $_SESSION['privilege'] = $privilege;

  
  if ('receptionist' === $privilege) {
    header('Location: ../../receptionists/index.php');
    exit(0);
  }

  if ('manager' === $privilege) {
    header('Location: ../../managers/index.php');
    exit(0);
  }

  if ('administrator' === $privilege) {
    header('Location: ../../admin/index.php');
    exit(0);
  }
}
?>

 

Here is what I am including above the head of all the pages I wish to secure: It was working fine until I added this to the beginning of each page.

 


<?php session_start();
if (! isset($_SESSION['privilege'])) { // privilege?
    // redirect to your login page
    header("Location: ../index.php");
    exit;
} else {
    // check to make sure the privilege is correct for this page
    // modify as needed
    if ($_SESSION['privilege'] != 'privilege') {
        die('You do not have the privilege to access this page.');
    }
}
?>

 

Here is my cookie information:

 

Name PHPSESSID

Value 0i14qiuf33cma8oucoohb52mh5

Host         localhost

Path /

Secure No

Expires At End Of Session

 

Please see attached db schema if needed.

 

Here is the error I am still getting: (It simply just wont let me in)

You do not have the privilege to access this page.

 

Despite the fact that I am entering the correct information.

 

 

 

[attachment deleted by admin]

riwan Newbie

riwan

Posted
Posted

This code here cause the error

if ($_SESSION['privilege'] != 'privilege') {
        die('You do not have the privilege to access this page.');
    }

You're trying to compare the value of $_SESSION['privilege'] (receptionist, manager, administrator) with the string 'privilege'. The condition will always be true as the value is not the same as the string 'privilege'

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.