Session problems

[blink359]

Hi there i have a login script to access an area which is restricted on my website rather than having 2 logon scripts i want 1 logon script to create one of two sessions this script is what i wrote from a tutorial but the session allows access to both areas which i dont want, can someone please help me change it to work but talk me through it so i can learn from this:

Create Session:

if($count==1 & $row['flight']=="vulcan"){
session_start(vmyusername); 
session_start(vmypassword);  
header("location:vulcan/index.php");
}else if($count==1 & $row['flight']=="valiant"){
session_start(myusernamev); 
session_start(mypasswordv);  
header("location:valiant/index.php");
}else
{
echo "Wrong Username or Password";
}

 

Check login:

<? 
session_start();
if(!session_is_registered(myusernamev)){
header("location:../login.php");
}
?>

//or

<? 
session_start();
if(!session_is_registered(vmyusername)){
header("location:../login.php");
}
?>

Any help will be greatly appriciated

 

Thanks

 

Blink359

[blink359]

Tried to do it again with different script but i get Parse error: syntax error, unexpected $end in /home/a9855336/public_html/261website/index.php on line 45

from this code

<html>
<head>
<title>Login</title>
</head>
<body>
<form action="index.php" method="post">
Surname:<br><input type="text" name="myusername"><br>
Password:<br><input type="password" name="mypassword"><br>
<input type="submit" name="submit" value="Login">
<input type="hidden" name="code">
</form>
<?php
if(isset($_POST['code']))
{
$host="mysq*******t.com"; // Host name 
$username="a*******t"; // Mysql username 
$password="n******%"; // Mysql password 
$db_name="a********il"; // Database name 

// Connect to server and select databse.
mysql_connect($host, $username, $password);
mysql_select_db($db_name);


// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM cdtmembers WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");
$row = mysql_fetch_array($login);
session_start();
// Check username and password match
if (mysql_num_rows($login) == 1 && $row['flight'] =="vulcan") {
if($row['flight'] =="vulcan"){
        $_SESSION['flight'] = $_POST['flight'];
        header('location: vulcan/index.php');
}else if (mysql_num_rows($login) == 1 && $row['flight'] =="valiant") {
if($row['flight'] =="vulcan"){
        $_SESSION['flight'] = $_POST['flight'];
        header('location: valiant/index.php');
}else{
echo "Wrong Username or Password";
}
}
?>
</body>
</html> line 45 i believe :S

 

Also is my check session correcet now?

<?php
session_start();
if (!isset($_SESSION['flight']) && $_SESSION['flight'] !="valiant") {
       header('Location: ../index.php');
}
?><

//or

<?php
session_start();
if (!isset($_SESSION['flight']) && $_SESSION['flight'] !="vulcan") {
       header('Location: ../index.php');
}
?><

[BlueSkyIS]

this is invalid syntax and should throw an error:

 

session_start(vmyusername); 
session_start(vmypassword); 

 

session_is_registered is deprecated. this looks familiar to an example that I improved upon in another thread. regardless, you'll get nowhere fast with this syntax.

[blink359]

Ok thanks, what about the new code i put up, im trying to understand all this session stuff a bit better but im following tuts atm and trying to change it to my site atm

[blink359]

Got a step closer no php error but my headers are the same as last time but not redirecting the user:

<html>
    <head>  
<title></title>
    </head>

<body>
<form action="JNCOlogin.php" method="post">
Surname:<br><input type="text" name="myusername"><br>
Password:<br><input type="password" name="mypassword"><br>
<input type="submit" name="submit" value="Login">
<input type="hidden" name="code">
</form>
<?php
if(isset($_POST['code']))
{
$host="mysql12.000webhost.com"; // Host name 
$username="a9855336_root"; // Mysql username 
$password="n4th4n%"; // Mysql password 
$db_name="a9855336_mail"; // Database name 

// Connect to server and select databse.
mysql_connect($host, $username, $password);
mysql_select_db($db_name);

// username and password sent from form 
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

// encrypt password 
$encrypted_mypassword=md5($mypassword);

$sql="SELECT * FROM cdtmembers WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1 & $row['flight']=="vulcan"){
        $_SESSION['flight'] = $row['flight'];
        header("location:2/index.php");
}else if($count==1 & $row['flight']=="valiant")
        $_SESSION['flight'] = $row['flight'];
        header("location:1/index.php");
}else
{
echo "Wrong Username or Password";
}
}
?>
</body>
</html>

[Pikachu2000]

You have output to the browser before the header() redirect. If you had error_reporting on, you'd be getting a 'headers already sent' error. Nothing can be sent to the browser, not even whitespace, before headers.