Jump to content

Login session code not working


coolcam262

Recommended Posts

Hello, for some reason I am unable to get the following code to work:

 

<?php
echo "<h1>Login</h1>";

if ($_SESSION['uid']) {
    echo "    You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

if (!$_POST['submit']) {	
	echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
	echo "<form method=\"post\" action=\"./login.php\">\n";
	echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
	echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
	echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
	echo "</form></table>\n";
}else {
	$user = addslashes(strip_tags(($_POST['username'])));
	$pass = addslashes(strip_tags($_POST['password']));
        
            if($user && $pass){
                $sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
                $res = mysql_query($sql) or die(mysql_error());
                if(mysql_num_rows($res) > 0){
                    $sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
                    $res2 = mysql_query($sql2) or die(mysql_error());
                    if(mysql_num_rows($res2) > 0){

					$query = mysql_query("SELECT locked FROM `users` WHERE `username`='".$user."'");
					$row2 = mysql_fetch_assoc($query);
					$locked = $row2['locked'];

					$query = mysql_query("SELECT active FROM `users` WHERE `username`='".$user."'");
					$row3 = mysql_fetch_assoc($query);
					$active = $row3['active'];

					$query = mysql_query("SELECT email FROM `users` WHERE `username`='".$user."'");
					$row3 = mysql_fetch_assoc($query);
					$email = $row3['email'];


					if ($active ==1){

						if ($locked == 0){

						$date = date("j")."<sup>".date("S")."</sup> ".date("F, Y");

						mysql_query("UPDATE users SET last_login='$date' WHERE username='$user'");

						$row = mysql_fetch_assoc($res2);
						$_SESSION['uid'] = $row['id'];
						$previous = $_COOKIE['prev_url'];
						echo "    You have successfully logged in as " . $user . "<br><br><a href='" . $previous . "'>Click here</a> to go to the previous page.\n";
						}else
							{
							echo "Your acount has been locked out due to a violation of the rules, if you think there has been a mistake please <a href='contact.php'>contact us</a>.";
							}
					} else {
						echo "You need to activate your account! Please check your email ($email)";
						}
			   }else {
                        echo "    Username and password combination are incorrect!\n";
                    }
                }else {
                    echo "    The username you supplied does not exist!\n";
                }
            }else {
                echo "    You must supply both the username and password field!\n";
            }
}

}
?>

 

It says that I have logged in successfully but the session is not created. You can find the script here and log in with the username "test" and the password "testing". I'm not sure what more information I should add.

 

Thanks,

Cameron

Link to comment
Share on other sites

I would also suggest using seperate processing pages for page actions.  For example, if you had a login page, you would want a mainly HTML based page displaying the login form, which has an action pointing at a seperate PHP based processing page, which then redirects back to either the login page if unsuccessful, or elsewhere if successful.

 

<!-- Login page (login.html) -->
<html>
  <body>
    <form action="/procs/login_proc.php" method="post">
      <!--  login form stuff here -->
    </form>
  </body>
</html>

 

<?php
  // PROCESSING PAGE - login_proc.php
  
  // if details are incorrect:
     header("Location: ../login.html");
  // if details are correct:
    header("Location: ../admin.php")
?>

 

This stops the annoying thing of people pressing F5 on pages and it asking if you want to repost data etc

Link to comment
Share on other sites

This stops the annoying thing of people pressing F5 on pages and it asking if you want to repost data etc

 

The user should not be able to visually see the login page after the user has actually logged in, so the F5 example your mentioned wont be a concern.

When the user is logged in, simply use header to redirect them to the index or whereever.

If the user has entered wrong details (email / pw), simply show redirect them to the login form once more......

 

header('Location:www.url.com');

 

To sum up: Keep the login form and php login code in the same file, dont split them... Easier to keep track of in one simple file.

Link to comment
Share on other sites

 

The user should not be able to visually see the login page after the user has actually logged in, so the F5 example your mentioned wont be a concern.

 

 

Yes but as you say, if their details are incorrect, then they are directed back to the login page - therefore if the processing is on the same page, hitting F5 will post the data again.  Not necessarily a bad thing in this instance as it will simply try to log them in using the same details again, however in other situations where the processing code is doing something more "destructive" (e.g. writing to a database), then it is best to keep processing away from the mercies of the user refresh!

Link to comment
Share on other sites

I found something I was doing wrong, I included header.inc when I was editing header.php! I still have an error message though:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /hermes/bosweb/web035/b357/ipg.projectstratoscom/header.inc:2) in /hermes/bosweb/web035/b357/ipg.projectstratoscom/header.inc on line 3

 

Isn't that basically saying you can't include it there because you've already included it there!?  :shrug: Well this line 3 is just session_start(), what's going on?!

 

Thanks,

Cameron

Link to comment
Share on other sites

This is the whole of header.INC (emphasis on the inc  ::)):

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<?php
session_start();
include "global.php";

$sql5 = "SELECT * FROM comments WHERE `pending_approval`='1'";
$res5 = mysql_query($sql5) or die(mysql_error());

$new_comments = mysql_num_rows($res5);

$sql6 = "SELECT * FROM posts WHERE `pending_approval`='1'";
$res6 = mysql_query($sql6) or die(mysql_error());

$new_posts = mysql_num_rows($res6);

$new_admin = $new_comments + $new_posts;
$new_mod = $new_comments;
?>

<html>
<head>
<title>Project Stratos</title>
<link rel="stylesheet" type="text/css" href="style.css" />

</head>
<body>
<div style="text-align: center;">
<div id="wrapper">
	<!--Menu-->
	<div id="menu">
		<ul id="menubar">
			<li><a href="http://projectstratos.com/index.php">Home</a></li>
			<li><a href="http://projectstratos.com/blog.php">Blog</a></li>
			<li><a href="http://projectstratos.com/forum">Forum</a></li>
			<li><a href="http://projectstratos.com/about.php">About</a>
				<ul>
				<li><a href="http://projectstratos.com/contact.php">Contact</a></li>
				<li><a href="http://projectstratos.com/history.php">History</a></li>
				<li><a href="http://projectstratos.com/forum/faq.php">FAQ</a></li>
				</ul>
			</li>

			<?php
			////Login logout or register///////
				if ($_SESSION['uid']) {					
					echo "<li><a href=\"http://projectstratos.com/logout.php\">Logout</a></li>";
				} else{					
					echo "<li><a href=\"http://projectstratos.com/login.php\">Login</a></li>";
					echo "<li><a href=\"http://projectstratos.com/register.php\">Register</a></li>";
				}

				$sql = "SELECT * FROM `users` WHERE `id`='".$_SESSION['uid']."'";
                    $res = mysql_query($sql) or die(mysql_error());
				if(mysql_num_rows($res) != 0){
					$row = mysql_fetch_assoc($res);
						if($row['admin'] == '1'){
							if($new_admin == '0'){
								echo "<li><a href=\"http://projectstratos.com/admin.php\">Admin</a></li>";
							} else {
								echo "<li><a href=\"http://projectstratos.com/admin.php\">Admin (".$new_admin.")</a></li>";
							}
						}

						if($row['admin'] == '2'){
							if($new_mod == '0'){
								echo "<li><a href=\"http://projectstratos.com/admin.php\">Admin</a></li>";
							} else {
								echo "<li><a href=\"http://projectstratos.com/admin.php\">Admin (".$new_mod.")</a></li>";
							}
						}
				}
			////End Login logout or register///
			?>

		</ul>
	</div>
	<!--End Menu-->
	<table>
		<tr>
			<td id="content_wrapper" border="0">
				<table>
					<tr>
						<td id="content_cell">
							<div id="body_content">

Link to comment
Share on other sites

Thanks! This has fixed everything but the phpbb3 forum. I tried intergrating it and it stopped working however even once I had completely reinstalled it it still didn't work! This is the the empty forum, you can login with the username of test and the password of testing. Your login details will be confirmed and you can navigate the site but then you will be logged out again seconds afterwards. Why?!

 

Thanks

Link to comment
Share on other sites

The 'test' user stays logged in for me (on the phpbb pages and in going to your main page and back to the forum), however, it appears that php is configured on your system to put the session id on the end of the URL, while phpbb is using a session id cookie.

 

I'm going to guess if you are having a problem staying logged in that either you are switching back and forth between URL's that have and don't have the www. on them or your browser is not configured to accept cookies or you have a corrupted or invalid cookie from some previous testing and should delete it/them and try again.

Link to comment
Share on other sites

Well, could try waiting 10 seconds as this is not the problem, I have tried it on different computers. The problem is that it doesn't stay logged in, no matter what the url is, you can log into the forum and go to another part of the site or even just refresh the page and you are still logged out.

 

Thanks,

Cameron

Link to comment
Share on other sites

From my post in reply #14 in this thread (~ 1 hour ago), up until right before I typed this reply, I have remained logged in as the 'test' user and have even closed my browser completely, twice, and have taken the time to navigate to some of the admin pages.

 

You are going to need to investigate what is happening with the session id in your browser and I both recommend that you make an account separate from the 'test' one to do so because someone else being logged in as that user might be kicking you off and that you change the test user (or at least change the password) so that it is not an administrator to the script so that all the people that have read this thread don't take over your site.

Link to comment
Share on other sites

Okay but what browser are you using, I have tried this both in firefox and ie on three seperate computers, one of them is not even connected to the same network! Is there anything I could try? And just to confirm, you are using the phpbb3 login page and not my sites?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.