Jump to content

login form with sessions


paulus4605

Recommended Posts

I'm using a login form which allows me enter the pages as member only

the only thing that I need to do is to include the file safe.php and the user has to login in order to see the content of this page. so far so good.

 

if I use my subscription forms ( spread over 2 pages) the first page can be filled in properly however when I come to the second page (where I included the safe.php aswell I think I loose the session ID that I got after logging in the first time) I am redirected to the login page which I don't want. how can I avoid this?

 

this is the  content of safe.php

<?php
// Pagina: safe.php: Includen if you want te securise your page just add it at the top of your page
include("config.php");

if(isset($_SESSION['user_id'])) {
// Inloggen correct, updaten laatst actief in db
$sql = "UPDATE gebruikers SET lastactive=NOW() WHERE id='".$_SESSION['user_id']."'";
mysql_query($sql);
}else{
if(isset($_COOKIE['user_id'])) {
  $sql = "SELECT wachtwoord,status FROM gebruikers WHERE id='".$_COOKIE['user_id']."'";
  $query = mysql_query($sql);
  $rij = mysql_fetch_object($query);
  $dbpass = htmlspecialchars($rij->wachtwoord);
  $dbstatus = htmlspecialchars($rij->status);
  if($dbpass == $_COOKIE['user_password']) {
   $_SESSION['user_id'] = $_COOKIE['user_id'];
   $_SESSION['user_status'] = $dbstatus;
  }else{
   setcookie("user_id", "", time() - 3600);
   setcookie("user_password", "", time() - 3600);
   echo "Cookies incorrect. Cookies verwijderd.";
   header("Location: inloggen.php");
  }
}else{
  header("Location: inloggen.php");
}
}
?> 

Link to comment
Share on other sites

this is the detail of the config.php

<?php
// Start je zelf ergens anders je sessies/cookies? Maak van de volgende twee regels dan commentaar (# of //)
session_start();
ob_start();

// Error reporting zetten we uit, het is niet echt netjes je bezoekers errors voor te schotelen
ERROR_REPORTING(0);

// MySQL
$db_user = "*******"; // Gebruiker voor MySQL
$db_pass = "*******"; // Wachtwoord voor MySQL
$db_host = "localhost"; // Host voor MySQL; standaard localhost
$db_db = "*******"; // Database

// Als je al ergens anders een database connectie hebt gemaakt,
// maak dan van de volgende twee regels commentaar (# of // ervoor zetten)
mysql_connect($db_host,$db_user,$db_pass);
mysql_select_db($db_db);

// Instellingen
$loginpage = "useropties.php"; // Pagina waar de gebruiker heen wordt gestuurd wanneer deze is ingelogd
$forgoturl = "http://berknet.be.funpic.de/voorbeelden/inlogsysv2/"; // Volledige URL naar inlogsysteem, voor activeren van wachtwoord vergeten, / aan einde
$sitenaam = "Groot Inlogsysteem v2"; // Naam van je site; deze word oa. gebruikt bij het verzenden van mail
$sitemail = "inlogsys@berknet.tk"; // Afzender van verzonden mail
?> 

Link to comment
Share on other sites

ERROR_REPORTING(0);

 

By setting error_reporting to zero, you are hiding any php errors that would help tell you why your code is not working.

 

ob_start();

 

By using output buffering and performing a header() redirect, any php errors that would have been reported and displayed on that page will be lost.

 

When developing and debugging php code, you need to have error_reporting set E_ALL and display_errors set to ON and you need to get all output buffering statements out of your code.

 

Edit: If you are going to set the error_reporting/display_errors settings in your script (for debugging purposes), you need to set them immediately after the first opening <?php tag on your main page that is being requested so that any errors in all the code on that page will be reported and displayed. Putting them inside included files won't help if there is a problem including that file.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.