daniel0005 Posted October 13, 2012 Share Posted October 13, 2012 Hi, im new to this forum, and fairly new to php. Im creating a small family website project to challenge my new php knowledge and i have ran in to a problem with my code. All is well logging in, and i do know that files arent safe for passwords but im doing it anyways haha, when i log in and it welcomes me in the top right corner (ex. Welcome, Name) the session variable that holds the username that i logged in with seems to disappear after i change pages to the admin announcement page, and then if i return to the main page its still gone and does not come back. Below is a link to a zip file containing the files, and i will also post the files code below incase people done need to visually see the page to understand what is wrong. Thanks! download: http://www38.zippysh...00948/file.html index.php <?php session_start(); ?> <html> <head> <title>Pallone Rae Family Website</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <table border="0"> <tr> <td width="100%" bgcolor="black" height="150"> <marquee><img src="websiteimages/main.png" width="100%" height="100%"></marquee> </p> </td> <td width="15%" bgcolor="white" height="150"> <?php //user validate if ($_SESSION['loggedin'] == true) { $_SESSION['loggedin'] = true; echo ("Login Successful<br>"); echo("Welcome, " . $_SESSION['username']); ?> <a href="logout.php"><br>Logout</a> <? } else { include("loginID.php"); } ///uservalidate //includes/functions ?> </td> </tr> <tr> <td width="100%" height="auto" bgcolor="white"> <font color="maroon"> <h1><b>Announcments:</b></h1> <hr width="250" align="left"><br /> <?php $file = fopen("announcments.txt", "r") or exit("Unable to open file!"); while(!feof($file)) { echo fgets($file). "<br />"; } fclose($file); ?> </font> </td> <td width="15%" height="auto" bgcolor="white"> <?php //menu if (($_SESSION['loggedin'] == true) && ($_SESSION['admin'][0] == 1)) { include("menu.php"); ?> <hr width="100%"> <b>Admin Options:</b> <a href="homepageannouncment.php"><i>Announcment</i></a> <?php } elseif ($_SESSION['loggedin'] == true) { include("menu.php"); } else { exit; } ///menu ?> </tr> </table> </body> </html> homepageannouncment.php <?php session_start(); if (($_SESSION['loggedin'] == true) && ($_SESSION['admin'][0] == 1)) { ?> <html> <head> <title>Pallone Rae Family Website</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <table border="0"> <tr> <td width="100%" bgcolor="black" height="150"> <marquee><img src="websiteimages/main.png" width="100%" height="100%"></marquee> </p> </td> <td width="15%" bgcolor="white" height="150"> <?php //user validate $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; ///uservalidate //includes/functions if ($_SESSION['loggedin'] == true) { $_SESSION['loggedin'] = true; echo ("Login Successful<br>"); echo("Welcome, " . $_SESSION['username']); ?> <a href="logout.php"><br>Logout</a> <? } else { include("loginID.php"); } ?> </td> </tr> <tr> <td width="100%" height="auto" bgcolor="white"> <h1><font color="maroon">Announcment Message:</h1> <hr width="250" align="left"> <form action="homepageannouncmentprocess.php" method="post"> Subject: <br><input type="text" name="subject" value="Subject"><br /> Message: <br> <textarea name="announcmentmessage" rows="15" cols="35"> Message </textarea><br /> <input type="submit" value="Submit Message"> </form> </font> </td> <td width="15%" height="auto" bgcolor="white"> <?php //menu if (($_SESSION['loggedin'] == true) && ($_SESSION['admin'][0] == 1)) { include("menu.php"); ?> <hr width="100%"> <b>Admin Options:</b> <a href="homepageannouncment.php"><i>Announcment</i></a> <?php } elseif ($_SESSION['loggedin'] == true) { include("menu.php"); } else { exit; } ///menu } else { session_destroy(); include("loginID.php"); } ?> </tr> </table> </body> </html> homepageannouncmentprocess.php <?php session_start(); if (($_SESSION['loggedin'] == true) && ($_SESSION['admin'][0] == 1)) { $subject = $_POST['subject']; $message = $_POST['announcmentmessage']; $file = fopen("announcments.txt", "w"); $time = date("Y/M/d/g:i A/T"); fwrite($file, "<font color='blue'><h4><b>Subject: </b></h4></font>$subject<h6><i>$time</i></h6><h4><b><font color='blue'>Message: </font></b></h4>$message<hr width='250' align='left'><br /> "); fclose($file); ?> Message Successfully Posted<br /> <a href="index.php">Click Here To View</a> <?php } else { session_destroy; include("index.php"); } ?> logout.php <?php session_start(); session_destroy(); include("index.php"); ?> loginID.php <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; if ((file_exists("users/".$username.".txt")) || ($_SESSION['loggedin'] == true)) { $pass = file("users/".$username.".txt"); if($pass[0] == $password || ($_SESSION['loggedin'] == true)) { $_SESSION['loggedin'] = true; $_SESSION['username'] = $username; $_SESSION['admin'] = file("users/".$username."admin.txt"); echo ("Login Successful<br>"); echo("Welcome, " . $_SESSION['username']); ?> <a href="logout.php"><br>Logout</a> <? } } else { echo("Please Login"); ?> <form action="index.php" method="post"> <font color="blue"> <b>Username: </b><br /><input type="text" name="username" value="Username"><br /> <b>Password: </b><br /><input type="password" name="password" value="password"><br /> <input type="submit" value="Login" /> </font> </form> <?php } ?> menu.php <?php ?> <html> <body> <hr width="100%"> <b>Change Password:</b> <form action="changepass.php" method="post"> <font color="blue"> Old Password: <input type="password" name="oldpass"> New Password: <input type="password" name="newpass"> Confirm Password: <input type="password" name="confirmnewpass"> <input type="submit" value="Change Password"> </font> </form> <hr width="100%"> <a href="index.php">Home</a><br> MenuOption2 MenuOption3 MenuOption4 </body> </html> Any help to figure out this problem or maybe future problems i might run in to are welcome. Family Website 2012.zip Quote Link to comment Share on other sites More sharing options...
daniel0005 Posted October 13, 2012 Author Share Posted October 13, 2012 I have solved this problem and cant believe how long it took me to realize such an easy fix. Someone can delete this post if needed Fix: deleted the $_SESSION['username'] = $_POST['username']; variable on the homepageannouncment.php page so the variables dont get reassigned when the page is opened Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted October 13, 2012 Share Posted October 13, 2012 Form processing code should check if a form has actually been submitted before using any of the form data. You should also be filtering/validating all external data, such as the $_POST data, before using it. Also, you have the following logic in a couple of places - if ($_SESSION['loggedin'] == true) { $_SESSION['loggedin'] = true; If you have just tested if a variable is true, it's a waste of processing time to set it to the same value that you already know it contains. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.