simonemma Posted January 4, 2007 Share Posted January 4, 2007 Hi,I'm in need of some help. I have a database system which allows users to enter insect records. I have a login script which allows users to log in and once logged in they are taken to their records display page. I have set up a session variable inthe log in script called MM_Password. This variable is then used to filter out their records from the database.The problem I have apart from being a total begiinner is that sometimes it display their database entries and sometimes it doesn't. Also when I try and log in as someone else while I'm testing this is always seems to display my results. Can someone help or is there any ready made scripts out there which are free. I'm keen to get this finished as it will be used to log insect records for a conservation project. Here is the login script.[quote]<?php// *** Validate request to login to this site.if (!isset($_SESSION)) { session_start();}$loginFormAction = $_SERVER['PHP_SELF'];if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck'];}if (isset($_POST['username'])) { $loginUsername=$_POST['username']; $password=$_POST['Password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "recordspersonalfinal.php"; $MM_redirectLoginFailed = "recordsmainerror.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_databasecon, $databasecon); $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username='%s' AND password='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $databasecon) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); }}?>[/quote]ThanksSimon Link to comment https://forums.phpfreaks.com/topic/32893-session-variables-to-a-recordset/ Share on other sites More sharing options...
kenrbnsn Posted January 4, 2007 Share Posted January 4, 2007 Please change the [nobbc][quote][/quote] tags in your post to [code][/code] tags[/nobbc].Ken Link to comment https://forums.phpfreaks.com/topic/32893-session-variables-to-a-recordset/#findComment-153105 Share on other sites More sharing options...
rab Posted January 4, 2007 Share Posted January 4, 2007 [code]<?php/* * Unless your include()'ing or require*()'ing this file, * just leave session_start(); here*/session_start();$loginFormAction = $_SERVER['PHP_SELF'];if (isset($_GET['accesscheck'])) $_SESSION['PrevUrl'] = $_GET['accesscheck'];if( isset($_POST['username']) ) { $loginUsername = mysql_real_escape_string($_POST['username']); /* * A few words of advice, * - Dont rely on magic_quotes to secure your variables for MySQL * - I recommend that you encrypt your passwords as it is more secure */ $password = $_POST['Password']; // md5(), sha1() ? $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "recordspersonalfinal.php"; $MM_redirectLoginFailed = "recordsmainerror.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_databasecon, $databasecon); $LoginRS_query=sprintf("SELECT COUNT(username) FROM users WHERE username='$loginUsername' AND password='$password'"); if( !($LoginRS = mysql_query($LoginRS__query, $databasecon)) ) { print "An error has occured with MySQL"; // i dont use mysql_error as it can show database information within the // error string returned // die() or exit() here? } if( mysql_num_rows($LoginRS) ) { $loginStrGroup = ""; // Why is this empty? //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if( isset($_SESSION['PrevUrl']) ) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else header("Location: ". $MM_redirectLoginFailed );}?>[/code]Cleaned up. I don't know why you had isset(..) && false. Link to comment https://forums.phpfreaks.com/topic/32893-session-variables-to-a-recordset/#findComment-153115 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.