aftab_jii Posted February 18, 2007 Share Posted February 18, 2007 im working on a login schema and having a little trouble.. i have three files: login.php loggedinn.php notallowed.php authenticate.php login.php is the schema loggedin.php is the page the user see after successful logginn not allowed is the page visitor see if he tries to access a page that is password proteced like: compose an article (which is only accessable to users) authenticate.php is a script that controlls the session started in login.php somehow, no matter what i try, i always end up on notallowed.php..meaning either i try to enter the right password, wrong password or types the location that is password protected...it doesnot even promt when i type wrong password; just jumps to notallowed.php here are the files..i need help.. ----- login.php --- <?php //ob_start(); if (isset($_POST['submit'])) { // Check if the form has been submitted. require_once ('files/config.php'); // Connect to the database. if (empty($_POST['email'])) { // Validate the username. $email = FALSE; echo '<font color="red">You forgot to enter your username!</font><br>'; } else { $email = $_POST['email']; } if (empty($_POST['passwd'])) { // Validate the password. $password = FALSE; echo '<font color="red">You forgot to enter your password!</font><br>'; } else { $password = $_POST['passwd']; } if ($email && $password) { // If everything OK. // Query the database. $query = "SELECT user_id, access_lvl,name " . "FROM users " . "WHERE email='" . $_POST['email'] . "' " . "AND passwd=PASSWORD('" . $_POST['passwd'] . "')"; $row = mysql_query ($query); //$row = mysql_fetch_array ($result, MYSQL_NUM); if ($row) { // A match was made. //Start the session, register the values & redirect. session_start(); $_SESSION['user_id'] = $row['user_id']; $_SESSION['access_lvl'] = $row['access_lvl']; $_SESSION['name'] = $row['name']; ob_end_clean(); // Delete the buffer. header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedinn.php"); exit(); //ob_end_clean(); // Delete the buffer. } else { // No match was made. echo '<font color="red">The username and password entered do not match those on file.</font><br>'; } mysql_close(); // Close the database connection. } else { // If everything wasn OK. echo '<font color="red">Please try again.</font><br>'; } } // End of SUBMIT conditional. ob_end_flush(); ?> <form action="login.php" method="post"> <p>E-mail address:<br> <input type="text" name="email" maxlength="255" value=""> </p> <p>Password:<br> <input type="password" name="passwd" maxlength="50"> </p> <p> <input type="submit" name="submit" value="Login"> </p> </form> <p></p> -------- login.php ends here ------ here is the loggedinn.php ---start --- <?php session_start(); include('files/config.php'); include('files/authenticate.php'); if ((isset($_SESSION['user_id']) && $_SESSION['user_id'] != "") || (isset($_SESSION['access_lvl']) && $_SESSION['access_lvl'] != "")) { echo ' | <a href="links.php?action=funkey">Links</a>'; echo ' | <a href="published.php">Articles</a>'; echo ' | <a href="compose.php">Compose</a>'; echo ' | <a href="banadmin.php">Blocked List</a>'; if ($_SESSION['access_lvl'] > 1) { echo ' | <a href="cpl.php">Control panel</a>'; } //echo ' | <a href="links.php">Control Panel</a>'; echo ' | <a href="logout.php?action=Logout">Logout</a> |'; //}else{ // echo ' | <a href="login.php?action=login">Login</a> |'; } ?> ------ ends here ---- here is notallowed.php ---start---- <?php echo "you are not allowd to access this page without right previllages"; ?> --- ends here---- here is the authenticate page... ---- authenticate.php --- <?php if ((isset($_SESSION['user_id']) && $_SESSION['user_id']) != "" || (isset($_SESSION['access_lvl']) && $_SESSION['access_lvl'] != "")) { $redirect = $_SERVER['PHP_SELF']; } else { header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/notallowed.php"); //die(); } ? ------ ends here ------ i did the following echos in loggedinn.php: echo "user_id: " . $_SESSION['user_id']; echo "access level" . $_SESSION['access_lvl']; and it returned nothing Quote Link to comment Share on other sites More sharing options...
.josh Posted February 18, 2007 Share Posted February 18, 2007 first thing I notice at a glance, is your condition in your authenticate.php && conditions get tested before || conditions. If anything turns out false, you get redirected to notallowed.php. You need to use some ( ) to specify the order you want things to be evaluated. But also, I suggest you break that condition up. Quote Link to comment Share on other sites More sharing options...
aftab_jii Posted February 18, 2007 Author Share Posted February 18, 2007 how can i break this up? i think there is something wrong with my login.php cuz when i type wrong password i dont get prompted but send ro notallowed.php <?php if ((isset($_SESSION['user_id']) && $_SESSION['user_id']) != "" || (isset($_SESSION['access_lvl']) && $_SESSION['access_lvl'] != "")) { $redirect = $_SERVER['PHP_SELF']; } else { header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/notallowed.php"); //die(); } ? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.