Jump to content

[SOLVED] dynamic urls destroying my session variables HELP please!


validkeys

Recommended Posts

here is the user auth script i am using. i have this in a file called accesscontrol.php that  I include at the top of every page. If i am not logged in and put a URL in my browser like localhost/artist.php?artistid=16. It takes me to the login screen, i log in and then it takes me to localhost/artist.php?artistid=17 it takes me back to the login screen and no longer has my session variables registered.

 

Here's the code. What am I doing wrong?

 

Thanks

 

<?php
    include_once("functions/db/db1config.php");
include_once("functions/db/connect.php");

session_start();


//		condition           ? if true       :   if not true
$uname = isset($_POST['uname']) ? $_POST['uname'] : $_SESSION['uname'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];

if(!isset($uname)) {
include("top.php");
include("leftad.php");
include("header.php");
include("topadbar.php");	
?>
<div id="accesscontainer" class="maincontent">	
<div id="loginform">
           
         //my login form

</div>

<div id="accessbody">
 	<div id="welcomeheader">Welcome to Company</div>
 <p>You must log in to access this area of the site. If you are
    not a registered user, <a href="signup.php">click here</a>
    to sign up for instant access!</p>
</div>
<div id="clearme"></div>
</div>
<?php
include("footer.php");
include("rightad.php");
include("closer.php");
exit;
}

$_SESSION['uname'] = $uname;
$_SESSION['pwd'] = $pwd;


$sql = "SELECT * FROM USER_AUTH WHERE
       USER_EMAIL = '$uname' AND USER_PASS = md5('$pwd')";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
       'login details.\\nIfhis error persists, please '.
       'contact [email protected].');
}

if (mysql_num_rows($result) == 0) {
unset($_SESSION['uname']);
unset($_SESSION['pwd']);
unset($_SESSION['uid']);

include("top.php");
include("leftad.php");
include("header.php");
include("topadbar.php");
?>

<div id="accesscontainer" class="maincontent">
<div id="loginform">

             //my login form

</div>

<div id="accessbody">
	 	<div id="welcomeheader">Access Denied</div>
			 <p>Your user ID or password is incorrect, or you are not a
			    registered user on this site. To try logging in again, click
			    <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
			    access, click <a href="signup.php">here</a>.</p>
</div>
</div>

<?php
include("footer.php");
include("rightad.php");
include("closer.php");
exit;
}



$uname = mysql_result($result,0,'USER_FNAME');
$_SESSION['uid'] = 	mysql_result($result,0,'USER_ID');
?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.