metkor Posted March 2, 2007 Share Posted March 2, 2007 hii. i try to make a member authentication system. I did but i have some problems about member pages. i mean i logged in successfully but in the new page though i do session control ,my session seems empty. codes are below. please help . P.S: Sorry for not good english. giris.php(log in page) <?php ob_start(); session_start(); require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php'); if(isset($_SESSION['username']) && isset($_SESSION['password'])) { //REDIRECT TO USERS PROFILE... header("Location: http://localhost/ssa/sayfa.php"); } //end if logged in //IF SUBMIT BUTTON PRESSED if(isset($HTTP_POST_VARS['submit'])) { if(!$HTTP_POST_VARS['username']) die("Hata: Kullanýcý adýnýzý girmelisiniz."); if(!$HTTP_POST_VARS['password']) die("Hata: Þifrenizi girmelisiniz."); //set cookie if checked if(!empty($HTTP_POST_VARS['stay_in'])) { $joined =''.$HTTP_POST_VARS['username'].'[]'.md5($HTTP_POST_VARS['password']).''; setcookie("login_cookie", $joined, time()+3600, "/secure/", "localhost" ); } //end if //verify user... $get_user = mysql_query("SELECT * FROM `members` WHERE username = '".$HTTP_POST_VARS['username']."' AND user_password = '".md5($HTTP_POST_VARS['password'])."'"); $q = mysql_fetch_object($get_user); if(!$q) die("Giriþ Hatasý: Yanlis kullanici adi veya sifre!"); //set session variables $_SESSION['logged_in'] = 1; $_SESSION['username'] = $HTTP_POST_VARS['username']; $_SESSION['password'] = $HTTP_POST_VARS['password']; session_write_close(); header("Location: http://localhost/ssa/sayfa.php"); ob_end_flush();} else { //show login form ?> <form name="login" method="post" action="<? $_SERVER['PHP_SELF']; ?>"> <table> <tr> <td>Kullanýcý Adý:</td> <td><input type="text" id="username" name="username"></td> </tr> <tr> <td>Þifre:</td> <td><input type="password" id="password" name="password"></td> </tr> <tr> <td>Giriþ:</td> <td><input type="submit" value="Giriþ" name="submit" id="submit"></td> </tr> <tr> <td>Hatýrla?</td> <td><input type="checkbox" name="stay_in[]" checked="yes"></td> </tr> </table> </form> <? }//end else ?> sayfa.php(member page) <?php ob_start(); require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php'); session_start(); //check cookie if ($_SESSION['logged_in'] != 1 && isset($_COOKIE['login_cookie'])) { list($user, $pass) = explode('[]', $_COOKIE['login_cookie']); $qu = mysql_query("SELECT `user_password` FROM `members` WHERE `username` = '".addslashes($user)."'"); if (mysql_num_rows($qu) == 1) { $passw = mysql_fetch_object($qu); if ($passw->user_password = $pass) { $_SESSION['logged_in'] = 1; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; } } } if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) { $_SESSION['logged_in'] = 0; $user = "Guest"; } */ ?> <?php if(isset($_SESSION['logged_in'])) { if ($_SESSION['logged_in'] == 1) {echo "welcome to seaside";} if ($_SESSION['logged_in'] == 0) {echo "not member";}} else echo "no session variable"; ob_end_flush();?> register page <?php require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php'); if($_SESSION['logged_in'] == 1) { //REDIRECT TO HOMEPAGE header('Location: http://' . $_SERVER['HTTP_HOST'] . ''); } else { if(isset($HTTP_POST_VARS['submit'])) { //BEGIN CHECKING USERNAME... if(!$HTTP_POST_VARS['username']) die('Uyari: Kullanici adi alani bos.'); //array of invalid characters # noktali virgül ve ters slas yok $junk = array('.' , ',' , '/' , '`' , '[' , ']' , '-', '_', '*', '&', '^', '%', '$', '#', '@', '!', '~', '+', '(', ')', '|', '{', '}', '<', '>', '?', ':', '"', '='); //starting lenght of username $len = strlen($HTTP_POST_VARS['username']); //replace invalid characters $HTTP_POST_VARS['username'] = str_replace($junk, '', $HTTP_POST_VARS['username']); $test = $HTTP_POST_VARS['username']; //if lenghts are different ($len smaller), invalid characters found, so prompt error. if(strlen($test) != $len) { die('Kullanici Adi Hatasi: Kullanici adi geçersiz karakter içermektedir. Sadece A-Z, 0-9 ve alt çizgi (_) kullanabilirsiniz.'); } //Check if username already exists... $q2 = mysql_query("SELECT * FROM `members` WHERE `username` = '".$HTTP_POST_VARS['username']."'"); $q3 = mysql_fetch_object($q2); if($q3->username == $HTTP_POST_VARS['username']) { die('<BR><BR>Üzgünüm, kullanici adi: "'.$q3->username.'" daha önce alinmistir, lütfen baska bir tane seçin.'); } if(!$HTTP_POST_VARS['password']) { die('Hata: Sifre alani bos.'); } if(!$HTTP_POST_VARS['verify_password']) { die('Hata: Sifre Tekrar alani bos'); } if($HTTP_POST_VARS['password'] != $HTTP_POST_VARS['verify_password']) { die('Hata: Sifreler eslestirilemedi.'); } if(strlen($HTTP_POST_VARS['password']) < 6 ) { die('Hata: Sifreniz çok kisa. En az 6 karakter uzunlugunda olmali.'); } $insert ="INSERT INTO `members` (username, user_password, user_email) VALUES ('".$HTTP_POST_VARS['username']."', '".md5($HTTP_POST_VARS['password'])."', '".$HTTP_POST_VARS['email']."')"; $insert2 = mysql_query($insert); if(!$insert2) die(mysql_error()); echo('Kayit tamamlandi, hosgeldiniz! Hesabinizla giris yapabilirsiniz.'); } else { ?> <table> <form name="signup" action="<? $_SERVER['PHP_SELF']; ?>" method="POST"> <tr> <td>Kullanici Adi: <BR> (sadece A-Z, 0-9 ve _ kullanin.)<BR></td> <td><input type="text" id ="username" name="username" value="" maxlength="30"> <BR></td> </tr> <tr> <td>Sifre:</td> <td><input type="password" id="password" name="password" value="" maxlength="30"><BR> (En az 6 karakter)</td> </tr> <tr> <td>Sifre Tekrar:</td> <td><input type="password" id="verify_password" name="verify_password" value="" maxlength="30"><BR> </td> </tr> <tr> <td>Email:</td> <td><input type="text" id="email" name="email" value="" size="30"><br></td> </tr> <tr> <td>Kaydi tamamlamak için tiklayin:</td> <td><input type="submit" id="submit" name="submit" value="Gönder"></td> </tr> </form> </table> <?php } //end not logged in } //end submit not pressed ?> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted March 2, 2007 Share Posted March 2, 2007 On the register page you use sessions but you don't have session_start(); at the top of the script. All the other pages seem fine. Also I see you use $HTTP_POST_VARS to get your POST'd data. You should use the newer super global which is $_POST instead. Quote Link to comment Share on other sites More sharing options...
metkor Posted March 3, 2007 Author Share Posted March 3, 2007 thnks for reply. but i add session_start() to register page and there is no change. there may be a bug or sth else? could you try it on your system? cos i spend too much time, and i go mad. Everything seems ok. but i cant pass the session value from login page to member page. in login page i print session value and its ok. but in member page. it seems there is no session. Quote Link to comment Share on other sites More sharing options...
metkor Posted March 3, 2007 Author Share Posted March 3, 2007 and another problem is when i change $HTTP_POST_VARS to $_POST . it doesnt register.i am really confused. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted March 3, 2007 Share Posted March 3, 2007 What version of PHP are you using? If you say $_POST doesn't work then $_SESSION wont either. As $_SESSION is part of the newer super globals. Run a script with this in it to get the version if you are unsure: <?php echo 'Your PHP version is: ' . phpversion(); ?> Quote Link to comment Share on other sites More sharing options...
metkor Posted March 4, 2007 Author Share Posted March 4, 2007 thank you. my old version was 4.0.5. now i install 4.1.1 and everything is ok except one thing. when i click logout from the member page. it says i am loggod out. but when i click member page it turns to member page. not warn me to log in. Quote Link to comment Share on other sites More sharing options...
metkor Posted March 4, 2007 Author Share Posted March 4, 2007 and my logout code cikis.php <?php ob_start(); $_SESSION['logged_in'] = 0; setcookie("login_cookie", $joined, time()-3600, "/secure/", "localhost" ); session_destroy(); header("Location: http://localhost/ssa/index.php"); ob_end_flush(); ?> Quote Link to comment Share on other sites More sharing options...
Orio Posted March 4, 2007 Share Posted March 4, 2007 Try adding to your logout page these lines: <?php unset($_SESSION['username']); unset($_SESSION['password']); ?> Orio. Quote Link to comment Share on other sites More sharing options...
metkor Posted March 4, 2007 Author Share Posted March 4, 2007 thanks orio and wildteen88. i finally solve all problems i forget in logout page start session and and i unset session wrongly . Thanks alot again. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted March 4, 2007 Share Posted March 4, 2007 Glad you got it sorted however I think it would best if you upgrade PHP to the latest version which PHP4.4.5 if you can. There has been of a lot of security and bug fixes since your version of PHP to the newest. Yours is outdated Quote Link to comment Share on other sites More sharing options...
Orio Posted March 4, 2007 Share Posted March 4, 2007 Glad you got it sorted however I think it would best if you upgrade PHP to the latest version which PHP4.4.5 if you can. There has been of a lot of security and bug fixes since your version of PHP to the newest. Yours is outdated 3 days ago PHP 4.4.6 was released (Minor changes were made with 4.4.5) Orio. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted March 4, 2007 Share Posted March 4, 2007 Glad you got it sorted however I think it would best if you upgrade PHP to the latest version which PHP4.4.5 if you can. There has been of a lot of security and bug fixes since your version of PHP to the newest. Yours is outdated 3 days ago PHP 4.4.6 was released (Minor changes were made with 4.4.5) Orio. Umm didn't know PHP4.4.6 was released. Quote Link to comment Share on other sites More sharing options...
metkor Posted March 4, 2007 Author Share Posted March 4, 2007 thnks i'll upgrade it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.