ShoeLace1291 Posted April 10, 2007 Share Posted April 10, 2007 Ok, my registration/login script was working fine until I tested the registration and registered a new user. Once I logged in with the new account, I logged out and then logged into the first account. Everything was fine until I clicked on a link to a page that also uses the session. The only problem is that for the username, it displays the username for the second account. I thought the logout was successful because it no longer displayed the login form at the top of the page. What do you guys think is causing the problem? Quote Link to comment Share on other sites More sharing options...
Glyde Posted April 10, 2007 Share Posted April 10, 2007 Can we see the code where you set and unset the sessions? IE login/logout. Quote Link to comment Share on other sites More sharing options...
ShoeLace1291 Posted April 10, 2007 Author Share Posted April 10, 2007 Login.php <?php require_once('config.php'); // Use session variable on this page. This function must put on the top of page. session_start(); include('constants.php'); $message=""; //Login Section. $Login=$_POST['submit']; if($Login){ // If clicked on Login button. $username=$_POST['username']; $password=md5($_POST['password']); // Encrypt password with md5() function. $last_login = $_POST['last_login']; // Check matching of username and password. $result=mysql_query("select * from members where username='$username' and password='$password'"); if(mysql_num_rows($result)!='0'){ // If match. session_register("username"); // Craete session username. mysql_query("UPDATE vbb_members SET logged_in=logged_in+1, last_login='$last_login' WHERE username='$username'"); setcookie("$username","07470433",time()+60*60*24*7); header("Location:index.php"); }else{ // If not match. $message="--- Incorrect Username or Password ---"; } } // End Login authorize check. ?> <? echo $message; ?> <table> <tr><form action='login.php' method='POST'> <td>User : </td> <td><input name="username" type="text" id="username" /></td> </tr> <tr> <td>Password : </td> <td><input name="password" type="password" id="password" /></td> </tr> </table><input type='hidden' name='last_login' value='<?php echo "$date at $time"; ?>'> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html> Logout.php <?php session_start(); ob_start(); session_destroy(); require_once('config.php'); mysql_query("UPDATE vbb_members SET logged_in=logged_in - 1 WHERE username='$username'"); header("Location: index.php"); ?> Quote Link to comment Share on other sites More sharing options...
Glyde Posted April 10, 2007 Share Posted April 10, 2007 setcookie("$username","07470433",time()+60*60*24*7); That is very much incorrect. Instead of setting the cookie with a name of 07470433 to a value of $username, you're doing the opposite. I'm not entirely sure why you want to do that, but if that's intended...ok. Anyways, all I need to see now is where you actually display the user's username Quote Link to comment Share on other sites More sharing options...
ShoeLace1291 Posted April 10, 2007 Author Share Posted April 10, 2007 Erg, I got that cookie script from a tutorial. The login form is displayed at the top of my page if the user is logged out and the username is displayed if they are logged in. This file is what controls that action: header_body.tpl <div id="wrapper"> <div id="header" width='100%'> <div id="logo"> <span class="name"><?php echo "$site_name"; ?></span><br /> <span class="slogan"><?php echo "$description"; ?></span> </div> <div id="login"> <?php if($user == "Guest"){ ?> <form id="form1" method="post" action="login.php"> <label> <input name="username" type="text" class="text" value="username" onfocus="if(this.value==this.defaultValue) this.value='';" /> </label> <label> <input name="password" type="password" class="text" value="password" onfocus="if(this.value==this.defaultValue) this.value='';" /> <input type='hidden' name='last_login' value='<?php echo "$date at $time"; ?>'> <input name="submit" type="submit" class="submit" value="Login" /> </label> </form><?php } if($user != "Guest"){ echo "Welcome back, $user!<br><a href='profile.php?action=edit&uid=$uid'>Edit Profile</a> | <a href='messages.php?action=inbox'>Inbox</a> | <a href='index.php?action=calendar'>Events Calendar</a>"; } if($perm == 1){ echo "<a href='admincp/index.php'>Admin Panel</a>"; } ?> </div> </div> <div id="userbar"> <div id="userinfo"> <ul> <li><a href="index.php">Forum Index</a></li> <li><a href="members.php?action=controls">User CP</a></li> <li><a href='members.php?action=list'>Members List</a></li> <li><?php if($user == "Guest"){ echo "<a href='login.php'>Login</a> <a href='register.php'>Register</a>"; } if($user != "Guest"){ echo "<a href='logout.php'>Logout</a>"; } ?></li> </ul> </div> <div id="search"> <div id="form"> <form id="form2" name="form2" method="post" action="index.php?action=search"> <label> <input name="thread" type="text" value="Search and enter"><input type='submit' class='submit' name='go' value='Go'> </label> </form> </div> </div> </div> <?php if($user == 'Guest'){ echo "<div class='error'>You are not logged in. Please do so using the above form or by clicking <a href='login.php'>here</a>.</div>"; } ?> Quote Link to comment Share on other sites More sharing options...
Glyde Posted April 10, 2007 Share Posted April 10, 2007 Well, I don't know exactly what to say. The script wasn't written too well, and it's relying a lot of register_globals. It seems that no variable on that .tpl page has been defined. I will need to see where $user is actually defined in order to see what your real problem is. Quote Link to comment Share on other sites More sharing options...
ShoeLace1291 Posted April 10, 2007 Author Share Posted April 10, 2007 if(!session_is_registered("username")){ $user = "Guest"; } if(session_is_registered("username")){ $user = $_SESSION['username']; $uidquery = mysql_query("SELECT * FROM vbb_members WHERE username='".$_SESSION['username']."'"); $get=mysql_fetch_array($uidquery); $uid=$get["uid"]; } Quote Link to comment Share on other sites More sharing options...
Glyde Posted April 10, 2007 Share Posted April 10, 2007 On login.php, add this after the cookie is set: $_SESSION['username'] = $username; The last bit you sent me should look like this if(!$_SESSION['username']) { $user = "Guest"; } else { $user = $_SESSION['username']; $uidquery = mysql_query("SELECT * FROM vbb_members WHERE username='".$_SESSION['username']."'"); $get = mysql_fetch_array($uidquery); $uid = $get["uid"]; } Ensure there is a session_start() on each page. Quote Link to comment Share on other sites More sharing options...
ShoeLace1291 Posted April 10, 2007 Author Share Posted April 10, 2007 *Sigh* now it's not redirecting me back to index.php. Quote Link to comment Share on other sites More sharing options...
Glyde Posted April 10, 2007 Share Posted April 10, 2007 Make sure header("Location: index.php"); Still exists in the login.php script Quote Link to comment Share on other sites More sharing options...
ShoeLace1291 Posted April 10, 2007 Author Share Posted April 10, 2007 It is there. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.