[SOLVED] Saving logon in sessions

[heckler0077]

I have a script like this:

 

<?php 
session_start(); 
// Define your username and password 
$username = "username"; 
$password = "password"; 
$_SESSION['txtUsername'] = $_POST['txtUsername']; 
$_SESSION['txtPassword'] = $_POST['txtPassword']; 
if ($_SESSION['txtUsername'] != $username || $_SESSION['txtPassword'] != $password) { 

?> 

<h1>Login</h1> 

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 
    <p><label for="txtUsername">Username:</label> 
    <br /><input type="text" title="Enter your Username" name="txtUsername" /></p> 

    <p><label for="txtpassword">Password:</label> 
    <br /><input type="password" title="Enter your password" name="txtPassword" /></p> 

    <p><input type="submit" name="Submit" value="Login" /></p> 

</form> 

<?php 

} 
else { 
//--------------------------------------------------------------------------------------- 
$filename = $_GET['filename']; 
if (empty($filename)) 
{ 
?> 
<form action="" method="GET"> 
<input type="text" name="filename"> 
<input type="submit"> 
</form> 
<?php 
} 

else 
{ 
if (strpos($filename,".zip") >= 1) 
{ 
exec('unzip $filename',$ret); 
echo "Successful unzipping"; 
session_destroy(); 
} 
elseif ((strpos($filename,".tgz") >= 1) || (strpos($filename,".tar.gz") >= 1)) 
{ 
exec('tar -xzf $filename',$ret); 
echo "Successful untargzing"; 
session_destroy(); 
} 
else 
{ 
?> 
<form action="" method="GET"> 
<input type="text" name="filename"> 
<input type="submit"> 
</form> 
<?php 
} 
} 
} 
?>

 

The only part we need to worry about is logging in. The problem is that After I logon and use the text box to submit my filename, it takes me to the login screen again. I thought I had solved this by using session variables that only expire after a successfull uncompressing, but apparently I was wrong. Help!

[MadTechie]

humm this is kinda weird

 

<?php 
session_start(); 
// Define your username and password 
$username = "username"; 
$password = "password"; 
$_SESSION['txtUsername'] = $_POST['txtUsername']; 
$_SESSION['txtPassword'] = $_POST['txtPassword']; 
if ($_SESSION['txtUsername'] != $username || $_SESSION['txtPassword'] != $password) { 

?> 

if the username is correct it will login even if password is wrong!

not sure how thats is meant to work!

[heckler0077]

Well, that's not part of my original problem, but if that's true, then that only compounds it.  That needs to be solved, too, but I'm a little unsure.

[heckler0077]

I tested the original code, and it wouldn't let me log in unless both the password and username were correct, which leaves us still with our original problem.  (Thank you for all the help so far on all my topics)

[heckler0077]

Please, someone help!

[trq]

Don't keep bumping your thread every few minutes or I will close it.

 

You fail to state clearly what your actual problem is. Your form is pointing to itself, and nowhere in your code do you attempt a redirect to anywhere else. What exactly is your issue?

[Trium918]

Well, that's not part of my original problem, but if that's true, then that only compounds it.  That needs to be solved, too, but I'm a little unsure.

 

Please thorpe, let the man be!

 

<?php
if ($_SESSION['txtUsername'] != $username || $_SESSION['txtPassword'] != $password) 
?>

should be

<?php
if ($_SESSION['txtUsername'] != $username && $_SESSION['txtPassword'] != $password) 
?>

 

 

 

[heckler0077]

Thank you, Trium, and thorpe, I apologize.  As to changing or: || to and: &&

That lets me login as long as either the password or username is correct, even if both are not, because now the code states that if both are incorrect, show the login screen, otherwise, proceed to content.  It also still takes me back to the login screen when I use the form to enter my compressed file's name.

[heckler0077]

The problem has been identified.  On each reload, the post variables were writing over the session variables.  I solved that, and now it works correctly.  Thank you, posters, for all of your help.