User authentication using session variable

[manton]

Hello,

I use Dreamweaver.

I have a login form (method:post) which works fine.

But, when I add a session variable in order to keep the user logged in, the session does not work. I figure it out because i see no user data on the URL.

Changing the form method from post to get, seems to work (I mean userdata are on the URL), but in this case the form action (opening another page) is not performed.

 

I know this is a noob question but I would really appreciate any kind of help.

Thanks 

[bobleny]

I don't quite understand what your trying to ask...

 

Do you want to know how to carry the user input of a form to another page?

[MadTechie]

1. the POST doesn't put data on the URL

2. if you switched your need to update from $_POST to $_GET

3. Read up on sessions as your question doesn't relate correctly

[manton]

1. the POST doesn't put data on the URL

 

So, how the session variable works? It saves the userdata (login) directly on the server rather than passing them from one page to another via the url?

 

[MadTechie]

session_start();
$_SESSION['var'] = "data";
echo $_SESSION['var'];

 

so you could do this

 

session_start();
$_SESSION['var'] = $_GET['data'];
echo $_SESSION['var'];

[bobleny]

I can't tell you exactly how it works but I can tell you that <form method="post" action=""> will send the data over HTML. As far as I know, you don't need a server to do that. It will only send it one page though!

 

Once the data is sent to the second page, you will be able to retrieve the data and store it as a session variable like this:

$_SESSION['name'] = $_POST['name_of_input'];

 

You can now pass the user input to any page you wont until the session ends.

 

[manton]

Ok...I think I am getting somewhere 

 

The code is now the following but although I provide the correct username and password I cannot access the page.

Don't I have to declare somewhere that 'MM_Username' is the variable's value?

<?php require_once('../Connections/palso.php'); ?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "login_failed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
mysql_select_db($database_palso, $palso);
$query_Recordset1 = "SELECT * FROM `data`";
$Recordset1 = mysql_query($query_Recordset1, $palso) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

$maxRows_list = 10;
$pageNum_list = 0;
if (isset($_GET['pageNum_list'])) {
  $pageNum_list = $_GET['pageNum_list'];
}
$startRow_list = $pageNum_list * $maxRows_list;

mysql_select_db($database_palso, $palso);
$query_list = "SELECT ID, Surname, BinSerialCode, LevelDescription FROM `data` ORDER BY LevelDescription ASC";
$query_limit_list = sprintf("%s LIMIT %d, %d", $query_list, $startRow_list, $maxRows_list);
$list = mysql_query($query_limit_list, $palso) or die(mysql_error());
$row_list = mysql_fetch_assoc($list);
if (isset($_GET['totalRows_list'])) {
  $totalRows_list = $_GET['totalRows_list'];
} else {
  $all_list = mysql_query($query_list);
  $totalRows_list = mysql_num_rows($all_list);
}
$totalPages_list = ceil($totalRows_list/$maxRows_list)-1;
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-7" />
<title>Ταξινόμηση υποψηφίων ανά επίπεδο</title>
<link href="styles.css" type="text/css" rel="stylesheet" />
<link rel="stylesheet" type="text/css" href="print.css" media="print" />
</head>

<body>
<div id="container">
<h1>ΚΑΤΑΛΟΓΟΣ ΥΠΟΨΗΦΙΩΝ</h1>
<div id="sort"><table width="600">
  <tr class="nav">
    <td><a href="list.php">Ταξινόμηση ανά επίπεδο</a></td>
    <td><a href="list_bin.php">Ταξινόμηση ανά κωδικό μαθητή</a> </td>
    <td><a href="list_sur.php">Ταξινόμηση ανά επίθετο</a></td>
  </tr>
</table>
</div>
<br />
<form id="form1" name="form1" method="post" action="">
<table border="1">
  <tr>
    <td class="fields"> </td>
    <td class="fields">LevelDescription</td>
    <td class="fields">BinSerialCode</td>
    <td class="fields">Surname</td>
  </tr>
  <?php do { ?>
    <tr>
      <td><input type="checkbox" name="checkbox" value="checkbox" /></td>
      <td><?php echo $row_list['LevelDescription']; ?></td>
      <td><?php echo $row_list['BinSerialCode']; ?></td>
  <td><?php echo $row_list['Surname']; ?></td>
    </tr>
    <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?>
</table>

</form>
</div>
</body>
</html>
<?php
mysql_free_result($Recordset1);

mysql_free_result($list);
?>