cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 can I see the cp.php code please? Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted June 27, 2007 Share Posted June 27, 2007 I don't even see anything in your code that can give the error "not authorized"...post the code that checks if the user is authorized or not. Â EDIT: Which I assume is cp.php Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted June 27, 2007 Share Posted June 27, 2007 Yes post the code for cp.php   Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 Yes you can see it, and yes it is in cp.php <?php session_start(); $userID = $_SESSION['userid']; include ('database.php'); //Make the query to the database to get the users information if (isset($userID)){ $query = mysql_query("SELECT * FROM users WHERE userid='$userID'")or die(mysql_error()); $row = mysql_fetch_assoc($query); //This is example information that you could echo out. echo '<b>Username:</b> '.$row['username'].'</b><br>'; echo '<b>Email:</b> '.$row['email'].'<br />'; echo '<b>Registration Date:</b> '.$row['date'].'</b>'; }else { echo "You are not authorized to access this area directly"; } ?> Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 try if ($userID>0) Â assuming you don't have a userid that is 0 if you do just blank it out Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted June 27, 2007 Share Posted June 27, 2007 cooldude - That should have nothing to do with why it isn't working. Obviously the session is not registering for some reason. Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 maybe he's checking something....but anyway here's the new code now <?php session_start(); $userID = $_SESSION['userid']; include ('database.php'); //Make the query to the database to get the users information if ($userID>0){ $query = mysql_query("SELECT * FROM users WHERE userid='$userID'")or die(mysql_error()); $row = mysql_fetch_assoc($query); //This is example information that you could echo out. echo '<b>Username:</b> '.$row['username'].'</b><br>'; echo '<b>Email:</b> '.$row['email'].'<br />'; echo '<b>Registration Date:</b> '.$row['date'].'</b>'; }else { echo "You are not authorized to access this area directly"; } ?> It's odd how that isn't working because in the database it says my userid is 4 Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted June 27, 2007 Share Posted June 27, 2007 This has if ($userID>0) no concern with this: if (isset($userID)). The problem is with sessions. Â Can u post ur updated code for index.php Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted June 27, 2007 Share Posted June 27, 2007 Change the login page code to this:  <?php session_start(); if (ISSET($_POST['sublogin'])) { // Recreation of variables for later encryption uses the $_POST will be replaced with the decrypted source $username = trim($_POST['username']); $password = trim($_POST['password']); $cryptpassword = md5($password); $url = '/cp.php?user=$username'; //Connects to DB require("database.php"); $table = "users"; $sql="SELECT username, userID FROM $table WHERE username='$username' and password='$cryptpassword'"; $result = mysql_query($sql)or die(mysql_error()); // If result matched $myusername and $mypassword, table row must be 1 row if(mysql_num_rows($result) > 0) { // Registers sesions and redirect to file "login_success.php" $storage = mysql_fetch_assoc($result); //Sessions here  $_SESSION['username'] = $storage['username'];  $_SESSION['userid'] = $storage['userID'];  header("location: $url"); } else { echo "Wrong Username or Password"; } } ?> <form action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td></tr><tr><td><input type="text" name="username" size="15" maxlength="30"/></td></tr> <tr><td>Password:</td></tr><tr><td><input type="password" name="password" size="15" maxlength="30"></td></tr><tr><td> <input type="submit" name="sublogin" value="Login" style="font-size: 8pt; color: #000000; word-spacing: 0; margin-top: 0; margin-bottom: 0" /></td></tr> </table> </form> ?>  mmarif4u - Like I said. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 try saying echo $_SESSION['userid'];Â to see its value Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted June 27, 2007 Share Posted June 27, 2007 Hah! It's working. I just tried logging in. Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 .........YES! It finally worked ;D What did you change to make it work pocobueno? Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted June 27, 2007 Share Posted June 27, 2007 Yeh i try it with cooldude and 111111 Its working fine. Â Can u show the code for index.php Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 by passed the whole renaming the user id and just say $storage['UserID'] good old KISS Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 if you mean login.php(the one we've been working on) here it is <?php session_start(); if (ISSET($_POST['sublogin'])) { // Recreation of variables for later encryption uses the $_POST will be replaced with the decrypted source $username = trim($_POST['username']); $password = trim($_POST['password']); $cryptpassword = md5($password); $url = '/cp.php?user=$username'; //Connects to DB require("database.php"); $table = "users"; $sql="SELECT username, userID FROM $table WHERE username='$username' and password='$cryptpassword'"; $result = mysql_query($sql)or die(mysql_error()); // If result matched $myusername and $mypassword, table row must be 1 row if(mysql_num_rows($result) > 0) { // Registers sesions and redirect to file "login_success.php" $storage = mysql_fetch_assoc($result); //Sessions here  $_SESSION['username'] = $storage['username'];  $_SESSION['userid'] = $storage['userID'];  header("location: $url"); } else { echo "Wrong Username or Password"; } } ?> <form action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td></tr><tr><td><input type="text" name="username" size="15" maxlength="30"/></td></tr> <tr><td>Password:</td></tr><tr><td><input type="password" name="password" size="15" maxlength="30"></td></tr><tr><td> <input type="submit" name="sublogin" value="Login" style="font-size: 8pt; color: #000000; word-spacing: 0; margin-top: 0; margin-bottom: 0" /></td></tr> </table> </form> ?> Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted June 27, 2007 Share Posted June 27, 2007 I selected ONLY what you needed from the query, to make sure that the tables actually existed (which they obviously did)...plus everything doesn't need to be selected, just a waste of query. Â I also got rid of the variables storing the values from the database, and just registered the DB values straight to the sessions. Â I also moved a few lines, that is probably what got it to work. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 just for better looking change your $url to just be cp.php Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 alright, i changed the url....sweet...i owe all of you for helping me out: pocobueno, cooldude, and mmarif4u....i think it's been two hours around since I started this topic! I really appreciate the effort in helping a fellow member of the php community, Â Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 anytime, mark it solved so we can go to bed Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted June 27, 2007 Share Posted June 27, 2007 Yes remove extra stuffs from ur code. Better programmer is to program in 10 lines of 15 line code. $url = '/cp.php?user=$username'; To: $url='/cp.php'; OR: header("location: /cp.php"); Â Quote Link to comment Share on other sites More sharing options...
L Posted June 27, 2007 Author Share Posted June 27, 2007 alright...thx again..time to be marked solved...and time to sleep!! Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted June 27, 2007 Share Posted June 27, 2007 anytime, mark it solved so we can go to bed  Going to bed oh man its 1.00 PM not 1.00 AM Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 I really should package that login script I've made and make a table creator that and a action setter and a session registerer setter so its easy to integrate Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted June 27, 2007 Share Posted June 27, 2007 well its that classic glass half full/half empty idea where you are half ways away Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted June 27, 2007 Share Posted June 27, 2007 I examine that its midnight there not here. Ok sweet dreams. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.