Jump to content

Unset $_SESSION set anyway?

spookztar

By spookztar
in PHP Coding Help

 Share

Recommended Posts

spookztar Newbie

spookztar

Posted
Posted

Hi guys,

 

a bit puzzled here  ???

 

On first pageview $_SESSION['allowed'] is set and  $_SESSION['disallowed'] is not. Why? This should only happen upon successfull log-in.

 

The code appears a bit long, but it's mostly just a log-in routine with various checks. When "allowed" is set, sections should be accessible from links in the menu.

 

can someone explain this behaviour to me?

top of script:

session_start();
include 'musicart_files/music_includes/dbconnector.php';
include 'musicart_files/music_includes/musicart_functions.php';
if ($_SESSION['allowed'] = TRUE) unset($_SESSION['disallowed']);
$_SESSION['unauthorized'] = TRUE;
print_r($_SESSION);
ini_set('display_errors', ON);
error_reporting(E_ALL);
?>

included menu:

function menu()
{
echo "<span>";
//$link = array();
$links[1] = "Product Handling";
$links[2] = "Misc. Parameters";
$links[3] = "Statistics";
$links[4] = "Look 'n' Feel";
foreach ($links as $key => $value)
{
echo "<a href=\"".$_SERVER['PHP_SELF']."?sectionid=".$key."\">".$value."</a>";
}
echo "</span>";
}

The code:

$sectionid = (isset($_GET['sectionid']) AND is_numeric($_GET['sectionid'])) ? $_GET['sectionid'] : "failed";
$loginform = "<form method='post' action='{$_SERVER['PHP_SELF']}'>
<fieldset>
<legend>LOG-IN</legend>
<p><label>Name:</label><input name='formusername' type='text' size='15' maxlength='20' /></p>
<p><label>Password:</label><input name='formpassword' type='password' size='15' maxlength='20' /></p>
<p><input class='submit' type='submit' value='Log-in' name='login' /></p>
</fieldset>
</form>";
if ($sectionid == 1) //AND ($_SESSION['allowed'] == TRUE))
      {
      echo "<div class='adminbox'>";
      echo menu();
      echo "</div><!-- adminbox end -->";
      echo "<div class='applicationarea'>";
      echo "Welcome to section 1!";
      die("</div><!-- applicationarea end -->");
      }
if ($sectionid == 2)
      {
      echo "<div class='adminbox'>";
      echo menu();
      echo "</div><!-- adminbox end -->";
      echo "<div class='applicationarea'>";
      echo "Welcome to section 2!";
      die("</div><!-- applicationarea end -->");
      }
if ($sectionid == 3)
      {
      echo "<div class='adminbox'>";
      echo menu();
      echo "</div><!-- adminbox end -->";
      echo "<div class='applicationarea'>";
      echo "Welcome to section 3!";
      die("</div><!-- applicationarea end -->");
      }
if ($sectionid == 4)
      {
      echo "<div class='adminbox'>";
      echo menu();
      echo "</div><!-- adminbox end -->";
      echo "<div class='applicationarea'>";
      echo "Welcome to section 4!";
      die("</div><!-- applicationarea end -->");
      }
if (isset($_POST['login']))
{
$formusername = mysql_real_escape_string(strip_tags(trim($_POST['formusername'])));
$formpassword = mysql_real_escape_string(strip_tags(trim($_POST['formpassword'])));
              if (!preg_match('/[a-z]+/', $formusername) OR
                  !preg_match('/[A-Z]+/', $formusername) OR
                  !preg_match('/[0-9]+/', $formusername))
                  {
                  echo "<div class='applicationarea'>";
                  echo "<span class='warning'>FAILURE: Authentication failed. Username failed character criteria.</span>";
                  echo $loginform;
                  die("</div><!-- applicationarea end -->");
                  } 
              if (!preg_match('/[a-z]+/', $formpassword) OR
                  !preg_match('/[A-Z]+/', $formpassword) OR
                  !preg_match('/[0-9]+/', $formpassword))
                  {
                  echo "<div class='applicationarea'>";
                  echo "<span class='warning'>$formpassword FAILURE: Authentication failed. Password failed character criteria.</span>";
                  echo $loginform;
                  die("</div><!-- applicationarea end -->");
                  }
                  elseif (strlen($formusername) <5 OR strlen($formusername) >20)
                         {
                         echo "<div class='applicationarea'>";
                         echo "<span class='warning'>FAILURE: Authentication failed. Username illegal length.</span>";
                         echo $loginform;
                         die("</div><!-- applicationarea end -->");
                         }                   
                  elseif (strlen($formpassword) <8 OR strlen($formpassword) >20)
                         {
                         echo "<div class='applicationarea'>";
                         echo "<span class='warning'>FAILURE: Authentication failed. Password illegal length.</span>";
                         echo $loginform;
                         die("</div><!-- applicationarea end -->");
                         }
                      else 
                         {
                         $formpassword = md5($formpassword);
                         $formusername = md5($formusername);
//
// DB stuff below and authorization if userdata validates and matches fetched DB values.
//
$query = mysql_query("SELECT name, param FROM parameter WHERE name='siteuser' OR name='siteuserpasswd'") OR die(mysql_error());
while($row = mysql_fetch_array($query))
      {
      $$row['name'] = $row['param'];
      }
   if ($siteuser !== $formusername)
      {
      echo "<div class='applicationarea'>";
      echo "<span class='warning'>FAILURE: Authentication failed. Wrong username.</span>";
      echo $loginform;
      die("</div><!-- applicationarea end -->");
      }
   if ($siteuserpasswd !== $formpassword)
      {
      echo "<div class='applicationarea'>";
      echo "<span class='warning'>FAILURE: Authentication failed. Wrong password.</span>";
      echo $loginform;
      die("</div><!-- applicationarea end -->");
      }
   if (($siteuser == $formusername) AND ($siteuserpasswd == $formpassword)) 
      {
      //$_SESSION['allowed'] = TRUE;
      echo "<div class='adminbox'>";
      echo menu();
      echo "</div><!-- adminbox end -->";
      echo "<div class='applicationarea'>";
      echo "<h1>Greetings 0' exalted one, my master!</h1>";
      die("</div><!-- applicationarea end -->");
      } 
    }
  }
else {
echo "<div class='applicationarea'>";
echo $loginform;
die("</div><!-- applicationarea end -->");
}

 

Thanx,

 

Link to comment
https://forums.phpfreaks.com/topic/63322-unset-_session-set-anyway/
Share on other sites
spookztar Newbie

spookztar

Posted
  • Author
Posted

Ok, $_SESSION['disallowed'] is now set at first pageview, but continues to be set after log-in. But as soon as I reload the page after login, 'disallowed' get's unset and 'allowed' get's set as it should. But why is the browserrefresh necessary to get there?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.