Include Function problems

[discoDrive]

I am looking to write an Include function into my script so that when a user is logged in, the login box will no longer appear. I have no experience with include functions yet and I am very new to PHP. I have a working login script and a user signup form. I am using sessions I believe, and not cookies to track users to my website but I am unsure whether the script is even secure. The login code is below, so that someone can see how my users are tracked for sure. I know this is a lot of code to look through, but I'm stumped! If anybody could give me any help with this problem, I would very much appreciate it.

 

<?php require_once('Connections/conn.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "includetest.php";
  $MM_redirectLoginFailed = "index.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_conn, $conn);
  
  $LoginRS__query=sprintf("SELECT username, password FROM members WHERE username='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
    $GLOBALS['MM_UserGroup'] = $loginStrGroup;	      

    //register the session variables
    session_register("MM_Username");
    session_register("MM_UserGroup");

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="login" id="login" method="POST" action="<?php echo $loginFormAction; ?>">
  <label>Username:
  <input type="text" name="username" tabindex="1" />
  <!--//tab index is very useful for navigating the site without a mouse using just the tab button-->
  </label>
  <label>Password:
  <input type="password" name="password" tabindex="2" />
  <input type="image" name="submit" value="Log In" src="images/go.gif" tabindex="3" alt="Go Button" />	
</label></form>
<div id="signup">Login or <a href="signup.php">Sign Up</a></div>
</body>
</html>

[phpSensei]

Whats the problem? The include function? Any errors?

[discoDrive]

I havent written the script. I need to know if it will work based on my login script and where to start. I have tried using the following script, recommended to me, but this seems way to basic and did not work. It included the login box where i wanted it to,but did not remove it once i had logged in as a user to test it.

 

<?php
if(!isset($_SESSION['login'])) {
include("theIncludePage.php");
}
?>

 

I know this forum is not for people to find "how to's" but a recommended script did not work and numerous tutorials have failed as well. Will this be particularly complicated? Thankyou for your response.

[phpSensei]

No one uses session_register anymore,

 

try

 

$value = "joey";

$_SESSION['name'] = $value;

 

 

[teng84]

can we see you page?(link)

[discoDrive]

The page isnt live, im testing on an apache local server. The code that I used for the login came from setting up the page in dreamweaver mx2004 using server behaviours. I wasnt aware that this code was that outdated. If this means that this is too vague for you to help, then I'll have to find some other way of setting this up, but this is obviously my first port of call because this forum is usually great at helping. I'll do anything I can to make this easier, but I'm really new to PHP and need all the help I can get.

[teng84]

where is the theIncludePage.php

and what name of that code you posted above?

[discoDrive]

The code posted above is an example. The actual code leads to the page where i have created my login form. It is called login2.php. The main page has the code and is called includetest.php:

 

<?php {
if(!isset($_SESSION['login']))
include("login2.php");
}
?>

 

included within the html script. I was told this should include the box when the user is not logged in, and remove it from the page when they are logged in, but it doesnt remove it after signing in. When logged in, the user is directed back to the same page and the login form should be gone, but it remains where it was in the first place.

[phpQuestioner]

try "require_once()" instead of "include()" and see if that does the trick.

[teng84]

where do you set this session ?

$_SESSION['login']

[discoDrive]

Should this be in the php script in login2.php, where the login form is located?:

 

<?php require_once('Connections/conn.php'); ?><?php
// *** Validate request to login to this site.
session_start('login'); //<----HERE?
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "includetest.php";
  $MM_redirectLoginFailed = "index.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_conn, $conn);
  
  $LoginRS__query=sprintf("SELECT username, password FROM members WHERE username='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
    $GLOBALS['MM_UserGroup'] = $loginStrGroup;	      

    //register the session variables
    session_register("MM_Username");
    session_register("MM_UserGroup");

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

[phpSensei]

session_start(); << Doesnt need 'login'

[teng84]

<?php 
session_start();
require_once('Connections/conn.php'); ?><?php
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "includetest.php";
  $MM_redirectLoginFailed = "index.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_conn, $conn);

  $LoginRS__query=sprintf("SELECT username, password FROM members WHERE username='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
   
  $LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
   
    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
    $GLOBALS['MM_UserGroup'] = $loginStrGroup;        

    //register the session variables
    session_register("MM_Username");
    session_register("MM_UserGroup");

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];   
    }
$_SESSION['login']='success';
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

-----------------------------
<?php {
if(!isset($_SESSION['login']))
include("login2.php");
}
?>

[discoDrive]

Ok I have removed login from session_start(); and it doesnt make a difference. I have no idea why this wouldnt be working. I appreciate your patience because I am very new to this and learning bit by bit as I go along. Also, the code reposted by teng84 did not work. I'm sure the session is working correctly, its loggin in and redirecting to the specified page. If the login fails, it also redirects correctly. Does this mean it is something to do with the include script located in the php document with my login form?

[CMC]

Are you sure it's setting the session? Try echoing out the sessions at the top of the script and then at the bottom so you know if the session has even been set.

[discoDrive]

Where do i put the echos to see if the session is starting?

[discoDrive]

Bump.

[discoDrive]

Ok, i have been working on this problem for a while now, and i have discovered that the variable in the following script is not actually set. Someone told me to use this script therefore im unsure of what i should set the value of the variable to:

 

<?php 
if(!isset($_SESSION['login'])){
include("login2.php");
}
?>

 

In my main script, there is nothing that says $_SESSION['login'] anywhere. I have tried changing the value to the values in the next piece of script, with no success...Would this cast any light on the problem?

 

    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
    $GLOBALS['MM_UserGroup'] = $loginStrGroup;	      

    //register the session variables
    session_register("MM_Username");
    session_register("MM_UserGroup");

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

[discoDrive]

Bump...Im still totally baffled by the include function, any help at all is appreciated.