Slight Script Problem

Zenax

Zenax

Active Member
Messages
1,377
Reaction score
4
Points
38
Perhaps you can help me out here.

The script I have is not remembering sessions. I think i am creating them correctly. Here is the code:

PHP: 
<?php
            session_start();
            
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>ZenCMS</title>

<link rel="stylesheet" href="style.css" type="text/css" />

<script type="text/javascript" src="tabs/ajaxtabs/ajaxtabs.js">

/***********************************************
* Ajax Tabs Content script- © Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code
***********************************************/

</script>
</head>

<body>



<div class="topBar">


    <div class="logo">
    
        <img src="img/logo.jpg" width="400" height="100" alt="ZenCMS" />
        
    </div>
    

    <div class="form">
    
        <div class="formContent">
            <?php
            

            
        // Require once the DB script
        require_once('connect_db.php');

        $username = $_POST['username'];
        $password = $_POST['password'];

        // Creating an SQL Query
        $q = "SELECT * FROM users WHERE  users = '$username' and password = '$password'";
        $check = mysql_query($q);

        // Counting the table row
        // If the result is matched then $username, $password must be row 1
        $count = mysql_num_rows($check);

        if ($count == 1) {
            
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
        
            if ($_SESSION['username'] = 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
            
            echo 'Welcome '. $_SESSION['username'] .'. You are now logged in!';
            echo '<br />';
            echo '<a href="logout.php">Logout</a>';
            

            
        }
        
        elseif ($count == 0)    {
        echo 'Wrong username or password specified';
        echo '<a href="#" onClick="history.back(1)">Go Back</a>';
        }
        
        else {        
?>
            <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
            <table width="90%" border="0" cellspacing="0" cellpadding="5">
                  <tr>
                    <td>Username:</td>
                    <td>Password:</td>
                  </tr>
                  <tr>
                       <td><input type="text" name="username" /></td>
                    <td><input type="password" name="password" /> &nbsp; <input name="submit" type="submit" value="Login" class="button"/></td>
              </tr>
            </table>
            </form>
        <?php
        
        }
        
        ?>
      </div>
    </div>




</div>




<div class="rightCol">


    <div class="title">
    Website News
    </div>
    
    <div class="info">
    
        <i>New Template - 04 July 2007</i>
        <br />
        I have created a brand new template. The reason behind this is so that I can sort things out witha  dodgy phpBB 3 installation I had once, and also continue writing my own CMS. This template is based on partly things I have written so far. The login feature at the top of the page is curently based on the membership feature that is based within the CMS. 
        
        <br />
        <br />
        
        I am in the process of writing the rest of the CMS and you can find out information on this CMS by visiting the relevant pages behind it!
        
        <br />
        <br />
        If you have any problems, then please do not hesitate to contact me by visting the contact page!
        <br />
        <br />
        Regards,
        <br />
        ZenCMS Admin
    
    </div>

<br />
<?php

 echo file_get_contents("http://staff.x10hosting.com/adCode.php?ad=advanced"); 
 
?>




</div>

<div class="navTop">

12435


</div>


<div class="topBoxes">

<ul id="maintab" class="shadetabs">
<li class="selected"><a href="#default" rel="ajaxcontentarea">About</a></li>
<li><a href="tabs/external.htm" rel="ajaxcontentarea">Latest Release</a></li>
<li><a href="tabs/external2.htm" rel="ajaxcontentarea">Problems?</a></li>
</ul>

<div id="ajaxcontentarea" class="contentstyle">

    <strong>About</strong>
    ZenCMS is the product of a very bored teenage on his 3 month break from college. In my spare time, I am writing this CMS as a way to pass the time, but also to see how far I can push myself creatively and also how much coding knowledge I actually have.



</div>

<script type="text/javascript">
//Start Ajax tabs script for UL with id="maintab" Separate multiple ids each with a comma.
startajaxtabs("maintab")
</script>
    


</div>









</body>
</html>

Page:
http://zenax.x10hosting.com

They must be created, as I use the session function to call the username once they have logged in, sos urely they ar ebeing created???
 
Last edited:
lambada

lambada

New Member
Messages
2,444
Reaction score
0
Points
0
You're putting the session information in in the same page you're calling it.

As I understand sessions the inserted information is only available form the next time the browser calls a page.

I.E.

try displaying the form, redirect them to whatever page where you insert the Sessions, then redirect them back to the page with the content.
That's why on something like vBulletin when you login you get directed to a page with thanks for logging in before begin redirected back to the index.

EDIT:
To make it a bit clearer:
PHP: 
            if ($_SESSION['username'] = 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
            
            echo 'Welcome '. $_SESSION['username'] .'. You are now logged in!';
            echo '<br />';
            echo '<a href="logout.php">Logout</a>';
That part will work only upon the next call of the script.

Index with login form ->Login processing -> index page with admin link
That code can't be on the login processing page.
 
Last edited:
t2t2t

t2t2t

New Member
Messages
690
Reaction score
0
Points
0
Umm...
PHP: 
            if ($_SESSION['username'] = 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
            
            echo 'Welcome '. $_SESSION['username'] .'. You are now logged in!';
            echo '<br />';
            echo '<a href="logout.php">Logout</a>';
Maybe you ment:
PHP: 
             if ($_SESSION['username'] == 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
 
Last edited:
lambada

lambada

New Member
Messages
2,444
Reaction score
0
Points
0
t2t2t the code makes sense:
PHP: 
        if ($count == 1) {
            
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
        
            if ($_SESSION['username'] = 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
            
            echo 'Welcome '. $_SESSION['username'] .'. You are now logged in!';
            echo '<br />';
            echo '<a href="logout.php">Logout</a>';
            

            
        }
means if a row was returned assign the variables. If the user is also an admin the print the link to admin panel, for everyone who has logged in then print the logout link.

As they both use sessions set on the page they cannot be used until a refresh - hence using a redirect method I suggested.
 
Last edited:
t2t2t

t2t2t

New Member
Messages
690
Reaction score
0
Points
0
= is set to
== if equals
note the difference?
 
lambada

lambada

New Member
Messages
2,444
Reaction score
0
Points
0
Woops, I see what you meant now.

My mistake - I was still focussing on the main problem when you posted.
 
Zenax

Zenax

Active Member
Messages
1,377
Reaction score
4
Points
38
So basically have something redirects to a login success page, then have it re-direct back to the index again upon login!

Shall change code. I am building the site based on the CMS I am writing. Thanks for the help now, I shall change it now.

EDIT: now I am slightly confused as to what I am supposed to do!


I have the login thing stored in the login.php but then how do I get it call the sessions on the main page, as I still want to use something along the lines of this:

PHP: 
        if ($count == 1) {
            
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
        
            if ($_SESSION['username'] = 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
            
            echo 'Welcome '. $_SESSION['username'] .'. You are now logged in!';
            echo '<br />';
            echo '<a href="logout.php">Logout</a>';
            

            
        }


in the main page to determine whether or not they are logged in. Perhaps you could help me out again!?!?

EDIT 2:
I think I just buggered the whole sessions thing up. Now when you go to the ap, it lets you in, thinking the session is valid, even after you have ran the logout.php script. I am thinking I am going to have to re-write the code so that it fits in with the website.

P.S If you want me to, I shall post all the code to the different pages

 
Last edited:
Bryon

Bryon

I Fix Things
Messages
8,149
Reaction score
101
Points
48
I was bored so.. I felt like helping out.

I moved the login stuff to a new, separIate file to keep it 'clean' somewhat. I cleaned up everything and added a little to it.

Login.php:
PHP: 
<?php
session_start();

   // Require once the DB script
   require_once 'connect_db.php';

   if ($_POST['loginSubmit']) {
      // You *always!* need to validate user-supplied data when using it in MySQL queries!!
      // This isn't 100% secure, but it's definitely better than having nothing and being vulnerable to SQL injection.
      if(get_magic_quotes_gpc()) {
         if(ini_get('magic_quotes_sybase')) {
             $username = str_replace("''", "'", $_POST['username']);
             $password = str_replace("''", "'", $_POST['password']);
         } else {
             $username = stripslashes($_POST['username']);
             $password = stripslashes($_POST['password']);
         }
      } else {
          $username = $_POST['username'];
          $password = $_POST['password'];
      }
      $username = mysql_real_escape_string($username);
      $password = mysql_real_escape_string($password);
      
      $check = mysql_query("SELECT * FROM `users` WHERE `users` = '$username' and `password` = '$password' LIMIT 1");
      
      // Counting the table row
      // If the result is matched then $username, $password must be row 1
      $count = @mysql_num_rows($check);
      
      // Logged in!
      if ($count == (int) 1) {
         $_SESSION['site_username'] = $username;
         $_SESSION['site_password'] = $password;
         if (strtolower($_SESSION['site_username']) == 'admin') {
            echo '<a href="ap">Admin Panel</a> <br />';
         }
         
         echo 'Welcome '. $_SESSION['site_username'] .'. You are now logged in!<br />';
         echo '<a href="logout.php">Logout</a>';
         $_GET['do'] = 'manualUnset';
         // Do whatever ?
      }
      else {
         echo 'Error: Wrong username or password specified. <br />';
      }
   }

   // If $_GET['do'] is set to 'manualUnset', do not show login form, user already logged in.
   switch ($_GET['do']) {
      case 'manualUnset':
         break;
      default:
?>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <table width="90%" border="0" cellspacing="0" cellpadding="5">
     <tr>
      <td>Username:</td>
      <td>Password:</td>
     </tr>
     <tr>
      <td><input type="text" name="username" /></td>
      <td><input type="password" name="password" /> &nbsp; <input name="loginSubmit" type="submit" value="Login" class="button" /></td>
     </tr>
    </table>
    </form>
<?php
      break;
   }
?>

Other File:
PHP: 
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <title>ZenCMS</title>
  <link rel="stylesheet" href="style.css" type="text/css" />
  <script type="text/javascript" src="tabs/ajaxtabs/ajaxtabs.js">
   /***********************************************
   * Ajax Tabs Content script- © Dynamic Drive DHTML code library (www.dynamicdrive.com)
   * This notice MUST stay intact for legal use
   * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code
   ***********************************************/
  </script>
 </head>
 <body>

  <div class="topBar">
   <div class="logo"><img src="img/logo.jpg" width="400" height="100" alt="ZenCMS" /></div>
   <div class="form">
   <div class="formContent">
<?php

   // Require once the DB script
   require_once 'connect_db.php';

   // If user is logged in, show message stating that. If not, display login box.
   if ($_SESSION['site_username']) {
      echo 'Welcome '. $_SESSION['site_username'];
      echo '<br />';
      if (strtolower($_SESSION['site_username']) == 'admin') {
         echo '<a href="ap">Admin Panel</a> <br />';
      }
      echo '<a href="logout.php">Logout</a>';
   }
   else {
?>
    <form action="login.php" method="post">
    <table width="90%" border="0" cellspacing="0" cellpadding="5">
     <tr>
      <td>Username:</td>
      <td>Password:</td>
     </tr>
     <tr>
      <td><input type="text" name="username" /></td>
      <td><input type="password" name="password" /> &nbsp; <input name="loginSubmit" type="submit" value="Login" class="button" /></td>
     </tr>
    </table>
    </form>
<?php
   }
?>
   </div>
  </div>


  <div class="rightCol">
   <div class="title">Website News</div>
   <div class="info">
    <i>New Template - 04 July 2007</i><br />
    I have created a brand new template. The reason behind this is so that I can sort things out witha  dodgy phpBB 3 installation I had once, and also continue writing my own CMS. This template is based on partly things I have written so far. The login feature at the top of the page is curently based on the membership feature that is based within the CMS.<br /><br />
    I am in the process of writing the rest of the CMS and you can find out information on this CMS by visiting the relevant pages behind it!<br /><br />
    If you have any problems, then please do not hesitate to contact me by visting the contact page!<br /><br />
    Regards,<br />
    ZenCMS Admin
   </div>
  </div>
  <script type="text/javascript" src="http://x10hosting.com/adserve.js?advanced"></script>
  <div class="navTop">12435</div>
  <div class="topBoxes">
   <ul id="maintab" class="shadetabs">
    <li class="selected"><a href="#default" rel="ajaxcontentarea">About</a></li>
    <li><a href="tabs/external.htm" rel="ajaxcontentarea">Latest Release</a></li>
    <li><a href="tabs/external2.htm" rel="ajaxcontentarea">Problems?</a></li>
   </ul>
  <div id="ajaxcontentarea" class="contentstyle"><strong>About</strong> ZenCMS is the product of a very bored teenage on his 3 month break from college. In my spare time, I am writing this CMS as a way to pass the time, but also to see how far I can push myself creatively and also how much coding knowledge I actually have.</div>
  <script type="text/javascript">
   // Start Ajax tabs script for UL with id="maintab" Separate multiple ids each with a comma.
   startajaxtabs("maintab")
  </script>
 </body>
</html>

Lambada (And anyone else): The 'super-global' session array ($_SESSION) is available to view/user/alter/modify/etc anywhere at anytime throughout the script's execution. Any 'changes' that take place 'to it' happen right away, there is no need to refresh/reload the page in order for the changes to 'take affect.' Maybe you have $_SESSION confused with cookies? (Which aren't available until the next page is loaded)
 
Last edited:
Zenax

Zenax

Active Member
Messages
1,377
Reaction score
4
Points
38
It all works now! Thanks very much Bryon, that has been very helpful!

P.S Is there anyway to create a delayed re-direct in PHP????
 
Last edited:
t2t2t

t2t2t

New Member
Messages
690
Reaction score
0
Points
0
PHP: 
header('Refresh: 2; url=index.php'); // Sends user to index.php after 2 seconds
Must be entered before ANY content.
 
C

CascadesAdmin

New Member
Messages
87
Reaction score
0
Points
0
you might want to try this for the connect_db.php

PHP: 
<?
 ob_start();
require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php');
 
Zenax

Zenax

Active Member
Messages
1,377
Reaction score
4
Points
38
@CascadesAdmin - Why would I want to do this?? Is it to make the script more secure or something?
Edit:
Oh and btw, the session for the admin aint being recognised and the username Admin is the only one in the database. You cannot log in without anything else.

login.php
PHP: 
<?php
header('Refresh: 5; url=index.php'); // Sends user to index.php after 5 seconds  
session_start();

   // Require once the DB script
   require_once 'connect_db.php';

   if ($_POST['loginSubmit']) {
      // You *always!* need to validate user-supplied data when using it in MySQL queries!!
      // This isn't 100% secure, but it's definitely better than having nothing and being vulnerable to SQL injection.
      if(get_magic_quotes_gpc()) {
         if(ini_get('magic_quotes_sybase')) {
             $username = str_replace("''", "'", $_POST['username']);
             $password = str_replace("''", "'", $_POST['password']);
         } else {
             $username = stripslashes($_POST['username']);
             $password = stripslashes($_POST['password']);
         }
      } else {
          $username = $_POST['username'];
          $password = $_POST['password'];
      }
      $username = mysql_real_escape_string($username);
      $password = mysql_real_escape_string($password);
      
      $check = mysql_query("SELECT * FROM `users` WHERE `users` = '$username' and `password` = '$password' LIMIT 1");
      
      // Counting the table row
      // If the result is matched then $username, $password must be row 1
      $count = @mysql_num_rows($check);
      
      // Logged in!
      if ($count == (int) 1) {
         $_SESSION['site_username'] = $username;
         $_SESSION['site_password'] = $password;
         
         echo '<div align="center">Welcome '. $_SESSION['site_username'] .'. You are now logged in!<br />You are going to be re-directed in 5 seconds. <br /><a href="index.php">Click Here if your browser does not support re-directs!</a></div>';

         $_GET['do'] = 'manualUnset';
         // Do whatever ?
      }
      else {
         echo 'Error: Wrong username or password specified. <br />';
      }
   }

   // If $_GET['do'] is set to 'manualUnset', do not show login form, user already logged in.
   switch ($_GET['do']) {
      case 'manualUnset':
         break;
      default:
?>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <table width="90%" border="0" cellspacing="0" cellpadding="5">
     <tr>
      <td>Username:</td>
      <td>Password:</td>
     </tr>
     <tr>
      <td><input type="text" name="username" /></td>
      <td><input type="password" name="password" /> &nbsp; <input name="loginSubmit" type="submit" value="Login" class="button" /></td>
     </tr>
    </table>
    </form>
<?php
      break;
   }
?>

index.php
PHP: 
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <title>ZenCMS</title>
  <link rel="stylesheet" href="style.css" type="text/css" />

 </head>
 <body>

  <div class="topBar">
   <div class="logo"><img src="img/logo.jpg" width="400" height="100" alt="ZenCMS" /></div>
   <div class="form">
   <div class="formContent">
<?php

   // Require once the DB script
   require_once 'connect_db.php';

   // If user is logged in, show message stating that. If not, display login box.
   if ($_SESSION['site_username']) {
      echo 'Welcome '. $_SESSION['site_username'];
      echo '<br />';
      if (strtolower($_SESSION['site_username']) == 'Admin') {
         echo '<a href="ap">Admin Panel</a> <br />';
      }
      echo '<a href="logout.php">Logout</a>';
   }
   else {
?>
    <form action="login.php" method="post">
    <table width="90%" border="0" cellspacing="0" cellpadding="5">
     <tr>
      <td>Username:</td>
      <td>Password:</td>
     </tr>
     <tr>
      <td><input type="text" name="username" /></td>
      <td><input type="password" name="password" /> &nbsp; <input name="loginSubmit" type="submit" value="Login" class="button" /> </td>
     </tr>
    </table>
    <a href="register.php">Register!</a>
    </form>
<?php
   }
?>
   </div>
  </div>
 </div>


  <div class="rightCol">
   
   <div class="part1">
        <div class="title">
   
            Navigation        
        
        </div>
   
           <div class="info">

            <a href="index.php">Home</a>                <br />
            <a href="Downloads">Downloads</a>            <br />
            <a href="Contact">Contact Me</a>            <br />
            <a href="latest.php">Latest Release</a>     <br />

   </div>
   
       <div class="title">
           Latest Downloads
    </div>
    
    <div class="info">
    
    There are currently no latest downloads available!
    
    </div>
   
   
   
   </div>
   

   
   <div class="part2">
   
       <div class="title">
    
    Affiliates
    
    </div>
   
       <div class="info">
    
        <script type="text/javascript" src="http://x10hosting.com/adserve.js?advanced"></script>
    
    </div>
   
   
   <div class="title">
   
       Latest Members
   
   </div>
   
   <div class="info">
   
       There are currently no latest members!
   
   </div>
   
   
   </div>
   
  </div>
 
    <div class="navTop">
  
          12435
        
    </div>



<div class="content">


</div>




 </body>
</html>

So why is it not displaying the admin panel link if that is the only username there and they match! you can test for yoursleves!

http://zenax.x10hosting.com

login in with Admin as username and admin as password.

Try anything else and it wont work!
 
Last edited:
You must log in or register to reply here.
Top