zero-perfoliate
zero-perfoliate
« previous next »
Pages: [1]   Go Down

Author Topic: Help with session issue  (Read 299 times)

Offline fxuup

  • New PHP Members
  • Posts: 1
  • Karma: +0/-0
Help with session issue
« on: October 07, 2011, 11:47:38 AM »
Alright well im fairly new with html, php and mysql. My issue is i have a login and it works fine i have two seperate pages members and admin. So when a member logs in they get redirected to member after and thats the same for admin. I have made sure the member cannot veiw the admins section. but not in my header i have Login/Register but i want it to disappear when a user logs in and to display Welcome, (than the username). But when

Heres the login page for the form action of login
Login.php (action)
Quote
Code: [Select]
<?php
include_once 'Connect/db.php';
$table "users";
 
$username $_POST['username'];
$password $_POST['password'];

$sql "SELECT * FROM $table WHERE username='$username' and password='$password' and level='student'";
$result mysql_query($sql);
$count mysql_num_rows($result);

$admin "SELECT * FROM $table WHERE username='$username' and password='$password' and level='teacher' and admin='1'";
$result2 mysql_query($admin);
$count2 mysql_num_rows($result2);

if($count==1) {

 SESSION_REGISTER("username"); 
 SESSION_REGISTER("password");
 SESSION_REGISTER("level");
 header("location:members.php");
 }
elseif($count2) {

 SESSION_REGISTER("username"); 
 SESSION_REGISTER("password");
 SESSION_REGISTER("level");
 SESSION_REGISTER("admin");
 header("location:admin.php");
 }


else
{
 echo "Username or Password dont match";
}

?>


header
Quote
Code: [Select]
<?php
session_start();
?>

<table border="0" align="right">
<tr>
<td>
<? if(!session_is_registered("username")){
echo "<a href='http://projectinformation.comuf.com/login.html'>Login</a>/<a href='http://projectinformation.comuf.com/Register.html'>Register</a>";
}elseif($_session['username']){
echo "Welcome,". $_SESSION['username'];
}?>
</td>
</tr>
</table>

<script language="javascript">




if (document.images) {
rollon = new Image();
rollon.src = "http://projectinformation.comuf.com/MP/menuus2.GIF";




rolloff = new Image();
rolloff.src = "http://projectinformation.comuf.com/MP/menuus.GIF";




roll2on = new Image();
roll2on.src = "http://projectinformation.comuf.com/MP/menuwh2.GIF";




roll2off = new Image();
roll2off.src = "http://projectinformation.comuf.com/MP/menuwh.GIF";
}




function imgOn(imgName) {




if (document.images) {
document[imgName].src = eval(imgName + "on.src");
}
}








function imgOff(imgName) {
if (document.images) {
document[imgName].src = eval(imgName + "off.src");
}
}




</script>
</head>




<div align="center">
<img src="http://projectinformation.comuf.com/projectinformation.GIF">
</div>
<hr width="100% size="3" noshade/>

<table border="1" align="center" bordercolor="#000000" cellpadding="2" cellspacing="2" width="5%" height="5">
<tr>
<td><a href="http://projectinformation.comuf.com/ushistory/ushistory.html" onMouseOver="imgOn('roll')" onMouseOut="imgOff('roll')"><img src="http://projectinformation.comuf.com/MP/menuus2.GIF" border="0" name="roll"></a><br></td>
<td><a href="World History/world history.html" onMouseover="imgOn('roll2')" onmouseOut="imgOff('roll2')"><img src="http://projectinformation.comuf.com/MP/menuwh.GIF" border="0" name="roll2"></a></td>
</tr>
</table>
<hr width="100% size="3" noshade/>


Members Page
Quote
Code: [Select]
<?php
session_start(); 
$_SESSION['username'];
if(!session_is_registered(username)){
header("location:login.html");
}
include_once'Connect/db.php'


?>

<html>
<head>
<title>Project Information - Login</title>

</head>

<body bgcolor="808080">

<?php
$a file_get_contents("http://projectinformation.comuf.com/include/header.php");
echo ($a);
?>


<table border="1" align="center" cellspacing="2" cellpadding="2">
<tr>
<td>Welcome to Project Information,  <a href="logout.php"> Logout</a> </td>
</tr>


<table border="0" align="center">
<?php
$b file_get_contents("http://projectinformation.comuf.com/include/copy.php");
echo ($b);
?>
</table>

</body>
</html>
« Last Edit: October 07, 2011, 11:54:21 AM by fxuup »
Logged

Offline Andrei

  • Administrator
  • PHP Workers
  • *****
  • Posts: 11
  • Karma: +0/-0
Re: Help with session issue
« Reply #1 on: October 16, 2011, 01:10:21 AM »

  Instead of using session_register and session_is_register it is recommended to use the $_SESSION array directly as session_register functions family will be removed in the future.

so instead of

 
Code: [Select]
SESSION_REGISTER("username");
you'll have

 
Code: [Select]
$_SESSION['username'] = $username;
and instead of

 
Code: [Select]
session_is_registered('username')
you'll have

Code: [Select]
isset($_SESSION['username'])
Also on logout you should clear the username like this

Code: [Select]
unset($_SESSION['username']);
And a security issue I saw with your code, you should escape the variables passed to mysql that are received directly from the user's browser to avoid sql injection.
the code

 
Code: [Select]
$sql = "SELECT * FROM $table WHERE username='$username' and password='$password' and level='student'";
should be

 
Code: [Select]
$sql = "SELECT * FROM $table WHERE username='".mysql_real_escape_string($username)."' and password='".mysql_real_escape_string($password)."' and level='student'";
 to avoid getting funny code in $_POST['username'] and $_POST['password'] transmitted to mysql as sql commands.
Logged
Pages: [1]   Go Up
« previous next »
 

zero-perfoliate