Hi again,
I'm still trying to understand sessions, and have made some progress
during the afternoon, thanks to Ernest E. Vogelsinger. I'm at the moment
trying to get a login-script up and running, but without 100 percent success.
The script is split up in two major parts: bilder.php, which is the main
script, and accesscontrol.php, which should check wether a valid username
and password are entered or is already entered.
The first time bilder.php is run, everything works fine.
accesscontrol.php gets called, and since I've not logged in, a log in-form
is displayed. I enter a valid username and password, which is checked in a
MySQL-table and get the green light.
But then the scripts forget that I've already logged in, and presents the
log in-form over and over again.
Since I'm new to this list, I'm not sure how big source code snippets
that are needed and allowed to post. This time I make a rather long
posting. If not ok, please let me know.
bilder.php:
<?php
# bilder.php
include ("db_functions.php");
include ("html_functions.php");
include ("accesscontrol.php");
include ("bilder_functions.php");
session_start();
define ("INITIAL_PAGE", 0);
define ("LOGOUT", 1);
# start
$title = "bilder";
$header = " ";
html_begin ($title, $header);
# if $action is empty, show the start page
if (empty($action))
$action = INITIAL_PAGE;
if(isset($_REQUEST["action"])) {
$action = $_REQUEST["action"];
}
# examine $action
switch ($action)
{
case INITIAL_PAGE:
accesscontrol();
menu();
break;
case LOGOUT:
accesscontrol();
logout();
break;
default:
die("Unknown action: $action");
}
html_end();
?>
<*** bilder.php ends here ***>
accesscontrol.php
<?php
function accesscontrol() {
# accesscontrol.php - include-file to control that user is logged in
session_start();
# check if either $_POST['uid'] or $_SESSION['uid'] is set
if(!isset($_POST['uid']) OR !isset($_SESSION['uid'])) {
$title = "log in";
$header = " ";
html_begin ($title, $header);
?>
<H2>You are not logged in.</H2>
<p> To see the pictures you need a username and a password. If you don't
have these, send a <A HREF="mailto:[EMAIL PROTECTED]";>mail</A>. </p>
<p> <FORM METHOD="POST" ACTION="<?=$_SERVER['PHP_SELF']?>">
<TABLE>
<TR>
<TD>Name:</TD>
<TD><input name=uid type=text maxlength=20 size=15></TD>
</TR>
<TR>
<TD>Password: </TD>
<TD><input name=pwd type=password maxlength=10 size=15></TD>
</TR>
<TR>
<TD></TD>
<TD><input type=submit name=skicka value=" OK "> <input type=reset
value="Clear"></TD>
</TR>
</TABLE>
</FORM>
</p>
<?php
html_end();
exit;
}
# if either $_POST['uid'] or $_SESSION['uid'] is set, here is where one end up
$_SESSION['uid'] = $_POST['uid'];
$_SESSION['pwd'] = $_POST['pwd'];
$uid = $_SESSION['uid'];
$pwd = $_SESSION['pwd'];
# db_connect is my own function to connect to my database
db_connect ("XXX", "YYY", "ZZZ");
$sql = "SELECT * FROM users WHERE userid = '$uid' AND password =
PASSWORD('$pwd')";
$result = mysql_query($sql);
if(!$result) {
error("An error occured while your username and password were processed.\\n");
}
if(mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
$title = "log in - error";
$header = " ";
html_begin ($title, $header);
?>
<H2> Log in failure! </H2>
<p> Your username or password was wrong. <A
HREF="<?=$_SERVER['PHP_SELF']?>">Try again</A>.
<?php
html_end();
exit;
}
$_SESSION['username'] = mysql_result($result,0,"fullname");
}
?>
<*** accesscontrol.php ends here ***>
My non-educated guess is that there is something wrong with the line
if(!isset($_POST['uid']) OR !isset($_SESSION['uid'])). Also, at the moment
I have a session_start(); in both files. Right or wrong?
Best regards,
Anders
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
- Re: [PHP] need help with sessions Anders Thoresson
- Re: [PHP] need help with sessions Marek Kilimajer
