terrydschmidt
asked on
Pages are not being authorized??
The following code is for authorizing use of webpages using $_SESSION and database combination. "usernm" never gets a value?? so pages are not getting authorized. Can anyone help me with this? It's driving me nuts(I know if I'm here I'm nuts already!!). Thanks!! Any suggestions for making this better would be appreciated also. I willing to add points and split points if necessary! I have this code on a test website if it will help.
****db_connect.php****
<?php
//Connect to Database
$hostname="mysql100.secure server.net :3306";
$username="GFwebsite";
$password="password";
$dbname="GFwebsite";
mysql_connect($hostname, $username, $password) OR DIE ("Could not make database connection!");
mysql_select_db($dbname);
?>
**** auth.php********
<body>
<?php
// Login & Session example
// This filename is: auth.php
// start session
session_start();
// convert username and password from _POST or _SESSION
if($_POST["usernm"]) {
$usernm=$_POST["usernm"];
$passwd=$_POST["passwd"];
echo "Step 1"."<br/>";
}
elseif($_SESSION["usernm"] ) {
$usernm=$_SESSION["usernm" ];
$passwd=$_SESSION["passwd" ];
echo "Step 2"."<br/>";
}
// start and register session variables
if(!session_register("user nm")) session_register("usernm") ;
if(!session_register("pass wd")) session_register("passwd") ;
// connect to database
include("db_connect.php");
echo "Step 3"."<br/>";
echo $usernm."<br/>";
echo $passwd."<br/>";
// query for a user/pass match
$result=mysql_query("SELEC T * from login where user ='$usernm' and passwd ='$passwd'");
// retrieve number of rows resulted
$num=mysql_num_rows($resul t);
// print login form and exit if failed.
if($num < 1) {
session_destroy();
?>
<br/><br/>
<h2> "You are not authenticated. Please login." </h2>
<form method="POST" action="nav.php" >
<table>
<tr>
<td align="center">Username: <input type="text" name=\"usernm\" /></td>
</tr>
<tr>
<td align="center">Password: <input type="password" name=\"passwd\" /> </td>
</tr>
<tr>
<td align="center"><input type="submit" value="Submit"> </td>
</tr>
</table>
</form>
<?php
exit;
}
else {
//if successful login, set the session variables
$_SESSION["usernm"] = $usernm;
$_SESSION["passwd"] = $passwd;
}
?>
<br /><br />
</body>
</html>
****home.php******
<body>
<?php
// Login & Session example
// This filename is: home.php
// include auth and nav
include("auth.php");
// begin content
include("nav.php");
?>
<table width="200" border="0">
<tr>
<td bgcolor="#008000" align="center"><span class="style1">Login Code Test</span> </td>
</tr>
<tr>
<td align="center">This is home.php</td>
</tr>
</table>
</body>
****.nav.php*******
<body>
<!--
// Login & Session example
// This filename is: nav.php
-->
<a href=home.php>Home</a> |
<a href=link_1.php>link_1</a> |
<a href=link_2.php>link_2</a> |
<a href=link_3.php>link_3</a> |
<a href=logout.php>logout</a>
<br><br>
</body>
*******link_1.php,link_2.p hp,link_3. php*******
<body>
<?
// Login & Session example
// This filename is: link_1.php
// include auth and nav
include ("auth.php");
// begin content
include ("nav.php");
?>
<table width="200" border="0">
<tr>
<td bgcolor="#008000" align="center"><span class="style1">Login Code Test</span></td>
</tr>
<tr>
<td align="center">This is Link 1.php</td>
</tr>
</table>
</body>
*******logout.php********* *
body>
<?php
// Login & Session example
// This filename is: logout.php
unset($_SESSION['username' ]);
unset($_SESSION['password' ]);
// kill session variables
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
// redirect them to anywhere you like.
// header('Location: nav.php');
?>
<form method="post" action="./nav.php" name="form1" />
<table width="200" border="0">
<tr>
<td bgcolor="#008000" align="center"><span class="style1">Login Code Test</span> </td>
</tr>
<tr>
<td align="center">You have logged out!</td>
</tr>
<tr>
<td align="center"><input type="submit" value="Home" onclick="./nav.php" /></td>
</tr>
</table>
</form>
</body>
****the end ************************** ********** ********** **
****db_connect.php****
<?php
//Connect to Database
$hostname="mysql100.secure
$username="GFwebsite";
$password="password";
$dbname="GFwebsite";
mysql_connect($hostname, $username, $password) OR DIE ("Could not make database connection!");
mysql_select_db($dbname);
?>
**** auth.php********
<body>
<?php
// Login & Session example
// This filename is: auth.php
// start session
session_start();
// convert username and password from _POST or _SESSION
if($_POST["usernm"]) {
$usernm=$_POST["usernm"];
$passwd=$_POST["passwd"];
echo "Step 1"."<br/>";
}
elseif($_SESSION["usernm"]
$usernm=$_SESSION["usernm"
$passwd=$_SESSION["passwd"
echo "Step 2"."<br/>";
}
// start and register session variables
if(!session_register("user
if(!session_register("pass
// connect to database
include("db_connect.php");
echo "Step 3"."<br/>";
echo $usernm."<br/>";
echo $passwd."<br/>";
// query for a user/pass match
$result=mysql_query("SELEC
// retrieve number of rows resulted
$num=mysql_num_rows($resul
// print login form and exit if failed.
if($num < 1) {
session_destroy();
?>
<br/><br/>
<h2> "You are not authenticated. Please login." </h2>
<form method="POST" action="nav.php" >
<table>
<tr>
<td align="center">Username: <input type="text" name=\"usernm\" /></td>
</tr>
<tr>
<td align="center">Password: <input type="password" name=\"passwd\" /> </td>
</tr>
<tr>
<td align="center"><input type="submit" value="Submit"> </td>
</tr>
</table>
</form>
<?php
exit;
}
else {
//if successful login, set the session variables
$_SESSION["usernm"] = $usernm;
$_SESSION["passwd"] = $passwd;
}
?>
<br /><br />
</body>
</html>
****home.php******
<body>
<?php
// Login & Session example
// This filename is: home.php
// include auth and nav
include("auth.php");
// begin content
include("nav.php");
?>
<table width="200" border="0">
<tr>
<td bgcolor="#008000" align="center"><span class="style1">Login Code Test</span> </td>
</tr>
<tr>
<td align="center">This is home.php</td>
</tr>
</table>
</body>
****.nav.php*******
<body>
<!--
// Login & Session example
// This filename is: nav.php
-->
<a href=home.php>Home</a> |
<a href=link_1.php>link_1</a>
<a href=link_2.php>link_2</a>
<a href=link_3.php>link_3</a>
<a href=logout.php>logout</a>
<br><br>
</body>
*******link_1.php,link_2.p
<body>
<?
// Login & Session example
// This filename is: link_1.php
// include auth and nav
include ("auth.php");
// begin content
include ("nav.php");
?>
<table width="200" border="0">
<tr>
<td bgcolor="#008000" align="center"><span class="style1">Login Code Test</span></td>
</tr>
<tr>
<td align="center">This is Link 1.php</td>
</tr>
</table>
</body>
*******logout.php*********
body>
<?php
// Login & Session example
// This filename is: logout.php
unset($_SESSION['username'
unset($_SESSION['password'
// kill session variables
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
// redirect them to anywhere you like.
// header('Location: nav.php');
?>
<form method="post" action="./nav.php" name="form1" />
<table width="200" border="0">
<tr>
<td bgcolor="#008000" align="center"><span class="style1">Login Code Test</span> </td>
</tr>
<tr>
<td align="center">You have logged out!</td>
</tr>
<tr>
<td align="center"><input type="submit" value="Home" onclick="./nav.php" /></td>
</tr>
</table>
</form>
</body>
****the end **************************
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Sorry - ted is correct - try starting the session at the very start of the page - before any includes etc
ASKER
This is the exact code from auth.php there is no executable code above start session.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Authorization</titl e>
</head>
<body>
<?php
// Login & Session example
// This filename is: auth.php
// start session
session_start();
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Authorization</titl
</head>
<body>
<?php
// Login & Session example
// This filename is: auth.php
// start session
session_start();
Have you tried my suggestion? Place the "session_start()" statement BEFORE any HTML output, e.g., before the DOCTYPE declaration.
ASKER
Home.php, link_1.php, link_2.php, link_3.php should all start at session if they are the first webpage gone to. Correct? Login in happens at the end of auth.php and creates session ids. If I am wrong please explain so I understand what I am doing wrong here? Thanks again for any help!
ASKER
I tried it and it didn't help.
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Authorization</titl e>
</head>
<body>
<?php
// Login & Session example
// This filename is: auth.php
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Authorization</titl
</head>
<body>
<?php
// Login & Session example
// This filename is: auth.php
ASKER
what would the login in page do beside check database for username in database and correct password?
ASKER
What should I do here (is action = "nav.php" the right thing to do or should I be posting auth.php so I create a session):
<form method="POST" action="nav.php" >
<table>
<tr>
<td align="center">Username: <input type="text" name=\"usernm\" /></td>
</tr>
<tr>
<td align="center">Password: <input type="password" name=\"passwd\" /> </td>
</tr>
<tr>
<td align="center"><input type="submit" value="Submit"> </td>
</tr>
</table>
</form>
<form method="POST" action="nav.php" >
<table>
<tr>
<td align="center">Username: <input type="text" name=\"usernm\" /></td>
</tr>
<tr>
<td align="center">Password: <input type="password" name=\"passwd\" /> </td>
</tr>
<tr>
<td align="center"><input type="submit" value="Submit"> </td>
</tr>
</table>
</form>
i haven't been tracking too closely... but i think everyone has correctly identified that you need session_start(); at the absolute top of the page (prior to any output to the user)..
also:
if($_POST["usernm"]) {
$usernm=$_POST["usernm"];
$passwd=$_POST["passwd"];
echo "Step 1"."<br/>";
}
elseif($_SESSION["usernm"] ) {
$usernm=$_SESSION["usernm" ];
$passwd=$_SESSION["passwd" ];
echo "Step 2"."<br/>";
}
is bad logic.
if(isset($_POST["usernm"]) ) {
$usernm=$_POST["usernm"];
$passwd=$_POST["passwd"];
echo "Step 1"."<br/>";
}
elseif(isset($_SESSION["us ernm"])) {
$usernm=$_SESSION["usernm" ];
$passwd=$_SESSION["passwd" ];
echo "Step 2"."<br/>";
}
is good logic...
because it really looks like $_SESSION['usernm'] and $_POST['usernm'] are not meant to be booleans.
also, you don't need to use, and YOU *SHOULD NOT* use session_register();
if(!session_register("user nm")) session_register("usernm") ;
if(!session_register("pass wd")) session_register("passwd") ;
session_register overwrites the variable $usermn with $_SESSION['usernm'];
and similarly for passwd. it's outdated code from the days of register globals.
also:
if($_POST["usernm"]) {
$usernm=$_POST["usernm"];
$passwd=$_POST["passwd"];
echo "Step 1"."<br/>";
}
elseif($_SESSION["usernm"]
$usernm=$_SESSION["usernm"
$passwd=$_SESSION["passwd"
echo "Step 2"."<br/>";
}
is bad logic.
if(isset($_POST["usernm"])
$usernm=$_POST["usernm"];
$passwd=$_POST["passwd"];
echo "Step 1"."<br/>";
}
elseif(isset($_SESSION["us
$usernm=$_SESSION["usernm"
$passwd=$_SESSION["passwd"
echo "Step 2"."<br/>";
}
is good logic...
because it really looks like $_SESSION['usernm'] and $_POST['usernm'] are not meant to be booleans.
also, you don't need to use, and YOU *SHOULD NOT* use session_register();
if(!session_register("user
if(!session_register("pass
session_register overwrites the variable $usermn with $_SESSION['usernm'];
and similarly for passwd. it's outdated code from the days of register globals.
ASKER
What should I replace this code with?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
This is my logout which is suppose to kill the session but my session keeps getting recreated because isset($_SESSION["usernm"] is testing true so then it database is doing a compare and comes back happy so the session is recreated.
How do I do a GOOD logout?
<?php
// Login & Session example
// This filename is: logout.php
if(isset($_SESSION["usernm "])) {
unset($_SESSION['usernm']) ;
unset($_SESSION['passwd']) ;
}
// kill session variables
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
// redirect them to anywhere you like.
// header('Location: nav.php');
?>
How do I do a GOOD logout?
<?php
// Login & Session example
// This filename is: logout.php
if(isset($_SESSION["usernm
unset($_SESSION['usernm'])
unset($_SESSION['passwd'])
}
// kill session variables
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
// redirect them to anywhere you like.
// header('Location: nav.php');
?>
ASKER
I am using this which seems to work.
<?php
// Login & Session example
// This filename is: logout.php
if(isset($_SESSION["usernm "])) {
unset($_SESSION['usernm']) ;
unset($_SESSION['passwd']) ;
}
// kill session variables
session_start();
$_SESSION = array();
session_destroy();
?>
<?php
// Login & Session example
// This filename is: logout.php
if(isset($_SESSION["usernm
unset($_SESSION['usernm'])
unset($_SESSION['passwd'])
}
// kill session variables
session_start();
$_SESSION = array();
session_destroy();
?>
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
This may sound silly - but do you have a login page?
It seems that auth.php checks if it has had username posted to it - or if they are already set in the session - but I have gone through your code and nothing sets the session usernm except for auth.php and nothing posts to auth.php - because of this it is not being set