Link to home
Create AccountLog in
Avatar of terrydschmidt
terrydschmidt

asked on

Pages are not being authorized??

The following code is for authorizing use of webpages using $_SESSION and database combination.  "usernm" never gets a value?? so pages are not getting authorized.  Can anyone help me with this?  It's driving me nuts(I know if I'm here I'm nuts already!!).  Thanks!!  Any suggestions for making this better would be appreciated also.  I willing to add points and split points if necessary!  I have this code on a test website if it will help.

****db_connect.php****
<?php

//Connect to Database
$hostname="mysql100.secureserver.net:3306";
$username="GFwebsite";
$password="password";
$dbname="GFwebsite";

mysql_connect($hostname, $username, $password) OR DIE ("Could not make database connection!");
mysql_select_db($dbname);
?>

**** auth.php********
<body>
<?php

// Login & Session example
// This filename is: auth.php

// start session
   session_start();

// convert username and password from _POST or _SESSION
if($_POST["usernm"]) {
  $usernm=$_POST["usernm"];
  $passwd=$_POST["passwd"];
  echo "Step 1"."<br/>";
}
elseif($_SESSION["usernm"]) {
  $usernm=$_SESSION["usernm"];
  $passwd=$_SESSION["passwd"];
  echo "Step 2"."<br/>";
}

// start and register session variables
if(!session_register("usernm")) session_register("usernm");
if(!session_register("passwd")) session_register("passwd");

// connect to database
   include("db_connect.php");

echo "Step 3"."<br/>";  
echo $usernm."<br/>";
echo $passwd."<br/>";

// query for a user/pass match
$result=mysql_query("SELECT * from login where user ='$usernm' and passwd ='$passwd'");

// retrieve number of rows resulted
$num=mysql_num_rows($result);

// print login form and exit if failed.
if($num < 1)  {
   session_destroy();
 
?>
<br/><br/>
<h2> "You are not authenticated.  Please login." </h2>
<form method="POST" action="nav.php" >
  <table>
       <tr>
            <td align="center">Username: <input type="text" name=\"usernm\" /></td>
       </tr>
       <tr>       
            <td align="center">Password: <input type="password" name=\"passwd\" /> </td>
      </tr>
      <tr>
            <td align="center"><input type="submit" value="Submit"> </td>
      </tr>
  </table>
  </form>
 
<?php  
  exit;
}
else {
     //if successful login, set the session variables
     $_SESSION["usernm"] = $usernm;
     $_SESSION["passwd"] = $passwd;       
}
?>
<br /><br />

</body>
</html>

****home.php******
<body>
<?php
// Login & Session example
// This filename is: home.php

// include auth and nav
   include("auth.php");

// begin content
   include("nav.php");

?>
<table width="200" border="0">
  <tr>
    <td bgcolor="#008000" align="center"><span class="style1">Login Code Test</span> </td>
  </tr>
  <tr>
    <td align="center">This is home.php</td>
  </tr>
</table>
</body>

****.nav.php*******
<body>
<!--
// Login & Session example
// This filename is: nav.php
-->
<a href=home.php>Home</a> |
<a href=link_1.php>link_1</a> |
<a href=link_2.php>link_2</a> |
<a href=link_3.php>link_3</a> |
<a href=logout.php>logout</a>

<br><br>

</body>

*******link_1.php,link_2.php,link_3.php*******
<body>
<?
// Login & Session example
// This filename is: link_1.php

// include auth and nav
include ("auth.php");

// begin content
include ("nav.php");

?>
<table width="200" border="0">
  <tr>
    <td bgcolor="#008000" align="center"><span class="style1">Login Code Test</span></td>
  </tr>
  <tr>
    <td align="center">This is Link 1.php</td>
  </tr>
</table>
</body>

*******logout.php**********
body>
<?php
// Login & Session example
// This filename is: logout.php

unset($_SESSION['username']);
unset($_SESSION['password']);
// kill session variables
$_SESSION = array(); // reset session array
session_destroy();   // destroy session.
// redirect them to anywhere you like.
// header('Location: nav.php');

?>
<form method="post" action="./nav.php" name="form1" />
<table width="200" border="0">
  <tr>
    <td bgcolor="#008000" align="center"><span class="style1">Login Code Test</span> </td>
  </tr>
  <tr>
    <td align="center">You have logged out!</td>
  </tr>
  <tr>
    <td align="center"><input type="submit" value="Home" onclick="./nav.php" /></td>
  </tr>
</table>
</form>
</body>
****the end ************************************************
ASKER CERTIFIED SOLUTION
Avatar of TedInAK
TedInAK
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Raynard7
Raynard7

Hi,

This may sound silly - but do you have a login page?

It seems that auth.php checks if it has had username posted to it - or if they are already set in the session - but I have gone through your code and nothing sets the session usernm except for auth.php and nothing posts to auth.php - because of this it is not being set
Sorry - ted is correct - try starting the session at the very start of the page - before any includes etc
Avatar of terrydschmidt

ASKER

This is the exact code from auth.php  there is no executable code above start session.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Authorization</title>
</head>

<body>
<?php

// Login & Session example
// This filename is: auth.php

// start session
   session_start();
Have you tried my suggestion?  Place the "session_start()" statement BEFORE any HTML output, e.g., before the DOCTYPE declaration.
Home.php, link_1.php, link_2.php, link_3.php should all start at session if they are the first webpage gone to.  Correct?  Login in happens at the end of auth.php and creates session ids.  If I am wrong please explain so I understand what I am doing wrong here?  Thanks again for any help!
I tried it and it didn't help.

<?php
session_start();
?>
   
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Authorization</title>
</head>

<body>
<?php

// Login & Session example
// This filename is: auth.php

what would the login in page do beside check database for username in database and correct password?
What should I do here (is action = "nav.php" the right thing to do or should I be posting auth.php so I create a session):

<form method="POST" action="nav.php" >
  <table>
       <tr>
            <td align="center">Username: <input type="text" name=\"usernm\" /></td>
       </tr>
       <tr>      
            <td align="center">Password: <input type="password" name=\"passwd\" /> </td>
      </tr>
      <tr>
            <td align="center"><input type="submit" value="Submit"> </td>
      </tr>
  </table>
  </form>
i haven't been tracking too closely... but i think everyone has correctly identified that you need session_start(); at the absolute top of the page (prior to any output to the user)..

also:

if($_POST["usernm"]) {
  $usernm=$_POST["usernm"];
  $passwd=$_POST["passwd"];
  echo "Step 1"."<br/>";
}
elseif($_SESSION["usernm"]) {
  $usernm=$_SESSION["usernm"];
  $passwd=$_SESSION["passwd"];
  echo "Step 2"."<br/>";
}

is bad logic.

if(isset($_POST["usernm"])) {
  $usernm=$_POST["usernm"];
  $passwd=$_POST["passwd"];
  echo "Step 1"."<br/>";
}
elseif(isset($_SESSION["usernm"])) {
  $usernm=$_SESSION["usernm"];
  $passwd=$_SESSION["passwd"];
  echo "Step 2"."<br/>";
}

is good logic...
because it really looks like $_SESSION['usernm'] and $_POST['usernm'] are not meant to be booleans.

also, you don't need to use, and YOU *SHOULD NOT* use session_register();
if(!session_register("usernm")) session_register("usernm");
if(!session_register("passwd")) session_register("passwd");

session_register overwrites the variable $usermn with $_SESSION['usernm'];
and similarly for passwd.  it's outdated code from the days of register globals.
What should I replace this code with?
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
This is my logout which is suppose to kill the session but my session keeps getting recreated because isset($_SESSION["usernm"] is testing true so then it database is doing a compare and comes back happy so the session is recreated.
How do I do a GOOD logout?
<?php

// Login & Session example
// This filename is: logout.php

if(isset($_SESSION["usernm"])) {
      unset($_SESSION['usernm']);
      unset($_SESSION['passwd']);
}

// kill session variables
$_SESSION = array(); // reset session array
session_destroy();   // destroy session.
// redirect them to anywhere you like.
// header('Location: nav.php');

?>
I am using this which seems to work.

<?php
// Login & Session example
// This filename is: logout.php

if(isset($_SESSION["usernm"])) {
      unset($_SESSION['usernm']);
      unset($_SESSION['passwd']);
}

// kill session variables
  session_start();
  $_SESSION = array();
  session_destroy();

?>
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.