session_start();
// If no session is started
if ($_SESSION['user'] == "")
{
// Try to register the session user name and password
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
}
// If a user name is registered
if ($_SESSION['user'] != "" && string_isvalid($_SESSION['user']))
{
$cid = db_open();
// Retrieve the user info
$query = "SELECT id, password, status, timezone FROM users WHERE username = \"" . $_SESSION['user'] . "\"";
$result = db_query($cid, $query);
$row = db_fetch_row($result);
$userid = $row[0];
$password = $row[1];
$status = $row[2];
$timezone = $row[3];
// If the password does not match
if ($_SESSION['pass'] != $password)
{
// Reset the session user and password
$_SESSION['user'] = "";
$_SESSION['pass'] = "";
}
else
{
// Add the user status and timezone to the session info
$_SESSION['userid'] = $userid;
$_SESSION['status'] = $status;
$_SESSION['timezone'] = $timezone;
}
db_close($cid);
}
else
{
// Reset the session user and password
$_SESSION['user'] = "";
$_SESSION['pass'] = "";
}
// If no user is logged in
if ($_SESSION['user'] == "")
{
// Set default user options
$_SESSION['status'] = STATUS_GUEST;
$_SESSION['timezone'] = SERVER_TIME_ZONE;
}
PHP login script - Help needed
Author
I made a simple login script for my PHP website, and there seems to be a problem. If I enter the user and pass straight away, it works, it logins. If I enter it wrong, it doesnt login... But if I enter it wrong, then even if I enter it right after, nothing works.
The string_isvalid() function just verifies that the string is alphanumerical. My db functions are just wrappers for the mysql functions, and I know they work correctly.
I dont know what the problem is but to help discover the bug I would output the values for $_POST['user'] and $_SESSION['user'] after session_start(). Perhaps they do not have the expected values?
Author
Well, I got things to work better by using PHP's isset() and unset() functions... But it still behaves oddly. When I login, I can click a link (to go to another page), and it will stay logged in, and I can click a second link... But when I follow a third link, the damn thing logs me off!
This is quite annoying, and I'm beggining to dislike all the lame quirks of PHP.
My modified login script:
This is quite annoying, and I'm beggining to dislike all the lame quirks of PHP.
My modified login script:
Quote:
// If no session is started and a login was posted
if (!isset($_SESSION['user']) && isset($_POST['user']) && $_POST['user'] != "" && string_isvalid($_POST['user']))
{
// Register the session user name and password
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
}
// If a user name is registered
if (isset($_SESSION['user']))
{
$cid = db_open();
// Retrieve the user info
$query = "SELECT id, password, status, timezone FROM users WHERE username = \"" . $_SESSION['user'] . "\"";
$result = db_query($cid, $query);
$row = db_fetch_row($result);
$userid = $row[0];
$password = $row[1];
$status = $row[2];
$timezone = $row[3];
// If the password does not match
if ($_SESSION['pass'] != $password)
{
// Reset the session user and password
unset($_SESSION['user']);
unset($_SESSION['pass']);
}
else
{
// Add the user status and timezone to the session info
$_SESSION['userid'] = $userid;
$_SESSION['status'] = $status;
$_SESSION['timezone'] = $timezone;
}
db_close($cid);
}
// If no user is logged in
if (!isset($_SESSION['user']))
{
// Set default user options
$_SESSION['userid'] = -1;
$_SESSION['status'] = STATUS_GUEST;
$_SESSION['timezone'] = SERVER_TIME_ZONE;
}
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
