treehouse : what would you like to learn today?
Web Design Web Development iOS Development

Forums

Illustration by Nick Sirotich

User System - Driving me mad!

  • tomwalters5678
    Permalink to comment #
    Okay, so I'm building this user management system for a client and up until a few day ago it was working perfectly. I mush have edited some code or done something because now it just ain't working! Have been looking through the code for ages now and I just can't find any errors. Can you?

    There are 3 files: login.php, userauth.php and index.php. Login.php is where the user enters their details to login, these details are then passed to userauth.php and if correct the browser is then redirected to index.php. The problem is this. When I get to the index page the session variables are cleared. I have checked at each stage and the data is present up until the index page. Now if you were wondering there is a base.php, this is just connecting to the database - and no there aren't any errors or odd code in there, but I'm not too keen on sharing my login details with you as you can imagine!

    login.php:

    <?php require(\"base.php\"); ?>
    <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
    <html xmlns=\"http://www.w3.org/1999/xhtml\">
    	<head>
    		<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
    		<title>St Ann's Church | Login</title>
    		<link href=\"styleEdit.css\" rel=\"stylesheet\" type=\"text/css\" />
    	</head>
    	<body>
    		<div id=\"wrapper\">
    			<?php if(!empty($_GET['m'])){ echo \"<a id=\\"error\\">Please enter a valid Username and Password!\t\t</a>\"; } ?>
    			<form id=\"editor\" action=\"userauth.php\" method=\"post\">
    				<label class=\"edit\" for=\"username\">Username: </label>
    				<input type=\"text\" id=\"title\" name=\"username\" />
    				<br />
    				<br />
    				<label class=\"edit\" for=\"password\">Password: </label>
    				<input type=\"password\" name=\"password\" id=\"title\" />
    				<br />
    				<br />
    				<input type=\"submit\" class=\"submit\" value=\"Enter\" />
    			</form>
    		</div>
    	</body>
    </html>


    userauth.php:

    <?php
    require(\"base.php\");
    session_start();
    session_cache_expire (15);
    $iusername= $_POST['username'];	//INPUT USERNAME
    $ipassword = md5($_POST['password']);   // INPUT PASSWORD
    $date = date(\"d-m-y\");
    if(empty($iusername) || empty($ipassword)){ echo \"<meta http-equiv=\\"refresh\\" content=\\"0;url=http://urbanmandesign.com/stanns/cms/login.php?m=1\\">\"; }
    ?>
    <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
    <html xmlns=\"http://www.w3.org/1999/xhtml\">
    	<head>
    		<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
    		<title>St Ann's Church | Login</title>
    		<link href=\"styleEdit.css\" rel=\"stylesheet\" type=\"text/css\" />
    	</head>
    	<body>
    		<?php 

    			$result = mysql_query(\"SELECT * FROM users WHERE username = '\".$iusername.\"'\");
    			$row = mysql_fetch_array($result);
    			$dbusername = $row['username'];	//DATABASE USERNAME
    			$dbpassword = $row['password']; //DATABASE PASSWORD

    			if($iusername == $dbusername && $ipassword == $dbpassword)
    			{
    				$_SESSION['loggedin'] = '1';
    				$_SESSION['username'] = $iusername;
    				$_SESSION['password'] = $ipassword;
    				$_SESSION['firstname'] = $row['firstName'];
    				if(empty($dbusername)){ echo \"<meta http-equiv=\\"refresh\\" content=\\"0;url=http://urbanmandesign.com/stanns/cms/login.php?m=1\\">\"; };
    				if($row['firstLogin'] == 0){ mysql_query(\"UPDATE users SET firstLogin='\".$date.\"' WHERE username='\".$iusername.\"'\"); };
    				mysql_query(\"UPDATE users SET lastLogin='\".$date.\"' WHERE username='\".$iusername.\"'\");
    				mysql_query(\"UPDATE users SET online='1' WHERE username='\".$iusername.\"'\");
    				echo \"<meta http-equiv=\\"refresh\\" content=\\"0;url=http://urbanmandesign.com/stanns/cms/index.php\\">\";
    			}
    			else {
    				echo \"<meta http-equiv=\\"refresh\\" content=\\"0;url=http://urbanmandesign.com/stanns/cms/login.php?m=1\\">\";
    				session_destroy();
    			}
    			
    		?>
    		
    </body>
    </html>


    index.php:

    <?php require(\"base.php\"); 
    if(isset($_SESSION['loggedin'])) { /*echo \"<meta http-equiv=\\"refresh\\" content=\\"0;url=http://urbanmandesign.com/stanns/cms/login.php\\">\"; die();*/ echo \"N
    DR\"; };
    ?>
    <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/x
    html1/DTD/xhtml1-transitional.dtd\">
    <html xmlns=\"http://www.w3.org/1999/xhtml\">
    	<head>
    		<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
    		<title>St Ann's Church | CMS</title>
    		<link href=\"styleEdit.css\" rel=\"stylesheet\" type=\"text/css\" />
    	</head>
    	<body>
    		<div id=\"wrapper\">
    			<h1>Welcome to the index <?php echo $_SESSION['firstname'] ?>!</h1>
    			<a class=\"big\" href=\"http://urbanmandesign.com/stanns/cms/edit.php?page=home\">Edit the Homepage</a><br />
    			<br />
    			<a class=\"big\" href=\"http://urbanmandesign.com/stanns/cms/editinfo.php\">Edit your Information</a><br />
    			<br />
    			<?php echo $_SESSION['loggedin']; ?>
    			<br />
    			<?php echo $_SESSION['username']; ?>
    			<br />
    			<?php echo $_SESSION['password']; ?>
    			<br />
    		</div>
    	</body>
    </html>


    I have been pulling my hair out over this and if you can tell me why it isn't playing ball I would be really grateful.

    Thanks guys.

    -Tom
  • cybershot
    Permalink to comment #
    try asking this question over at phpfreaks.com
Add a Comment