Slight Script Problem

[Zenax]

Perhaps you can help me out here.

The script I have is not remembering sessions. I think i am creating them correctly. Here is the code:

PHP Code:

<?php
            session_start();
            
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>ZenCMS</title>

<link rel="stylesheet" href="style.css" type="text/css" />

<script type="text/javascript" src="tabs/ajaxtabs/ajaxtabs.js">

/***********************************************
* Ajax Tabs Content script- © Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code
***********************************************/

</script>
</head>

<body>



<div class="topBar">


    <div class="logo">
    
        <img src="img/logo.jpg" width="400" height="100" alt="ZenCMS" />
        
    </div>
    

    <div class="form">
    
        <div class="formContent">
            <?php
            

            
        // Require once the DB script
        require_once('connect_db.php');

        $username = $_POST['username'];
        $password = $_POST['password'];

        // Creating an SQL Query
        $q = "SELECT * FROM users WHERE  users = '$username' and password = '$password'";
        $check = mysql_query($q);

        // Counting the table row
        // If the result is matched then $username, $password must be row 1
        $count = mysql_num_rows($check);

        if ($count == 1) {
            
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
        
            if ($_SESSION['username'] = 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
            
            echo 'Welcome '. $_SESSION['username'] .'. You are now logged in!';
            echo '<br />';
            echo '<a href="logout.php">Logout</a>';
            

            
        }
        
        elseif ($count == 0)    {
        echo 'Wrong username or password specified';
        echo '<a href="#" onClick="history.back(1)">Go Back</a>';
        }
        
        else {        
?>
            <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
            <table width="90%" border="0" cellspacing="0" cellpadding="5">
                  <tr>
                    <td>Username:</td>
                    <td>Password:</td>
                  </tr>
                  <tr>
                       <td><input type="text" name="username" /></td>
                    <td><input type="password" name="password" /> &nbsp; <input name="submit" type="submit" value="Login" class="button"/></td>
              </tr>
            </table>
            </form>
        <?php
        
        }
        
        ?>
      </div>
    </div>




</div>




<div class="rightCol">


    <div class="title">
    Website News
    </div>
    
    <div class="info">
    
        <i>New Template - 04 July 2007</i>
        <br />
        I have created a brand new template. The reason behind this is so that I can sort things out witha  dodgy phpBB 3 installation I had once, and also continue writing my own CMS. This template is based on partly things I have written so far. The login feature at the top of the page is curently based on the membership feature that is based within the CMS. 
        
        <br />
        <br />
        
        I am in the process of writing the rest of the CMS and you can find out information on this CMS by visiting the relevant pages behind it!
        
        <br />
        <br />
        If you have any problems, then please do not hesitate to contact me by visting the contact page!
        <br />
        <br />
        Regards,
        <br />
        ZenCMS Admin
    
    </div>

<br />
<?php

 echo file_get_contents("http://staff.x10hosting.com/adCode.php?ad=advanced"); 
 
?>




</div>

<div class="navTop">

12435


</div>


<div class="topBoxes">

<ul id="maintab" class="shadetabs">
<li class="selected"><a href="#default" rel="ajaxcontentarea">About</a></li>
<li><a href="tabs/external.htm" rel="ajaxcontentarea">Latest Release</a></li>
<li><a href="tabs/external2.htm" rel="ajaxcontentarea">Problems?</a></li>
</ul>

<div id="ajaxcontentarea" class="contentstyle">

    <strong>About</strong>
    ZenCMS is the product of a very bored teenage on his 3 month break from college. In my spare time, I am writing this CMS as a way to pass the time, but also to see how far I can push myself creatively and also how much coding knowledge I actually have.



</div>

<script type="text/javascript">
//Start Ajax tabs script for UL with id="maintab" Separate multiple ids each with a comma.
startajaxtabs("maintab")
</script>
    


</div>









</body>
</html>

Page:
http://zenax.x10hosting.com

They must be created, as I use the session function to call the username once they have logged in, sos urely they ar ebeing created???

[lambada]

You're putting the session information in in the same page you're calling it.

As I understand sessions the inserted information is only available form the next time the browser calls a page.

I.E.

try displaying the form, redirect them to whatever page where you insert the Sessions, then redirect them back to the page with the content.
That's why on something like vBulletin when you login you get directed to a page with thanks for logging in before begin redirected back to the index.

EDIT:
To make it a bit clearer:

PHP Code:

            if ($_SESSION['username'] = 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
            
            echo 'Welcome '. $_SESSION['username'] .'. You are now logged in!';
            echo '<br />';
            echo '<a href="logout.php">Logout</a>'; 


That part will work only upon the next call of the script.

Index with login form ->Login processing -> index page with admin link
That code can't be on the login processing page.

[t2t2t]

Umm...

PHP Code:

            if ($_SESSION['username'] = 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
            
            echo 'Welcome '. $_SESSION['username'] .'. You are now logged in!';
            echo '<br />';
            echo '<a href="logout.php">Logout</a>'; 


Maybe you ment:

PHP Code:

             if ($_SESSION['username'] == 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            } 


[lambada]

t2t2t the code makes sense:

PHP Code:

        if ($count == 1) {
            
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
        
            if ($_SESSION['username'] = 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
            
            echo 'Welcome '. $_SESSION['username'] .'. You are now logged in!';
            echo '<br />';
            echo '<a href="logout.php">Logout</a>';
            

            
        } 


means if a row was returned assign the variables. If the user is also an admin the print the link to admin panel, for everyone who has logged in then print the logout link.

As they both use sessions set on the page they cannot be used until a refresh - hence using a redirect method I suggested.

[t2t2t]

= is set to
== if equals
note the difference?

[lambada]

Woops, I see what you meant now.

My mistake - I was still focussing on the main problem when you posted.

[Zenax]

So basically have something redirects to a login success page, then have it re-direct back to the index again upon login!

Shall change code. I am building the site based on the CMS I am writing. Thanks for the help now, I shall change it now.

EDIT: now I am slightly confused as to what I am supposed to do!


I have the login thing stored in the login.php but then how do I get it call the sessions on the main page, as I still want to use something along the lines of this:

PHP Code:

        if ($count == 1) {
            
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
        
            if ($_SESSION['username'] = 'Admin')    {
            echo '<a href="ap">Admin Panel</a> <br />';
            }
            
            echo 'Welcome '. $_SESSION['username'] .'. You are now logged in!';
            echo '<br />';
            echo '<a href="logout.php">Logout</a>';
            

            
        } 


in the main page to determine whether or not they are logged in. Perhaps you could help me out again!?!?

EDIT 2:
I think I just buggered the whole sessions thing up. Now when you go to the ap, it lets you in, thinking the session is valid, even after you have ran the logout.php script. I am thinking I am going to have to re-write the code so that it fits in with the website.

P.S If you want me to, I shall post all the code to the different pages

[Bryon]

I was bored so.. I felt like helping out.

I moved the login stuff to a new, separIate file to keep it 'clean' somewhat. I cleaned up everything and added a little to it.

Login.php:

PHP Code:

<?php
session_start();

   // Require once the DB script
   require_once 'connect_db.php';

   if ($_POST['loginSubmit']) {
      // You *always!* need to validate user-supplied data when using it in MySQL queries!!
      // This isn't 100% secure, but it's definitely better than having nothing and being vulnerable to SQL injection.
      if(get_magic_quotes_gpc()) {
         if(ini_get('magic_quotes_sybase')) {
             $username = str_replace("''", "'", $_POST['username']);
             $password = str_replace("''", "'", $_POST['password']);
         } else {
             $username = stripslashes($_POST['username']);
             $password = stripslashes($_POST['password']);
         }
      } else {
          $username = $_POST['username'];
          $password = $_POST['password'];
      }
      $username = mysql_real_escape_string($username);
      $password = mysql_real_escape_string($password);
      
      $check = mysql_query("SELECT * FROM `users` WHERE `users` = '$username' and `password` = '$password' LIMIT 1");
      
      // Counting the table row
      // If the result is matched then $username, $password must be row 1
      $count = @mysql_num_rows($check);
      
      // Logged in!
      if ($count == (int) 1) {
         $_SESSION['site_username'] = $username;
         $_SESSION['site_password'] = $password;
         if (strtolower($_SESSION['site_username']) == 'admin') {
            echo '<a href="ap">Admin Panel</a> <br />';
         }
         
         echo 'Welcome '. $_SESSION['site_username'] .'. You are now logged in!<br />';
         echo '<a href="logout.php">Logout</a>';
         $_GET['do'] = 'manualUnset';
         // Do whatever ?
      }
      else {
         echo 'Error: Wrong username or password specified. <br />';
      }
   }

   // If $_GET['do'] is set to 'manualUnset', do not show login form, user already logged in.
   switch ($_GET['do']) {
      case 'manualUnset':
         break;
      default:
?>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <table width="90%" border="0" cellspacing="0" cellpadding="5">
     <tr>
      <td>Username:</td>
      <td>Password:</td>
     </tr>
     <tr>
      <td><input type="text" name="username" /></td>
      <td><input type="password" name="password" /> &nbsp; <input name="loginSubmit" type="submit" value="Login" class="button" /></td>
     </tr>
    </table>
    </form>
<?php
      break;
   }
?>

Other File:

PHP Code:

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <title>ZenCMS</title>
  <link rel="stylesheet" href="style.css" type="text/css" />
  <script type="text/javascript" src="tabs/ajaxtabs/ajaxtabs.js">
   /***********************************************
   * Ajax Tabs Content script- © Dynamic Drive DHTML code library (www.dynamicdrive.com)
   * This notice MUST stay intact for legal use
   * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code
   ***********************************************/
  </script>
 </head>
 <body>

  <div class="topBar">
   <div class="logo"><img src="img/logo.jpg" width="400" height="100" alt="ZenCMS" /></div>
   <div class="form">
   <div class="formContent">
<?php

   // Require once the DB script
   require_once 'connect_db.php';

   // If user is logged in, show message stating that. If not, display login box.
   if ($_SESSION['site_username']) {
      echo 'Welcome '. $_SESSION['site_username'];
      echo '<br />';
      if (strtolower($_SESSION['site_username']) == 'admin') {
         echo '<a href="ap">Admin Panel</a> <br />';
      }
      echo '<a href="logout.php">Logout</a>';
   }
   else {
?>
    <form action="login.php" method="post">
    <table width="90%" border="0" cellspacing="0" cellpadding="5">
     <tr>
      <td>Username:</td>
      <td>Password:</td>
     </tr>
     <tr>
      <td><input type="text" name="username" /></td>
      <td><input type="password" name="password" /> &nbsp; <input name="loginSubmit" type="submit" value="Login" class="button" /></td>
     </tr>
    </table>
    </form>
<?php
   }
?>
   </div>
  </div>


  <div class="rightCol">
   <div class="title">Website News</div>
   <div class="info">
    <i>New Template - 04 July 2007</i><br />
    I have created a brand new template. The reason behind this is so that I can sort things out witha  dodgy phpBB 3 installation I had once, and also continue writing my own CMS. This template is based on partly things I have written so far. The login feature at the top of the page is curently based on the membership feature that is based within the CMS.<br /><br />
    I am in the process of writing the rest of the CMS and you can find out information on this CMS by visiting the relevant pages behind it!<br /><br />
    If you have any problems, then please do not hesitate to contact me by visting the contact page!<br /><br />
    Regards,<br />
    ZenCMS Admin
   </div>
  </div>
  <script type="text/javascript" src="http://x10hosting.com/adserve.js?advanced"></script>
  <div class="navTop">12435</div>
  <div class="topBoxes">
   <ul id="maintab" class="shadetabs">
    <li class="selected"><a href="#default" rel="ajaxcontentarea">About</a></li>
    <li><a href="tabs/external.htm" rel="ajaxcontentarea">Latest Release</a></li>
    <li><a href="tabs/external2.htm" rel="ajaxcontentarea">Problems?</a></li>
   </ul>
  <div id="ajaxcontentarea" class="contentstyle"><strong>About</strong> ZenCMS is the product of a very bored teenage on his 3 month break from college. In my spare time, I am writing this CMS as a way to pass the time, but also to see how far I can push myself creatively and also how much coding knowledge I actually have.</div>
  <script type="text/javascript">
   // Start Ajax tabs script for UL with id="maintab" Separate multiple ids each with a comma.
   startajaxtabs("maintab")
  </script>
 </body>
</html>

Lambada (And anyone else): The 'super-global' session array ($_SESSION) is available to view/user/alter/modify/etc anywhere at anytime throughout the script's execution. Any 'changes' that take place 'to it' happen right away, there is no need to refresh/reload the page in order for the changes to 'take affect.' Maybe you have $_SESSION confused with cookies? (Which aren't available until the next page is loaded)

[Zenax]

It all works now! Thanks very much Bryon, that has been very helpful!

P.S Is there anyway to create a delayed re-direct in PHP????

[t2t2t]

PHP Code:

header('Refresh: 2; url=index.php'); // Sends user to index.php after 2 seconds 


Must be entered before ANY content.