Hi everyone,
I use a login-script, but for some reason I keep losing my $_SESSION
variables. Can Anyone tell me why?
Here's my login script:
<?php
if(isset($_POST['submit'])) { // if form has been submitted
/* check they filled in what they were supposed to and authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
print '<form action="index.php" method="post">
<div align="left">
<input class="test" name="uname" type="text" size="8"
maxlength="8">
<input class="test" type="password" size="8" maxlength="8"
name="passwd">
<input name="submit" type="submit" value="Login">
<br>
<span class="welcome">please fill in the required
fields.</span></div>
</form>
';
}
// authenticate.
if(!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}
$check = $db_object->query("SELECT username, password FROM users WHERE
username = '".$_POST['uname']."'");
if(DB::isError($check)) {
print '<form action="index.php" method="post">
<div align="left">
<input class="test" name="uname" type="text" size="8"
maxlength="8">
<input class="test" type="password" size="8" maxlength="8"
name="passwd">
<input name="submit" type="submit" value="Login">
<br>
<span class="welcome">username doesn\'t exist.</span> <a
class="header"
href="javascript:loadPage(\'mainlayer\',null,\'login/signup.php\')">sign up
here</a></div>
</form>
';
}
$info = $check->fetchRow();
// check passwords match
$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']);
if($_POST['passwd'] != $info['password']) {
print '<form action="index.php" method="post">
<div align="left">
<input class="test" name="uname" type="text" size="8"
maxlength="8">
<input class="test" type="password" size="8" maxlength="8"
name="passwd">
<input name="submit" type="submit" value="Login">
<br>
<span class="welcome">wrong password, try again</span></div>
</form>
';
}
// if we get here username and password are correct, register session
variables and set
// last login time.
$date = date('m d, Y');
$update_login = $db_object->query("UPDATE users SET last_login = '$date'
WHERE username = '".$_POST['uname']."'");
$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['username'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];
$db_object->disconnect();
?>
<span class="welcome">Welcome <a class="header"
href="javascript:loadPage('mainlayer',null,'users/edit.php?user=<?=$_SESSION
['username']?>')"><font
color="white"><?=$_SESSION['username']?></font></a><br><a class="header"
href="login/logout.php">Logout</a>
</span>
<?php
}
else { // if form hasn't been submitted
?>
<form action="<?=$HTTP_SERVER_VARS['PHP_SELF']?>" method="post">
<div align="left">
<input class="test" name="uname" type="text" size="8"
maxlength="8">
<input class="test" type="password" size="8" maxlength="8"
name="passwd">
<input name="submit" type="submit" value="Login">
<br>
<a class="header"
href="javascript:loadPage('mainlayer',null,'login/signup.php')">sign up
here</a> </div>
</form>
<?php
}
?>
--
http://seabird.jmtech.ca
Attitude is Everything!
But Remember, Attitudes are Contagious!
Is Yours worth Catching????
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
