On Aug 14, 2011, at 8:23 AM, Alekto Antarctica wrote:

Hi guys!

I have now tried to take some of your hints into consideration, by
encrypting the password with md5 adding a salt.
As some of you pointed out, this code is the work of a newbie, that is
totally correct, so please bear with me ;)

I have tried to implement a cookie to remember the login for 48 hours, but it still logs the user out after the default 24min for a session like this:

* //We compare the submited password and the real one, and we
check if the user exists*
* if($dn['password']==$password and mysql_num_rows($req)>0)*
*                {*
*                        *
* //If the password is ok, we set the $loginok var to
true*
*                        $loginok = true;*
* //If the password is good, we dont show the form*
*                        $form = false;*
*                        *
*                }*
*                                  if ($loginok = true)*
*                                  {*
*                                          if ($remember=="on")
                         *
*                                            setcookie("username",
$username, time()+7200*24);*
*                                          elseif ($remember=="")

*
* //We save the user name in the session username and the
user Id in the session userid*
* $_SESSION('username')= $username; *
*                                               $_SESSION['userid'] =
$dn['id'];*
* $_SESSION['usr_level'] =
$dn['usr_level'];*
*
*
*.*
*.*
*.*
*.*
*.*
*.*
*}*


Another problem I am now facing, is to check whether to user is logged in, and if it is the user should be redirected from the index-page(with the login-form) to its user area based on the user level(newbie, advanced or
admin).
For now I have written a function, in the config.php.

*function loggedin()*
*{*
* if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))*
* {*
* $loggedin = true;*
* return $loggedin;*
* }*
*}*




I have both tried to include the config.php into the index- page(login-form) and into the connexions.php script (where cookie is implemented). Along with
this code:


*<?php*
*
*
*if (loggedin==true)*
*{*
*                     if($usr_level == admin)*
*                        {*
*                          ?>*
*<div class="message">You have successfuly been logged in. You can now
access the admin area.<br />*
*<?php header("Location: index_admin.php"); ?></div>*
*<?php*
*                        }*
*                 if($usr_level == newbie)*
*                        {*
*                        ?>*
*<div class="message">You have successfuly been logged in. You can now
access to the newbie area.<br />*
*<?php header("Location: index_newbe.php"); ?></div>*
*<?php*
*                        }*
*                 if($usr_level == advanced)*
*                        {*
*                        ?>*
*<div class="message">You have successfuly been logged in. You can now
access the advanced area.<br />*
*<?php header("Location: index_advanced.php"); ?></div>*
*<?php*
*                        }*
* *
*}*
*
*
*?> *
*
*
This does not redirect an alredy logged in user to its user area...

I know this is messy, but if some of you can spot some improvements that
hopfully can fix my cookie and redirect problem, please let me know.

Tanks a lot!

You can't issue headers after you've sent output to the client. headers must be sent before any other output.

If you have messages to be output based on the current script, you have to pass them to the redirected script for them to be output to the client. You can do this by passing them on the query string or in a session variable; there are likely other ways of doing this as well. Note that you don't have to pass the actual text of the message if you use message codes instead, which would also aid in being able to translate the output if so desired.

In the code above, since the message seems tied to the particular area the user has access to and that is tied to a particular script, you could just put the message with each particular script.



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to