Thank you for all the helpful input so far!

I have now tried to implement the changes you suggested, but I unfortunately
keep getting an error in line 114, in {-bracket in the switch statement. I
know it is not very desirable to send all the code in a mail, but I think
this is the best solution to find where the error(s) are located.

Also when it comes to implementing the loggedin-function as Geoff Shang so
kindly suggested for the config.php. I keep getting an error message that
says that there is an error in the * "return true;" - line

*

*function loggedin()
{*

*if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))
return true;
else
return false;*

*}*


So for now this code-block is the same as it used to be, because this done
not generate any errors.

When it comes to the function loggedin() inside the connexions.php, I am not
sure where to call the function. Should this be just before the comparing of
the password?

..........or before the switch statement?


*connextion.php*

*<?php*

*include('config.php');*

*?>*

*
*

*<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>*

*    <head>
             <meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1" />
            <link href="<?php echo $design; ?>/style.css" rel="stylesheet"
title="Style" />
            <title>Connexion</title>
  </head>

<body>  <div class="header">*

*               <a href="<?php echo $url_home; ?>"><img src="<?php echo
$design; ?>/images/logo.png" alt="Members Area" /></a>*

*          </div>*

*<?php*

*// LOGGOUT:
//If the user is logged, we log him out*

*if(isset($_SESSION['username']))
{
     //We log him out by deleting the username and userid sessions
            unset($_SESSION['username'], $_SESSION['userid'],
$_SESSION['usr_level']);*

*?>*

*<div class="message">You have successfuly been loged out.<br />
<a href="<?php echo $url_home; ?>">Home</a></div>

<?php*

*} // close the if-loop "user logged in"*

*else
{*

*        $ousername = '';*

*        //We check if the form has been sent
        if(isset($_POST['username'], $_POST['password']))*

*        {*

*                //We remove slashes depending on the configuration
                // And encrypt the password using salt and md5*

*                if(get_magic_quotes_gpc())
                 {*

*                        $ousername = stripslashes($_POST['username']);
                        $username =
mysql_real_escape_string(stripslashes($_POST['username']));
                        $password = stripslashes($_POST['password']);*

*                        $salt = sha1(md5($password));
                        $password = md5($salt.$password);*

*                } // close the remove slashes and encrypting-loop*

*                else
                     {*

*                        $username =
mysql_real_escape_string($_POST['username']);
                        $password = $_POST['password'];*

*                        $salt = sha1(md5($password));
                        $password = md5($salt.$password);*

*                } // close the elese: "get_magic_quotes_gpc()" - block*

*              *

*                //We get the password of the user*

*                $req = mysql_query('select password,id,usr_level from users
where username="'.$username.'"');
                $dn = mysql_fetch_array($req);*

*               //Get user level of the user*

*                $usr_level = $dn['usr_level'];*

*
*

*               //  if (loggedin()){ ------> should be placed her??*

*                *

*                //We compare the submited password and the real one, and we
check if the user exists  *

*               if($dn['password']==$password and mysql_num_rows($req)>0)
                {                        *

*                        //If the password is ok, we set the $loginok var to
true
                        $loginok = true;*

*                        //If the password is good, we dont show the form
                        $form = false;
                *

*                                  // If the user is alredy logged in
                                  if ($loginok)
                                  {
                                           if ($remember=="on")

                                           setcookie("username", $username,
time()+3600*48);*

*                                          else                            *

*
                                //We save the user name in the session
username and the user Id in the session userid*

*                                                 $_SESSION['username'] =
$username;
                                                 $_SESSION['userid'] =
$dn['id'];
                                                 $_SESSION['usr_level'] =
$dn['usr_level'];
               *

*               //  if (loggedin()){ ------> should be placed her??
             *

*                                           switch ($usr_level)  *

*                                         {
                                         case admin:
                                               $access_name = "admin";
                                               $page_suffix = "admin";
                                       break;*

*                                       case newbie:
                                              $access_name = "newbie";
                                              $page_suffix = "newbe";
                                       break;*

*                                        case advanced:
                                               $access_name = "advanced";
                                               $page_suffix = "advanced";
                                       break
                               } //close the switch-looop*

*                           }  // close the if-logged in - loop  *

*  ?>*

*<html><head>
<title>Redirecting...</title>

<meta http-equiv="REFRESH" content="10;url=http://<?php echo
$_SERVER["HTTP_HOST"] . "/index_$page_suffix.html"?>">*

*</head><body>*

*<div class="message">You have successfully been logged in. You can
now access the <?php echo $access_name ?> area.<br /></div>*

*</body> </html>*

*<?php*

*                  } // the comparing of passwords
          else
                {*

*                        //Otherwise, we say the password is incorrect.*

*                        $loginok = false;
                        $form = true;
                        $message = 'The username or password is incorrect.';
*

*                } // close the else-coparing of passwords
         } //close the $form-loop, ($form = false;)*

*        else*

*        {*

*                $form = true;*

*        } // close the password is not good, ($form = true;)*

*
*

*        // if $form is true, password is not good. Display $message, (what
is $message????)*

*        if($form)
        {*

*                //We display a message if necessary
                if(isset($message))
                {
                echo '<div class="message">'.$message.'</div>';
                } // close the display-block*

*       //We display the form, redirect back to login-page
       header("Location: header_login.php");

        } // close the display message if-loop*

*
*

*?>*

*               *

*        </body> </html>*

Reply via email to