Using 98SE / PWS / PHP 4.0.4pl1 / MySQL 3.23.22 for some testing-intranet stuff.
Until now i have used a login system (which works) that consist of a login page, include file and logout file - named Login.php, Auth.inc and Logout.php. Database.inc, which is referenced and contain the login and pwd for the database is left out as it doesn't contain anything critical. Auth.inc includes a function that is used in Login.php to verify the login data. Login.php calls itself until the login is successful - then the user gets presented with a link back to where he came from. Clarification: The issue here is not the PHP installation or PHP.INI settings - this is a code problem. If you *do* belive it is - Prove me wrong. In the code supplied, the 'GO BACK' links does not work. This because i have tried about 1000 different ways to solve the current problem without luck. This is just a 'cleaned' version of the current files. When it worked i had a hardcoded URL link back to the (only) calling page. Now i have to modify this login system so that i can call Login / Logout from any other page and be able to link back to the correct page. It seems like *IF* i use a <a href="login.php?refpage=<?PHP echo "http://"; . "$SERVER_NAME" . "$PHP_SELF"; ?>">Login with ref</a> in the link to Login.php, and the first thing i do in Login.php is to store away $HTTP_SERVER_VARS['HTTP_REFERER'] in a variable, this get lost as soon as the SESSION_START gets executed in Auth.inc. I have verified that the HTTP_REFERER really exist as i store it. I have successfully tested some simple login / logout pages which don't contain the Auth stuff - and those work with the above approach. Any suggestions on how i can solve this? A complete rewrite is not out of the question. I want to keep session functions and be able to keep a reference back to the page which called Login / Logout. - sorry if the code incorporates some 'Swenglish' and unneccesary stuff ;-) ********* AUTH.INC ************************ <?PHP Function auth( $login ='', $pwd = '', $pwd_file = 'pwd.txt' ){ session_start(); global $PHP_SELF, $authdata; include ("databas.inc"); $check = ! empty( $login ); if ( is_array ( $authdata )) { return true; } elseif ( $check ) { mysql_connect($DBserver, $DBlogin, $DBpwd); mysql_select_db($DBnamn); $result = mysql_query("SELECT anvandare.login, anvandare.pwd, anvandare.id, anvandare.namn, anvandare.efternamn, anvandare.sign FROM anvandare"); if ($row = mysql_fetch_array($result)) { do { if (( $row[0] == $login) && (($row[1] == $pwd) OR ($row[1] == NULL) )){ $authdata = array ("a_login" => $login, "a_id" => $row[2], "a_namn" => $row[3], "a_efternamn" => $row[4], "a_sign" => $row[5]); session_register ( 'authdata' ); return true; } } while($row = mysql_fetch_array($result)); } else { unset( $authdata ); return false; } } else { return false; } } ********* END AUTH.INC ********************** ********* LOGIN.PHP ************************ <?php include ('auth.inc'); Function loginform( $error = false ) { ?> <HTML> <HEAD><TITLE>Login page</TITLE></HEAD> <BODY> <?PHP if ( $error) { ?> Error - Please re-enter your Username and Password: <?PHP } else {?> Please enter Username and Password: <?PHP } ?> <FORM ACTION="<?PHP echo $PHP_SELF; ?>" METHOD=POST> Login: <INPUT TYPE="text" NAME="login"><BR> Pwd: <INPUT TYPE="password" NAME="pwd"><BR> <BR> <INPUT TYPE="submit" VALUE="LOG IN"> </FORM> </BODY> </HTML> <?PHP } if ( !auth ( $HTTP_POST_VARS['login'], $HTTP_POST_VARS['pwd'] )) { loginform ( isset ( $HTTP_POST_VARS['login'] )); } if (auth()) { echo "<center>You are now registered as $authdata[a_namn] $authdata[a_efternamn] on the intranet <br><a href=\"$refpage\">Go back</a></center>"; } ?> ********* END LOGIN.PHP ********************** ********* LOGOUT.PHP ************************ <?php session_start(); session_destroy(); ?> <center> Du har nu loggat ut ifrån INTRANÄTET. <BR> <a href="<?PHP echo "$refpage"; ?>">Go back</a> </center> ********* END LOGOUT.PHP ********************** -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
