skky1142
12-04-2006, 05:03 PM
Hello All,
Haven't been here in a while, hopefully i can get some help. I have a basic log on script i made to protect a member area. It works perfectly. It is nested in a folder called DB2, and the actual script that processes the log on info is located in DB2/core/ directory. This all works fine. The script works by accepting a username and password, then it checks them against usernames and passwords in the database. If it finds a match, it sets session variables to say they should be let in, then passes them off to the main page.
The main page, and every other page for that matter, checks these values first, before letting the page display to make sure the people are allowed in. Now my co-worker wanted a smaller log on area put on the index page of the main website. She created the form exactly as i had it, and she found it wouldn't work. I've done some checking and i have discoverd that the error does not come from the log on form itself, wherever i call it from (whether the index page of another page) it gets the details and checks the person in. However when the sessions are set after dealing with data from the index page, i get kicked out as soon as it passes me off to the main page. I believe i have a session configuration problem.
Here is my file structure:
Original and working page: mysite.com/DB2/index.php
Form processor: mysite.com/DB2/core/login.core.php
Non working file structure:
Main page: mysite.com/index.php
Form processor: mysite.com/DB2/core/login.core.php
I have included my login.core.php page.
<?php
###########################################################
## This page checks to see if the user exists. If they ##
## do it goes ahead and checks to see if the password ##
## matches. If that is the case it logs them in, else ##
## it sends them back to the index page. ##
###########################################################
include('./connections.lib.php');
$uname = trim($_POST['uname']);
$password = trim($_POST['password']);
if(!$uname || !$password) {//they didn't enter both
header('Location:*edited*');
} else {//check db
$query = mysql_query('SELECT `company_info_member_id` FROM `member_logon` WHERE (`mem_username` = \'' . $uname . '\' AND `mem_password` = \'' . $password . '\')');
if(mysql_num_rows($query) === 0){//they have the wrong password
header('Location: *edited*');
} else {// correct login info, let's make sure they're active
$row = mysql_fetch_row($query);
$query = 'SELECT * FROM `company_info` WHERE (`active` = \'yes\' AND `member_id` = ' . $row[0] . ')';
$sql = mysql_query($query);
if(!mysql_num_rows($sql)) {// not set to active yet by administrator(s)
header('Location: *edited*');
} else {//theY're good, let 'em in, pack 'em up, and pass 'em on
$row = mysql_fetch_object($sql);
session_start();
$_SESSION['mem_id'] = $row->member_id;
$_SESSION['allowedin'] = 'yes';
$_SESSION['company_name'] = $row->company_name;
header('Location: *edited*');
}
}
}//end big if
?>
Haven't been here in a while, hopefully i can get some help. I have a basic log on script i made to protect a member area. It works perfectly. It is nested in a folder called DB2, and the actual script that processes the log on info is located in DB2/core/ directory. This all works fine. The script works by accepting a username and password, then it checks them against usernames and passwords in the database. If it finds a match, it sets session variables to say they should be let in, then passes them off to the main page.
The main page, and every other page for that matter, checks these values first, before letting the page display to make sure the people are allowed in. Now my co-worker wanted a smaller log on area put on the index page of the main website. She created the form exactly as i had it, and she found it wouldn't work. I've done some checking and i have discoverd that the error does not come from the log on form itself, wherever i call it from (whether the index page of another page) it gets the details and checks the person in. However when the sessions are set after dealing with data from the index page, i get kicked out as soon as it passes me off to the main page. I believe i have a session configuration problem.
Here is my file structure:
Original and working page: mysite.com/DB2/index.php
Form processor: mysite.com/DB2/core/login.core.php
Non working file structure:
Main page: mysite.com/index.php
Form processor: mysite.com/DB2/core/login.core.php
I have included my login.core.php page.
<?php
###########################################################
## This page checks to see if the user exists. If they ##
## do it goes ahead and checks to see if the password ##
## matches. If that is the case it logs them in, else ##
## it sends them back to the index page. ##
###########################################################
include('./connections.lib.php');
$uname = trim($_POST['uname']);
$password = trim($_POST['password']);
if(!$uname || !$password) {//they didn't enter both
header('Location:*edited*');
} else {//check db
$query = mysql_query('SELECT `company_info_member_id` FROM `member_logon` WHERE (`mem_username` = \'' . $uname . '\' AND `mem_password` = \'' . $password . '\')');
if(mysql_num_rows($query) === 0){//they have the wrong password
header('Location: *edited*');
} else {// correct login info, let's make sure they're active
$row = mysql_fetch_row($query);
$query = 'SELECT * FROM `company_info` WHERE (`active` = \'yes\' AND `member_id` = ' . $row[0] . ')';
$sql = mysql_query($query);
if(!mysql_num_rows($sql)) {// not set to active yet by administrator(s)
header('Location: *edited*');
} else {//theY're good, let 'em in, pack 'em up, and pass 'em on
$row = mysql_fetch_object($sql);
session_start();
$_SESSION['mem_id'] = $row->member_id;
$_SESSION['allowedin'] = 'yes';
$_SESSION['company_name'] = $row->company_name;
header('Location: *edited*');
}
}
}//end big if
?>