...

View Full Version : Session problem - session does not seem to be found



Diod
01-03-2006, 02:52 AM
I am trying to make an admin panel for my little cms, but im having a session problem.
If i press submit it comes with this:

100
d1e0deb927faaa81d3200cf3c43110ce
while it should come with:

YES

Also, when i enter a wrong username or password it echos nothing

The following is my code


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="../includes/site.css" rel="stylesheet" type="text/css" />
</head>
<body>

<?
// MySQL init and functions
include("../includes/config.inc.php");
@ mysql_connect($host, $username,$password) or die('<span class="errors">Can\'t connect to the database</span>');
mysql_select_db($database);

function initiate_session($userid, $name, $access_lvl) {
session_start();
$_SESSION['name'] = $name;
$_SESSION['access_lvl'] = $access_lvl;
$_SESSION['userid'] = $userid;
echo $_SESSION['access_lvl'] . "</br>";
echo session_id();
}
?>

<div id="menu">
<img class="logo" src="../images/logo.gif" alt="Logo"/>
<?
$menuresult = mysql_query("SELECT * FROM " . $dbprefix . "_pages ORDER BY rank ASC");
while ($menu = mysql_fetch_array($menuresult)) {
if ($menu[fullscreen] == 0) {
echo '<a href="../index.php?page=' . $menu[ID] . '">' . $menu[Name] . '</a><br />';
} else {
echo '<a href="../' . $menu[URL] . '">' . $menu[Name] . '</a><br />';
}
}
?>

</div>

<div id="body">
<?
$titleresultq = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='SiteTitle'");
while ($titleresulta = mysql_fetch_array($titleresultq)) {
echo "<title>" . $titleresulta[Text] . " :: AdminCP</title>";
echo "<center><h3>AdminCP</h3></center>";

if (isset($_SESSION['userid'])) {
echo "YES";
} else {

if(isset($_POST['Login']))
{

$usrnamequery = mysql_query("SELECT Name FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$pswdquery = mysql_query("SELECT Password FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$access_lvlq = mysql_query("SELECT Access_Level FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$useridq = mysql_query("SELECT ID FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
while ($usrnamea = mysql_fetch_array($usrnamequery)) {
if ($usrnamea['Name'] == $_POST['usrname']) {
$hashpswd = sha1($pswdsalt) . sha1($_POST['pswd']);
while($pswda = mysql_fetch_array($pswdquery)) {
if ($hashpswd == $pswda['Password']) {
while ($access_lvla = mysql_fetch_array($access_lvlq)) {
while ($userida = mysql_fetch_array($useridq)) {

initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);
}
}
} else {
die("Password is bad");
}
}

} else {
die("Username is bad");
}
}
} else {

echo '
<form id="form1" name="form1" method="post" action="">
<label>Username:
<input type="text" name="usrname" />
</label>
<p>
<label>Password:
<input type="password" name="pswd" />
</label>
</p>
<p>
<label></label>
<input type="submit" name="Login" value="Login" />
<label>
<input type="reset" name="Reset" value="Reset" />
</label>
</p>
</form>';
}
}
}
echo '<br /> <br /> <hr align="center" />';
$footer = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='Footer'");
while ($footertext = mysql_fetch_array($footer)) {
echo "<center><b>" . $footertext[Text] . "</b></center>";
}

?>
</div>

</body>
</html>

Diod
01-03-2006, 09:22 PM
bump*

Ramesiv
01-03-2006, 10:05 PM
place

<?php
session_start();
?>

at the very top of your page, before your DOCTYPE

Diod
01-03-2006, 10:11 PM
Thx! Works perfect.
Do you know anything for "Also, when i enter a wrong username or password it echos nothing"

Ramesiv
01-03-2006, 10:35 PM
i cannot see where you have set you varibles for the password and username, im a newbie to PHP as well, but im guessing that you've assigned empty varibles as the session vars.

Diod
01-03-2006, 10:51 PM
function initiate_session($userid, $name, $access_lvl) {
$_SESSION['name'] = $name;
$_SESSION['access_lvl'] = $access_lvl;
$_SESSION['userid'] = $userid;
header("Location: index.php");
}

Thats where it sets the session vars

Ramesiv
01-03-2006, 11:01 PM
sorry if i was being unclear, i mnt your:

$userid
$name
$access_lvl

vars

Velox Letum
01-03-2006, 11:03 PM
They're set by the function.


function initiate_session($userid, $name, $access_lvl) {

Ramesiv
01-03-2006, 11:05 PM
hmm, i can see the set line:

initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);

i dont understand then, soz, this is outta my knowledge

Prikid
01-03-2006, 11:07 PM
you're creating 3 different server-side session cookies with this. I'd suggest you combine them into one:


function initiate_session($userid, $name, $access_lvl) {
session_start();
$_SESSION['mywebsite']['name'] = $name;
$_SESSION['mywebsite']['access_lvl'] = $access_lvl;
$_SESSION['mywebsite']['userid'] = $userid;
}




initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);
echo $_SESSION['mywebsite']['access_lvl'];

Diod
01-03-2006, 11:11 PM
In the function, below the comment // MySQL init and functions i set those vars, like velox said.
Ive been able to get the Bad password working, by moving the else clause elsewhere, im still trying to get username to work.



............
$usrnamequery = mysql_query("SELECT Name FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$pswdquery = mysql_query("SELECT Password FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$access_lvlq = mysql_query("SELECT Access_Level FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$useridq = mysql_query("SELECT ID FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
while ($usrnamea = mysql_fetch_array($usrnamequery)) {
if (!$usrnamea['Name'] == $_POST['usrname']) {
die("Username is bad");
}
}
$hashpswd = sha1($pswdsalt) . sha1($_POST['pswd']);
while($pswda = mysql_fetch_array($pswdquery)) {
if ($hashpswd == $pswda['Password']) {
while ($access_lvla = mysql_fetch_array($access_lvlq)) {
while ($userida = mysql_fetch_array($useridq)) {

initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);

}
}
} else {
die("Password is bad");
}
}
....................


EDIT: ok thx Prikid ill do that

EDIT2: I cant get that to work

function initiate_session($userid, $name, $access_lvl) {
$titleresultq = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='SiteTitle'");
while ($titleresulta = mysql_fetch_array($titleresultq)) {
$_SESSION[$titleresulta[Text]]['name'] = $name;
$_SESSION[$titleresulta[Text]]['access_lvl'] = $access_lvl;
$_SESSION[$titleresulta[Text]]['userid'] = $userid;
}
header("Location: index.php");
}
................................
echo $_SESSION['ChatFodder']['userid'];


EDIT3: Ok i fixed that one now, the only thing that doesnt work now is that when i fill in the wrong username it echos nothing
Latest code:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="../includes/site.css" rel="stylesheet" type="text/css" />
</head>
<body>

<?
@ session_start();
// MySQL init and functions
include("../includes/config.inc.php");
@ mysql_connect($host, $username,$password) or die('<span class="errors">Can\'t connect to the database</span>');
mysql_select_db($database);

// Site title
$titleresultq = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='SiteTitle'");
while ($titleresulta = mysql_fetch_array($titleresultq)) {
$sitetitle = $titleresulta[Text];
}

function initiate_session($userid, $name, $access_lvl) {
include("../includes/config.inc.php");
$titleresultq = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='SiteTitle'");
while ($titleresulta = mysql_fetch_array($titleresultq)) {
$_SESSION[$titleresulta[Text]]['name'] = $name;
$_SESSION[$titleresulta[Text]]['access_lvl'] = $access_lvl;
$_SESSION[$titleresulta[Text]]['userid'] = $userid;
}
header("Location: index.php");
}
?>

<div id="menu">
<img class="logo" src="../images/logo.gif" alt="Logo"/>
<?
$menuresult = mysql_query("SELECT * FROM " . $dbprefix . "_pages ORDER BY rank ASC");
while ($menu = mysql_fetch_array($menuresult)) {
if ($menu[fullscreen] == 0) {
echo '<a href="../index.php?page=' . $menu[ID] . '">' . $menu[Name] . '</a><br />';
} else {
echo '<a href="../' . $menu[URL] . '">' . $menu[Name] . '</a><br />';
}
}
if (isset($_SESSION[$sitetitle]['userid'])) {
echo '<br /><a href="logout.php" class="negative">Logout</a><br />';
}
?>
</span></div>

<div id="body">
<?
echo "<title>" . $sitetitle . " :: AdminCP</title>";
echo "<center><h3>AdminCP</h3></center>";

if (isset($_SESSION[$sitetitle]['userid'])) {
echo "YES";
} else {

if(isset($_POST['Login']))
{

$usrnamequery = mysql_query("SELECT Name FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$pswdquery = mysql_query("SELECT Password FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$access_lvlq = mysql_query("SELECT Access_Level FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$useridq = mysql_query("SELECT ID FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
while ($usrnamea = mysql_fetch_array($usrnamequery)) {
if (!$usrnamea['Name'] == $_POST['usrname']) {
echo '<span class="errors">The username that you entered is not found in the database</span>';
echo '<br /><a href="index.php">Back</a>';
echo '<br /> <br /> <hr align="center" />';
$footer = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='Footer'");
while ($footertext = mysql_fetch_array($footer)) {
die("<center><b>" . $footertext[Text] . "</b></center>");
}
}
}
$hashpswd = sha1($pswdsalt) . sha1($_POST['pswd']);
while($pswda = mysql_fetch_array($pswdquery)) {
if ($hashpswd == $pswda['Password']) {
while ($access_lvla = mysql_fetch_array($access_lvlq)) {
while ($userida = mysql_fetch_array($useridq)) {

initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);

}
}
} else {
echo '<span class="errors">The password you entered does not match the one in the database</span>';
echo '<br /><a href="index.php">Back</a>';
echo '<br /> <br /> <hr align="center" />';
$footer = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='Footer'");
while ($footertext = mysql_fetch_array($footer)) {
die("<center><b>" . $footertext[Text] . "</b></center>");
}
}
}
} else {

echo '
<form id="form1" name="form1" method="post" action="">
<label>Username:
<input type="text" name="usrname" />
</label>
<p>
<label>Password:
<input type="password" name="pswd" />
</label>
</p>
<p>
<label></label>
<input type="submit" name="Login" value="Login" />
<label>
<input type="reset" name="Reset" value="Reset" />
</label>
</p>
</form>';
}
}
echo '<br /> <br /> <hr align="center" />';
$footer = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='Footer'");
while ($footertext = mysql_fetch_array($footer)) {
echo "<center><b>" . $footertext[Text] . "</b></center>";
}
?>
</div>

</body>
</html>

Diod
01-04-2006, 08:49 PM
*bump* I really can't find it

EDIT: i found the reason why it didnt work;


$usrnamequery = mysql_query("SELECT Name FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$pswdquery = mysql_query("SELECT Password FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$access_lvlq = mysql_query("SELECT Access_Level FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$useridq = mysql_query("SELECT ID FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");

Should be

$usrnamequery = mysql_query("SELECT Name FROM " . $dbprefix . "_users");
$pswdquery = mysql_query("SELECT Password FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$access_lvlq = mysql_query("SELECT Access_Level FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$useridq = mysql_query("SELECT ID FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");

But now it says that my password is always wrong;

CODE:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="../includes/site.css" rel="stylesheet" type="text/css" />
</head>
<body>

<?
@ session_start();
// MySQL init and functions
include("../includes/config.inc.php");
@ mysql_connect($host, $username,$password) or die('<span class="errors">Can\'t connect to the database</span>');
mysql_select_db($database);

// Site title
$titleresultq = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='SiteTitle'");
while ($titleresulta = mysql_fetch_array($titleresultq)) {
$sitetitle = $titleresulta[Text];
}

// Footer text
$footer = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='Footer'");
while ($footertext = mysql_fetch_array($footer)) {
$footer_text = $footertext[Text];
}

function initiate_session($userid, $name, $access_lvl) {
include("../includes/config.inc.php");
$titleresultq = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='SiteTitle'");
while ($titleresulta = mysql_fetch_array($titleresultq)) {
$_SESSION[$titleresulta[Text]]['name'] = $name;
$_SESSION[$titleresulta[Text]]['access_lvl'] = $access_lvl;
$_SESSION[$titleresulta[Text]]['userid'] = $userid;
}
header("Location: index.php");
}
?>

<div id="menu">
<img class="logo" src="../images/logo.gif" alt="Logo"/>
<?
$menuresult = mysql_query("SELECT * FROM " . $dbprefix . "_pages ORDER BY rank ASC");
while ($menu = mysql_fetch_array($menuresult)) {
if ($menu[fullscreen] == 0) {
echo '<a href="../index.php?page=' . $menu[ID] . '">' . $menu[Name] . '</a><br />';
} else {
echo '<a href="../' . $menu[URL] . '">' . $menu[Name] . '</a><br />';
}
}
if (isset($_SESSION[$sitetitle]['userid'])) {
echo '<br /><a href="logout.php" class="negative">Logout</a><br />';
}
?>
</span></div>

<div id="body">
<?
echo "<title>" . $sitetitle . " :: AdminCP</title>";
echo "<center><h3>AdminCP</h3></center>";

if (isset($_SESSION[$sitetitle]['userid'])) {
echo "YES";
} else {

if(isset($_POST['Login']))
{

$usrnamequery = mysql_query("SELECT Name FROM " . $dbprefix . "_users");
$pswdquery = mysql_query("SELECT Password FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$access_lvlq = mysql_query("SELECT Access_Level FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
$useridq = mysql_query("SELECT ID FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
while ($usrnamea = mysql_fetch_array($usrnamequery)) {

if (strtolower($usrnamea['Name']) != strtolower($_POST['usrname'])) {
echo '<span class="errors">The username that you entered is not found in the database</span>';
echo '<br /><a href="index.php">Back</a>';
echo '<br /> <br /> <hr align="center" />';
$footer = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='Footer'");
die("<center><b>" . $footer_text . "</b></center>");
}
}
$hashpswd = sha1($pswdsalt) . sha1($_POST['pswd']);
while($pswda = mysql_fetch_array($pswdquery)) {
if (strtolower($hashpswd) == strtolower($pswda['Password'])) {
while ($access_lvla = mysql_fetch_array($access_lvlq)) {
while ($userida = mysql_fetch_array($useridq)) {

initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);

}
}
} else {
echo '<span class="errors">The password you entered does not match the one in the database</span>';
echo '<br /><a href="index.php">Back</a>';
echo '<br /> <br /> <hr align="center" />';
$footer = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='Footer'");
die("<center><b>" . $footer_text . "</b></center>");
}
}
} else {

echo '
<form id="form1" name="form1" method="post" action="">
<label>Username:
<input type="text" name="usrname" />
</label>
<p>
<label>Password:
<input type="password" name="pswd" />
</label>
</p>
<p>
<label></label>
<input type="submit" name="Login" value="Login" />
<label>
<input type="reset" name="Reset" value="Reset" />
</label>
</p>
</form>';
}
}
echo '<br /> <br /> <hr align="center" />';
$footer = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='Footer'");
echo "<center><b>" . $footer_text . "</b></center>";
?>
</div>

</body>
</html>

Diod
01-04-2006, 09:32 PM
Fixed:

I had to do the if like this:


for ($i = 1; $i <= count($usrnamea['Name']); $i++) {

if (strtolower($usrnamea['Name']) != strtolower($_POST['usrname']) && $i == count($usrnamea['Name'])) {

Diod
01-05-2006, 02:59 PM
Still doesnt work :/

Code:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="../includes/site.css" rel="stylesheet" type="text/css" />
</head>
<body>

<?
@ session_start();
// MySQL init and functions
include("../includes/config.inc.php");
@ mysql_connect($host, $username,$password) or die('<span class="errors">Can\'t connect to the database</span>');
mysql_select_db($database);

// Site title
$titleresultq = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='SiteTitle'");
while ($titleresulta = mysql_fetch_array($titleresultq))
{
$sitetitle = $titleresulta[Text];
}

// Footer text
$footer = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='Footer'");
while ($footertext = mysql_fetch_array($footer))
{
$footer_text = $footertext[Text];
}

function initiate_session($userid, $name, $access_lvl)
{
include("../includes/config.inc.php");
$titleresultq = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='SiteTitle'");
while ($titleresulta = mysql_fetch_array($titleresultq))
{
$_SESSION[$titleresulta[Text]]['name'] = $name;
$_SESSION[$titleresulta[Text]]['access_lvl'] = $access_lvl;
$_SESSION[$titleresulta[Text]]['userid'] = $userid;
}
header("Location: index.php");
}

function val_login($username, $password)
{
if(val_user($username))
{
if (val_password($username, $password))
{
return true;
}
else
{
return false;
}
}
}

function val_user($username)
{
include("../includes/config.inc.php");
$usrnamequery = mysql_query("SELECT Name FROM " . $dbprefix . "_users");
while ($usrnamea = mysql_fetch_array($usrnamequery))
{
return true;
}
}

function val_password($username, $password)
{
include("../includes/config.inc.php");
$pswdquery = mysql_query("SELECT Password FROM " . $dbprefix . "_users WHERE Name='" . $username . "'");
$hashpswd = sha1($pswdsalt) . sha1($password);
while ($pswda = mysql_fetch_array($pswdquery))
{
if ($pswda['Password'] == $hashpswd)
{
return true;
}
else
{
return false;
}
}
}
?>

<div id="menu">
<img class="logo" src="../images/logo.gif" alt="Logo"/>
<?
$menuresult = mysql_query("SELECT * FROM " . $dbprefix . "_pages ORDER BY rank ASC");
while ($menu = mysql_fetch_array($menuresult)) {
if ($menu[fullscreen] == 0) {
echo '<a href="../index.php?page=' . $menu[ID] . '">' . $menu[Name] . '</a><br />';
} else {
echo '<a href="../' . $menu[URL] . '">' . $menu[Name] . '</a><br />';
}
}
if (isset($_SESSION[$sitetitle]['userid'])) {
echo '<br /><a href="logout.php" class="negative">Logout</a><br />';
}
?>
</span></div>

<div id="body">
<?
echo "<title>" . $sitetitle . " :: AdminCP</title>";
echo "<center><h3>AdminCP</h3></center>";

if (isset($_SESSION[$sitetitle]['userid'])) {
echo "YES";
} else {

if(isset($_POST['Login']))
{

if (val_login($_POST['usrname'], $_POST['pswd']))
{
$sessvarsq = mysql_query("SELECT ID, Access_Level FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
while ($sessvarsa = mysql_fetch_array($sessvarsq))
{
initiate_session($sessvarsa['ID'], $username, $sessvarsa['access_lvl']);
}
}
else
{
echo '<span class="errors">The login information you entered does not match the one in the database</span>';
echo '<br /><a href="index.php">Back</a>';
echo '<br /> <br /> <hr align="center" />';
die("<center><b>" . $footer_text . "</b></center>");
}

} else {
echo '
<form id="form1" name="form1" method="post" action="">
<label>Username:
<input type="text" name="usrname" />
</label>
<p>
<label>Password:
<input type="password" name="pswd" />
</label>
</p>
<p>
<label></label>
<input type="submit" name="Login" value="Login" />
<label>
<input type="reset" name="Reset" value="Reset" />
</label>
</p>
</form>';
}
}
echo '<br /> <br /> <hr align="center" />';
echo "<center><b>" . $footer_text . "</b></center>";
?>
</div>

</body>
</html>

Diod
01-05-2006, 03:00 PM
Still doesnt work :/
I wouldnt know how to check the username against every usrname in the database

Code:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="../includes/site.css" rel="stylesheet" type="text/css" />
</head>
<body>

<?
@ session_start();
// MySQL init and functions
include("../includes/config.inc.php");
@ mysql_connect($host, $username,$password) or die('<span class="errors">Can\'t connect to the database</span>');
mysql_select_db($database);

// Site title
$titleresultq = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='SiteTitle'");
while ($titleresulta = mysql_fetch_array($titleresultq))
{
$sitetitle = $titleresulta[Text];
}

// Footer text
$footer = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='Footer'");
while ($footertext = mysql_fetch_array($footer))
{
$footer_text = $footertext[Text];
}

function initiate_session($userid, $name, $access_lvl)
{
include("../includes/config.inc.php");
$titleresultq = mysql_query("SELECT * FROM " . $dbprefix . "_site WHERE Name='SiteTitle'");
while ($titleresulta = mysql_fetch_array($titleresultq))
{
$_SESSION[$titleresulta[Text]]['name'] = $name;
$_SESSION[$titleresulta[Text]]['access_lvl'] = $access_lvl;
$_SESSION[$titleresulta[Text]]['userid'] = $userid;
}
header("Location: index.php");
}

function val_login($username, $password)
{
if(val_user($username))
{
if (val_password($username, $password))
{
return true;
}
else
{
return false;
}
}
}

function val_user($username)
{
include("../includes/config.inc.php");
$usrnamequery = mysql_query("SELECT Name FROM " . $dbprefix . "_users");
while ($usrnamea = mysql_fetch_array($usrnamequery))
{
return true;
}
}

function val_password($username, $password)
{
include("../includes/config.inc.php");
$pswdquery = mysql_query("SELECT Password FROM " . $dbprefix . "_users WHERE Name='" . $username . "'");
$hashpswd = sha1($pswdsalt) . sha1($password);
while ($pswda = mysql_fetch_array($pswdquery))
{
if ($pswda['Password'] == $hashpswd)
{
return true;
}
else
{
return false;
}
}
}
?>

<div id="menu">
<img class="logo" src="../images/logo.gif" alt="Logo"/>
<?
$menuresult = mysql_query("SELECT * FROM " . $dbprefix . "_pages ORDER BY rank ASC");
while ($menu = mysql_fetch_array($menuresult)) {
if ($menu[fullscreen] == 0) {
echo '<a href="../index.php?page=' . $menu[ID] . '">' . $menu[Name] . '</a><br />';
} else {
echo '<a href="../' . $menu[URL] . '">' . $menu[Name] . '</a><br />';
}
}
if (isset($_SESSION[$sitetitle]['userid'])) {
echo '<br /><a href="logout.php" class="negative">Logout</a><br />';
}
?>
</span></div>

<div id="body">
<?
echo "<title>" . $sitetitle . " :: AdminCP</title>";
echo "<center><h3>AdminCP</h3></center>";

if (isset($_SESSION[$sitetitle]['userid'])) {
echo "YES";
} else {

if(isset($_POST['Login']))
{

if (val_login($_POST['usrname'], $_POST['pswd']))
{
$sessvarsq = mysql_query("SELECT ID, Access_Level FROM " . $dbprefix . "_users WHERE Name='" . $_POST['usrname'] . "'");
while ($sessvarsa = mysql_fetch_array($sessvarsq))
{
initiate_session($sessvarsa['ID'], $username, $sessvarsa['access_lvl']);
}
}
else
{
echo '<span class="errors">The login information you entered does not match the one in the database</span>';
echo '<br /><a href="index.php">Back</a>';
echo '<br /> <br /> <hr align="center" />';
die("<center><b>" . $footer_text . "</b></center>");
}

} else {
echo '
<form id="form1" name="form1" method="post" action="">
<label>Username:
<input type="text" name="usrname" />
</label>
<p>
<label>Password:
<input type="password" name="pswd" />
</label>
</p>
<p>
<label></label>
<input type="submit" name="Login" value="Login" />
<label>
<input type="reset" name="Reset" value="Reset" />
</label>
</p>
</form>';
}
}
echo '<br /> <br /> <hr align="center" />';
echo "<center><b>" . $footer_text . "</b></center>";
?>
</div>

</body>
</html>

Whoops it seems i accidently posted this twice when editing



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum