Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 15 of 15
  1. #1
    New Coder
    Join Date
    Dec 2005
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Session problem - session does not seem to be found

    I am trying to make an admin panel for my little cms, but im having a session problem.
    If i press submit it comes with this:
    100
    d1e0deb927faaa81d3200cf3c43110ce
    while it should come with:
    YES
    Also, when i enter a wrong username or password it echos nothing

    The following is my code

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <link href="../includes/site.css" rel="stylesheet" type="text/css" />
    </head>
    <body>

    <?
    // MySQL init and functions
    include("../includes/config.inc.php");
    mysql_connect($host$username,$password) or die('<span class="errors">Can\'t connect to the database</span>');
    mysql_select_db($database);

    function 
    initiate_session($userid$name$access_lvl) {
    session_start();
    $_SESSION['name'] = $name;
    $_SESSION['access_lvl'] = $access_lvl;
    $_SESSION['userid'] = $userid;
    echo 
    $_SESSION['access_lvl'] . "</br>";
    echo 
    session_id();
    }
    ?>

    <div id="menu">
    <img class="logo" src="../images/logo.gif" alt="Logo"/>
            <?
    $menuresult 
    mysql_query("SELECT * FROM " $dbprefix "_pages ORDER BY rank ASC");
    while (
    $menu mysql_fetch_array($menuresult)) {
    if (
    $menu[fullscreen] == 0) {
    echo 
    '<a href="../index.php?page=' $menu[ID] . '">' $menu[Name] . '</a><br />';
    } else {
    echo 
    '<a href="../' $menu[URL] . '">' $menu[Name] . '</a><br />';
        }
    }
            
    ?>
            
    </div>

    <div id="body">
    <?
    $titleresultq 
    mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='SiteTitle'");
    while (
    $titleresulta mysql_fetch_array($titleresultq)) {
    echo 
    "<title>" $titleresulta[Text] . " :: AdminCP</title>";
    echo 
    "<center><h3>AdminCP</h3></center>";

    if (isset(
    $_SESSION['userid'])) {
    echo 
    "YES";
    } else {

    if(isset(
    $_POST['Login']))
    {

    $usrnamequery mysql_query("SELECT Name FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $pswdquery mysql_query("SELECT Password FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $access_lvlq mysql_query("SELECT Access_Level FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $useridq mysql_query("SELECT ID FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    while (
    $usrnamea mysql_fetch_array($usrnamequery)) {
    if (
    $usrnamea['Name'] == $_POST['usrname']) {
    $hashpswd sha1($pswdsalt) . sha1($_POST['pswd']);
    while(
    $pswda mysql_fetch_array($pswdquery)) {
    if (
    $hashpswd == $pswda['Password']) {
    while (
    $access_lvla mysql_fetch_array($access_lvlq)) {
    while (
    $userida mysql_fetch_array($useridq)) {

    initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);
    }
    }
    } else {
    die(
    "Password is bad");
    }
    }

    } else {
    die(
    "Username is bad");
    }
    }
    } else {

    echo 
    '
    <form id="form1" name="form1" method="post" action="">
      <label>Username:
      <input type="text" name="usrname" />
      </label>
      <p>
        <label>Password:
        <input type="password" name="pswd" />
        </label>
      </p>
      <p>
        <label></label>
        <input type="submit" name="Login" value="Login" />
        <label>
        <input type="reset" name="Reset" value="Reset" />
        </label>
      </p>
    </form>'
    ;
    }
    }
        }
    echo 
    '<br /> <br /> <hr align="center" />';
    $footer mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='Footer'");
    while (
    $footertext mysql_fetch_array($footer)) {
    echo 
    "<center><b>" $footertext[Text] . "</b></center>";
    }

            
    ?>
    </div>

    </body>
    </html>

  • #2
    New Coder
    Join Date
    Dec 2005
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts
    bump*

  • #3
    New Coder
    Join Date
    Nov 2005
    Location
    Louisville, Kentucky
    Posts
    94
    Thanks
    0
    Thanked 0 Times in 0 Posts
    place

    <?php
    session_start();
    ?>

    at the very top of your page, before your DOCTYPE
    What was I thinking?
    Email Me

  • #4
    New Coder
    Join Date
    Dec 2005
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thx! Works perfect.
    Do you know anything for "Also, when i enter a wrong username or password it echos nothing"

  • #5
    New Coder
    Join Date
    Nov 2005
    Location
    Louisville, Kentucky
    Posts
    94
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i cannot see where you have set you varibles for the password and username, im a newbie to PHP as well, but im guessing that you've assigned empty varibles as the session vars.
    What was I thinking?
    Email Me

  • #6
    New Coder
    Join Date
    Dec 2005
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP Code:
    function initiate_session($userid$name$access_lvl) {
    $_SESSION['name'] = $name;
    $_SESSION['access_lvl'] = $access_lvl;
    $_SESSION['userid'] = $userid;
    header("Location: index.php");

    Thats where it sets the session vars

  • #7
    New Coder
    Join Date
    Nov 2005
    Location
    Louisville, Kentucky
    Posts
    94
    Thanks
    0
    Thanked 0 Times in 0 Posts
    sorry if i was being unclear, i mnt your:

    $userid
    $name
    $access_lvl

    vars
    What was I thinking?
    Email Me

  • #8
    Senior Coder
    Join Date
    Apr 2005
    Location
    Colorado, United States
    Posts
    1,208
    Thanks
    0
    Thanked 0 Times in 0 Posts
    They're set by the function.

    PHP Code:
    function initiate_session($userid$name$access_lvl) { 
    "$question = ( to() ) ? be() : ~be();"

  • #9
    New Coder
    Join Date
    Nov 2005
    Location
    Louisville, Kentucky
    Posts
    94
    Thanks
    0
    Thanked 0 Times in 0 Posts
    hmm, i can see the set line:

    initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);

    i dont understand then, soz, this is outta my knowledge
    What was I thinking?
    Email Me

  • #10
    New Coder
    Join Date
    Dec 2005
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    you're creating 3 different server-side session cookies with this. I'd suggest you combine them into one:
    PHP Code:
    function initiate_session($userid$name$access_lvl) { 
    session_start(); 
    $_SESSION['mywebsite']['name'] = $name;
    $_SESSION['mywebsite']['access_lvl'] = $access_lvl;
    $_SESSION['mywebsite']['userid'] = $userid;

    PHP Code:
    initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']); 
    echo 
    $_SESSION['mywebsite']['access_lvl']; 

  • #11
    New Coder
    Join Date
    Dec 2005
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts
    In the function, below the comment // MySQL init and functions i set those vars, like velox said.
    Ive been able to get the Bad password working, by moving the else clause elsewhere, im still trying to get username to work.

    PHP Code:
    ............
    $usrnamequery mysql_query("SELECT Name FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $pswdquery mysql_query("SELECT Password FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $access_lvlq mysql_query("SELECT Access_Level FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $useridq mysql_query("SELECT ID FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    while (
    $usrnamea mysql_fetch_array($usrnamequery)) {
    if (!
    $usrnamea['Name'] == $_POST['usrname']) {
    die(
    "Username is bad");
    }
    }
    $hashpswd sha1($pswdsalt) . sha1($_POST['pswd']);
    while(
    $pswda mysql_fetch_array($pswdquery)) {
    if (
    $hashpswd == $pswda['Password']) {
    while (
    $access_lvla mysql_fetch_array($access_lvlq)) {
    while (
    $userida mysql_fetch_array($useridq)) {

    initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);

        }
    }
    } else {
    die(
    "Password is bad");
    }
    }
    .................... 
    EDIT: ok thx Prikid ill do that

    EDIT2: I cant get that to work
    PHP Code:
    function initiate_session($userid$name$access_lvl) {
    $titleresultq mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='SiteTitle'");
    while (
    $titleresulta mysql_fetch_array($titleresultq)) {
    $_SESSION[$titleresulta[Text]]['name'] = $name;
    $_SESSION[$titleresulta[Text]]['access_lvl'] = $access_lvl;
    $_SESSION[$titleresulta[Text]]['userid'] = $userid;
    }
    header("Location: index.php");
    }
    ................................
    echo 
    $_SESSION['ChatFodder']['userid']; 
    EDIT3: Ok i fixed that one now, the only thing that doesnt work now is that when i fill in the wrong username it echos nothing
    Latest code:

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <link href="../includes/site.css" rel="stylesheet" type="text/css" />
    </head>
    <body>

    <?
    session_start();
    // MySQL init and functions
    include("../includes/config.inc.php");
    mysql_connect($host$username,$password) or die('<span class="errors">Can\'t connect to the database</span>');
    mysql_select_db($database);

    // Site title
    $titleresultq mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='SiteTitle'");
    while (
    $titleresulta mysql_fetch_array($titleresultq)) {
    $sitetitle $titleresulta[Text];
    }

    function 
    initiate_session($userid$name$access_lvl) {
    include(
    "../includes/config.inc.php");
    $titleresultq mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='SiteTitle'");
    while (
    $titleresulta mysql_fetch_array($titleresultq)) {
    $_SESSION[$titleresulta[Text]]['name'] = $name;
    $_SESSION[$titleresulta[Text]]['access_lvl'] = $access_lvl;
    $_SESSION[$titleresulta[Text]]['userid'] = $userid;
    }
    header("Location: index.php");
    }
    ?>

    <div id="menu">
    <img class="logo" src="../images/logo.gif" alt="Logo"/>
            <?
    $menuresult 
    mysql_query("SELECT * FROM " $dbprefix "_pages ORDER BY rank ASC");
    while (
    $menu mysql_fetch_array($menuresult)) {
    if (
    $menu[fullscreen] == 0) {
    echo 
    '<a href="../index.php?page=' $menu[ID] . '">' $menu[Name] . '</a><br />';
    } else {
    echo 
    '<a href="../' $menu[URL] . '">' $menu[Name] . '</a><br />';
        }
    }
    if (isset(
    $_SESSION[$sitetitle]['userid'])) {
    echo 
    '<br /><a href="logout.php" class="negative">Logout</a><br />';
    }
            
    ?>
    </span></div>

    <div id="body">
    <?
    echo "<title>" $sitetitle " :: AdminCP</title>";
    echo 
    "<center><h3>AdminCP</h3></center>";

    if (isset(
    $_SESSION[$sitetitle]['userid'])) {
    echo 
    "YES";
    } else {

    if(isset(
    $_POST['Login']))
    {

    $usrnamequery mysql_query("SELECT Name FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $pswdquery mysql_query("SELECT Password FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $access_lvlq mysql_query("SELECT Access_Level FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $useridq mysql_query("SELECT ID FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    while (
    $usrnamea mysql_fetch_array($usrnamequery)) {
    if (!
    $usrnamea['Name'] == $_POST['usrname']) {
    echo 
    '<span class="errors">The username that you entered is not found in the database</span>';
    echo 
    '<br /><a href="index.php">Back</a>';
    echo 
    '<br /> <br /> <hr align="center" />';
    $footer mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='Footer'");
    while (
    $footertext mysql_fetch_array($footer)) {
    die(
    "<center><b>" $footertext[Text] . "</b></center>");
    }
        }
    }
    $hashpswd sha1($pswdsalt) . sha1($_POST['pswd']);
    while(
    $pswda mysql_fetch_array($pswdquery)) {
    if (
    $hashpswd == $pswda['Password']) {
    while (
    $access_lvla mysql_fetch_array($access_lvlq)) {
    while (
    $userida mysql_fetch_array($useridq)) {

    initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);

        }
    }
    } else {
    echo 
    '<span class="errors">The password you entered does not match the one in the database</span>';
    echo 
    '<br /><a href="index.php">Back</a>';
    echo 
    '<br /> <br /> <hr align="center" />';
    $footer mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='Footer'");
    while (
    $footertext mysql_fetch_array($footer)) {
    die(
    "<center><b>" $footertext[Text] . "</b></center>");
    }
    }
    }
    } else {

    echo 
    '
    <form id="form1" name="form1" method="post" action="">
      <label>Username:
      <input type="text" name="usrname" />
      </label>
      <p>
        <label>Password:
        <input type="password" name="pswd" />
        </label>
      </p>
      <p>
        <label></label>
        <input type="submit" name="Login" value="Login" />
        <label>
        <input type="reset" name="Reset" value="Reset" />
        </label>
      </p>
    </form>'
    ;
    }
    }
    echo 
    '<br /> <br /> <hr align="center" />';
    $footer mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='Footer'");
    while (
    $footertext mysql_fetch_array($footer)) {
    echo 
    "<center><b>" $footertext[Text] . "</b></center>";
    }
            
    ?>
    </div>

    </body>
    </html>
    Last edited by Diod; 01-03-2006 at 11:00 PM.

  • #12
    New Coder
    Join Date
    Dec 2005
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts
    *bump* I really can't find it

    EDIT: i found the reason why it didnt work;

    PHP Code:
    $usrnamequery mysql_query("SELECT Name FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $pswdquery mysql_query("SELECT Password FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $access_lvlq mysql_query("SELECT Access_Level FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $useridq mysql_query("SELECT ID FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'"); 
    Should be
    PHP Code:
    $usrnamequery mysql_query("SELECT Name FROM " $dbprefix "_users");
    $pswdquery mysql_query("SELECT Password FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $access_lvlq mysql_query("SELECT Access_Level FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $useridq mysql_query("SELECT ID FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'"); 
    But now it says that my password is always wrong;

    CODE:
    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <link href="../includes/site.css" rel="stylesheet" type="text/css" />
    </head>
    <body>

    <?
    session_start();
    // MySQL init and functions
    include("../includes/config.inc.php");
    mysql_connect($host$username,$password) or die('<span class="errors">Can\'t connect to the database</span>');
    mysql_select_db($database);

    // Site title
    $titleresultq mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='SiteTitle'");
    while (
    $titleresulta mysql_fetch_array($titleresultq)) {
    $sitetitle $titleresulta[Text];
    }

    // Footer text
    $footer mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='Footer'");
    while (
    $footertext mysql_fetch_array($footer)) {
    $footer_text $footertext[Text];
    }

    function 
    initiate_session($userid$name$access_lvl) {
    include(
    "../includes/config.inc.php");
    $titleresultq mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='SiteTitle'");
    while (
    $titleresulta mysql_fetch_array($titleresultq)) {
    $_SESSION[$titleresulta[Text]]['name'] = $name;
    $_SESSION[$titleresulta[Text]]['access_lvl'] = $access_lvl;
    $_SESSION[$titleresulta[Text]]['userid'] = $userid;
    }
    header("Location: index.php");
    }
    ?>

    <div id="menu">
    <img class="logo" src="../images/logo.gif" alt="Logo"/>
            <?
    $menuresult 
    mysql_query("SELECT * FROM " $dbprefix "_pages ORDER BY rank ASC");
    while (
    $menu mysql_fetch_array($menuresult)) {
    if (
    $menu[fullscreen] == 0) {
    echo 
    '<a href="../index.php?page=' $menu[ID] . '">' $menu[Name] . '</a><br />';
    } else {
    echo 
    '<a href="../' $menu[URL] . '">' $menu[Name] . '</a><br />';
        }
    }
    if (isset(
    $_SESSION[$sitetitle]['userid'])) {
    echo 
    '<br /><a href="logout.php" class="negative">Logout</a><br />';
    }
            
    ?>
    </span></div>

    <div id="body">
    <?
    echo "<title>" $sitetitle " :: AdminCP</title>";
    echo 
    "<center><h3>AdminCP</h3></center>";

    if (isset(
    $_SESSION[$sitetitle]['userid'])) {
    echo 
    "YES";
    } else {

    if(isset(
    $_POST['Login']))
    {

    $usrnamequery mysql_query("SELECT Name FROM " $dbprefix "_users");
    $pswdquery mysql_query("SELECT Password FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $access_lvlq mysql_query("SELECT Access_Level FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    $useridq mysql_query("SELECT ID FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
    while (
    $usrnamea mysql_fetch_array($usrnamequery)) {

    if (
    strtolower($usrnamea['Name']) != strtolower($_POST['usrname'])) {
    echo 
    '<span class="errors">The username that you entered is not found in the database</span>';
    echo 
    '<br /><a href="index.php">Back</a>';
    echo 
    '<br /> <br /> <hr align="center" />';
    $footer mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='Footer'");
    die(
    "<center><b>" $footer_text "</b></center>");
        }
    }
    $hashpswd sha1($pswdsalt) . sha1($_POST['pswd']);
    while(
    $pswda mysql_fetch_array($pswdquery)) {
    if (
    strtolower($hashpswd) == strtolower($pswda['Password'])) {
    while (
    $access_lvla mysql_fetch_array($access_lvlq)) {
    while (
    $userida mysql_fetch_array($useridq)) {

    initiate_session($userida['ID'], $_POST['usrname'], $access_lvla['Access_Level']);

        }
    }
    } else {
    echo 
    '<span class="errors">The password you entered does not match the one in the database</span>';
    echo 
    '<br /><a href="index.php">Back</a>';
    echo 
    '<br /> <br /> <hr align="center" />';
    $footer mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='Footer'");
    die(
    "<center><b>" $footer_text "</b></center>");
    }
    }
    } else {

    echo 
    '
    <form id="form1" name="form1" method="post" action="">
      <label>Username:
      <input type="text" name="usrname" />
      </label>
      <p>
        <label>Password:
        <input type="password" name="pswd" />
        </label>
      </p>
      <p>
        <label></label>
        <input type="submit" name="Login" value="Login" />
        <label>
        <input type="reset" name="Reset" value="Reset" />
        </label>
      </p>
    </form>'
    ;
    }
    }
    echo 
    '<br /> <br /> <hr align="center" />';
    $footer mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='Footer'");
    echo 
    "<center><b>" $footer_text "</b></center>";
            
    ?>
    </div>

    </body>
    </html>
    Last edited by Diod; 01-04-2006 at 08:06 PM.

  • #13
    New Coder
    Join Date
    Dec 2005
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Fixed:

    I had to do the if like this:

    PHP Code:
    for ($i 1$i <= count($usrnamea['Name']); $i++) {

    if (
    strtolower($usrnamea['Name']) != strtolower($_POST['usrname']) && $i == count($usrnamea['Name'])) { 

  • #14
    New Coder
    Join Date
    Dec 2005
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Still doesnt work :/

    Code:

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <link href="../includes/site.css" rel="stylesheet" type="text/css" />
    </head>
    <body>

    <?
    session_start();
    // MySQL init and functions
    include("../includes/config.inc.php");
    mysql_connect($host$username,$password) or die('<span class="errors">Can\'t connect to the database</span>');
    mysql_select_db($database);

    // Site title
    $titleresultq mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='SiteTitle'");
    while (
    $titleresulta mysql_fetch_array($titleresultq)) 
    {
    $sitetitle $titleresulta[Text];
    }

    // Footer text
    $footer mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='Footer'");
    while (
    $footertext mysql_fetch_array($footer)) 
    {
    $footer_text $footertext[Text];
    }

    function 
    initiate_session($userid$name$access_lvl
    {
    include(
    "../includes/config.inc.php");
    $titleresultq mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='SiteTitle'");
    while (
    $titleresulta mysql_fetch_array($titleresultq)) 
          {
    $_SESSION[$titleresulta[Text]]['name'] = $name;
    $_SESSION[$titleresulta[Text]]['access_lvl'] = $access_lvl;
    $_SESSION[$titleresulta[Text]]['userid'] = $userid;
          }
    header("Location: index.php");
    }

    function 
    val_login($username$password)
    {
          if(
    val_user($username)) 
          {
                if (
    val_password($username$password))
                {
                return 
    true;
                }
                else
                {
                return 
    false;
                }
          }
    }

    function 
    val_user($username)
    {
    include(
    "../includes/config.inc.php");
    $usrnamequery mysql_query("SELECT Name FROM " $dbprefix "_users");
    while (
    $usrnamea mysql_fetch_array($usrnamequery))
          {
          return 
    true;
          }
    }

    function 
    val_password($username$password)
    {
    include(
    "../includes/config.inc.php");
    $pswdquery mysql_query("SELECT Password FROM " $dbprefix "_users WHERE Name='" $username "'");
    $hashpswd sha1($pswdsalt) . sha1($password);
          while (
    $pswda mysql_fetch_array($pswdquery))
          {
                if (
    $pswda['Password'] == $hashpswd
                {
                return 
    true;
                }
                else
                {
                return 
    false;
                }
          }                               
    }
    ?>

    <div id="menu">
    <img class="logo" src="../images/logo.gif" alt="Logo"/>
            <?
    $menuresult 
    mysql_query("SELECT * FROM " $dbprefix "_pages ORDER BY rank ASC");
    while (
    $menu mysql_fetch_array($menuresult)) {
    if (
    $menu[fullscreen] == 0) {
    echo 
    '<a href="../index.php?page=' $menu[ID] . '">' $menu[Name] . '</a><br />';
    } else {
    echo 
    '<a href="../' $menu[URL] . '">' $menu[Name] . '</a><br />';
        }
    }
    if (isset(
    $_SESSION[$sitetitle]['userid'])) {
    echo 
    '<br /><a href="logout.php" class="negative">Logout</a><br />';
    }
            
    ?>
    </span></div>

    <div id="body">
    <?
    echo "<title>" $sitetitle " :: AdminCP</title>";
    echo 
    "<center><h3>AdminCP</h3></center>";

    if (isset(
    $_SESSION[$sitetitle]['userid'])) {
    echo 
    "YES";
    } else {

    if(isset(
    $_POST['Login']))
        {

    if (
    val_login($_POST['usrname'], $_POST['pswd']))
    {
    $sessvarsq mysql_query("SELECT ID, Access_Level FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
          while (
    $sessvarsa mysql_fetch_array($sessvarsq))
          {
          
    initiate_session($sessvarsa['ID'], $username$sessvarsa['access_lvl']);
          }
    }
    else
    {
    echo 
    '<span class="errors">The login information you entered does not match the one in the database</span>';
    echo 
    '<br /><a href="index.php">Back</a>';
    echo 
    '<br /> <br /> <hr align="center" />';
    die(
    "<center><b>" $footer_text "</b></center>");
    }

    } else {
    echo 
    '
    <form id="form1" name="form1" method="post" action="">
      <label>Username:
      <input type="text" name="usrname" />
      </label>
      <p>
        <label>Password:
        <input type="password" name="pswd" />
        </label>
      </p>
      <p>
        <label></label>
        <input type="submit" name="Login" value="Login" />
        <label>
        <input type="reset" name="Reset" value="Reset" />
        </label>
      </p>
    </form>'
    ;
        }
    }
    echo 
    '<br /> <br /> <hr align="center" />';
    echo 
    "<center><b>" $footer_text "</b></center>";
            
    ?>
    </div>

    </body>
    </html>

  • #15
    New Coder
    Join Date
    Dec 2005
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Still doesnt work :/
    I wouldnt know how to check the username against every usrname in the database

    Code:

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <link href="../includes/site.css" rel="stylesheet" type="text/css" />
    </head>
    <body>

    <?
    session_start();
    // MySQL init and functions
    include("../includes/config.inc.php");
    mysql_connect($host$username,$password) or die('<span class="errors">Can\'t connect to the database</span>');
    mysql_select_db($database);

    // Site title
    $titleresultq mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='SiteTitle'");
    while (
    $titleresulta mysql_fetch_array($titleresultq)) 
    {
    $sitetitle $titleresulta[Text];
    }

    // Footer text
    $footer mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='Footer'");
    while (
    $footertext mysql_fetch_array($footer)) 
    {
    $footer_text $footertext[Text];
    }

    function 
    initiate_session($userid$name$access_lvl
    {
    include(
    "../includes/config.inc.php");
    $titleresultq mysql_query("SELECT * FROM " $dbprefix "_site WHERE Name='SiteTitle'");
    while (
    $titleresulta mysql_fetch_array($titleresultq)) 
          {
    $_SESSION[$titleresulta[Text]]['name'] = $name;
    $_SESSION[$titleresulta[Text]]['access_lvl'] = $access_lvl;
    $_SESSION[$titleresulta[Text]]['userid'] = $userid;
          }
    header("Location: index.php");
    }

    function 
    val_login($username$password)
    {
          if(
    val_user($username)) 
          {
                if (
    val_password($username$password))
                {
                return 
    true;
                }
                else
                {
                return 
    false;
                }
          }
    }

    function 
    val_user($username)
    {
    include(
    "../includes/config.inc.php");
    $usrnamequery mysql_query("SELECT Name FROM " $dbprefix "_users");
    while (
    $usrnamea mysql_fetch_array($usrnamequery))
          {
          return 
    true;
          }
    }

    function 
    val_password($username$password)
    {
    include(
    "../includes/config.inc.php");
    $pswdquery mysql_query("SELECT Password FROM " $dbprefix "_users WHERE Name='" $username "'");
    $hashpswd sha1($pswdsalt) . sha1($password);
          while (
    $pswda mysql_fetch_array($pswdquery))
          {
                if (
    $pswda['Password'] == $hashpswd
                {
                return 
    true;
                }
                else
                {
                return 
    false;
                }
          }                               
    }
    ?>

    <div id="menu">
    <img class="logo" src="../images/logo.gif" alt="Logo"/>
            <?
    $menuresult 
    mysql_query("SELECT * FROM " $dbprefix "_pages ORDER BY rank ASC");
    while (
    $menu mysql_fetch_array($menuresult)) {
    if (
    $menu[fullscreen] == 0) {
    echo 
    '<a href="../index.php?page=' $menu[ID] . '">' $menu[Name] . '</a><br />';
    } else {
    echo 
    '<a href="../' $menu[URL] . '">' $menu[Name] . '</a><br />';
        }
    }
    if (isset(
    $_SESSION[$sitetitle]['userid'])) {
    echo 
    '<br /><a href="logout.php" class="negative">Logout</a><br />';
    }
            
    ?>
    </span></div>

    <div id="body">
    <?
    echo "<title>" $sitetitle " :: AdminCP</title>";
    echo 
    "<center><h3>AdminCP</h3></center>";

    if (isset(
    $_SESSION[$sitetitle]['userid'])) {
    echo 
    "YES";
    } else {

    if(isset(
    $_POST['Login']))
        {

    if (
    val_login($_POST['usrname'], $_POST['pswd']))
    {
    $sessvarsq mysql_query("SELECT ID, Access_Level FROM " $dbprefix "_users WHERE Name='" $_POST['usrname'] . "'");
          while (
    $sessvarsa mysql_fetch_array($sessvarsq))
          {
          
    initiate_session($sessvarsa['ID'], $username$sessvarsa['access_lvl']);
          }
    }
    else
    {
    echo 
    '<span class="errors">The login information you entered does not match the one in the database</span>';
    echo 
    '<br /><a href="index.php">Back</a>';
    echo 
    '<br /> <br /> <hr align="center" />';
    die(
    "<center><b>" $footer_text "</b></center>");
    }

    } else {
    echo 
    '
    <form id="form1" name="form1" method="post" action="">
      <label>Username:
      <input type="text" name="usrname" />
      </label>
      <p>
        <label>Password:
        <input type="password" name="pswd" />
        </label>
      </p>
      <p>
        <label></label>
        <input type="submit" name="Login" value="Login" />
        <label>
        <input type="reset" name="Reset" value="Reset" />
        </label>
      </p>
    </form>'
    ;
        }
    }
    echo 
    '<br /> <br /> <hr align="center" />';
    echo 
    "<center><b>" $footer_text "</b></center>";
            
    ?>
    </div>

    </body>
    </html>
    Whoops it seems i accidently posted this twice when editing


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •