Session variables 2

[trufla]

Hi Guys!

I have created a login page in php and session variables that would hopefully record username, password and the Usergroup.

The idea is that a user logs in (attached to their record in the database is a "Usergroup" field specifying either "admin" or "visitor" values) and is restricted access to certain pages/or granted access based on the value of their "Usergroup".

The problem I have is that the session variables that are created from the log in are insufficient. They look like this:

MM_Username|N;MM_UserGroup|N;

There are no values attached to them and the Usergroup and it's value are not present.

This means that the whole login is useless, and I cannot restrict/grant access to users.

I don't know how to rectify this.

could someone help?

<?php
session_start();
?>
<?php require_once('../Connections/XXXXX.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "Usergroup";
  $MM_redirectLoginSuccess = "successful.php";
  $MM_redirectLoginFailed = "failed.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_XXXX, $XXXX);
  	
  $LoginRS__query=sprintf("SELECT Email, Password, Usergroup FROM users WHERE Email='%s' AND Password='%s'",
  get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $gymtvdb) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'Usergroup');
    
    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
    $GLOBALS['MM_UserGroup'] = $loginStrGroup;	      

    //register the session variables
    session_register("MM_Username");
    session_register("MM_UserGroup");

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL unfurl="true"]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/URL]
<html xmlns="[URL unfurl="true"]http://www.w3.org/1999/xhtml">[/URL]
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>

 

[ingresman]

Couple of things.
You might want to tidy up the <?php tags at the top some of which are not required.
Remove the superflous second call to session_start();
The use of session_register is not promoted any more, use this format:

$_SESSION["MM_username"]=$loginUsername;

I'd remove all the stuff where your putting things into $GLOBALS.
Try thses things and see what is going into session then, just a quick look yiur storing the database values which looks to be the right thing.
Come back after these changes and we'll go from there
ok ?

 

[trufla]

I think you maybe on to somthing here!

Ok, I made the changes you suggested I got rid of GLOBALS and altered session_register to $SESSION.

This is how the session variable read:

MM_username|s:19:"tru@fla.co.uk";MM_userGroup|N;

It's storing the username but not the userGroup. I think I forgot to register "password" as a session variable.

I am going to do this:

$_SESSION["MM_password"]= $password;


This is my code so far

<?php require_once('../Connections/XXXX.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "Usergroup";
  $MM_redirectLoginSuccess = "successful.php";
  $MM_redirectLoginFailed = "failed.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_XXXX, $XXXX);
  	
  $LoginRS__query=sprintf("SELECT Email, Password, Usergroup FROM users WHERE Email='%s' AND Password='%s'",
  get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $XXXX) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'Usergroup');
    
   

    //register the session variables
   $_SESSION["MM_username"]=$loginUsername;
   $_SESSION["MM_password"]= $password;
   $_SESSION["MM_userGroup"]=$loginstrGroup;

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL unfurl="true"]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/URL]
<html xmlns="[URL unfurl="true"]http://www.w3.org/1999/xhtml">[/URL]
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>

<h1>Home</h1>
<p><a href="home.php">Home</a><br>
  <a href="news.php">News</a><br>
  <a href="releases.php">Releases</a><br>
  <a href="comps.php">comps</a><br>
  <a href="scrolling.php">Scrolling Messages </a>
</p>
<p>&nbsp;</p>
<form name="login_frm" id="login_frm" method="POST" action="<?php echo $loginFormAction; ?>">
  <p>Login</p>
  <p>Username
    <input name="username" type="text" id="username" />
  </p>
  <p>Password     
    <input name="password" type="text" id="password" />
</p>
  <p>
    <input type="submit" name="Submit" value="Submit" />
</p>
</form>
<p>&nbsp;</p>
</body>
</html>

 

[trufla]

Ok, that partially worked!

This is now my session variable:

MM_username|s:19:"tru@fla.co.uk";MM_userGroup|N;MM_password|s:8:"beagle";

So there is a problem with the userGroup session variable. Uuummmmmm.....interesting. Back in a min!

 

[trufla]

Is GLOBALS, session_register deprecated ingresman?

I checked out php.net and I thought they were bandied about the site.

Or was I just using code incorrectly as usual?

 

[ingresman]

Some one will come up with chapter and verse but the recomneded way is to use $_SESSION or at the very least not to mix the styles. I cant remember the reason, but hey glad its coming together

 

[sleipnir214]

session_register() goes hand-in-hand with having register_globals set to "on".

Read the Caution blocks in the PHP online manual entry for the function.


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[trufla]

ok guys I thought there might be a problem with my login query so I had a tweak but no change. The value of the usergroup is not being pulled out of the database.

Session variable and values:

MM_username|s:19:"tru@fla.co.uk";
MM_password|s:8:"beagle
MM_userGroup|s:9:"Usergroup";

What am I doing wrong peeps?

<?php require_once('../Connections/gymtvdb.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "Usergroup";
  $MM_redirectLoginSuccess = "successful.php";
  $MM_redirectLoginFailed = "failed.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_gymtvdb, $gymtvdb);
  	
  $LoginRS__query=sprintf("SELECT Email, Password, Usergroup FROM users WHERE Email='%s' AND Usergroup='%s' AND Password='%s'",
  get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password) ,
  get_magic_quotes_gpc() ? $MM_fldUserAuthorization : addslashes($MM_fldUserAuthorization)); 
   
  $LoginRS = mysql_query($LoginRS__query, $gymtvdb) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'Usergroup');
    
   

    //register the session variables
   $_SESSION["MM_username"]=$loginUsername;
   $_SESSION["MM_password"]= $password;
   $_SESSION["MM_userGroup"]= $MM_fldUserAuthorization;

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[URL unfurl="true"]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[/URL]
<html xmlns="[URL unfurl="true"]http://www.w3.org/1999/xhtml">[/URL]
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>

<h1>Home</h1>
<p><a href="home.php">Home</a><br>
  <a href="news.php">News</a><br>
  <a href="releases.php">Releases</a><br>
  <a href="comps.php">comps</a><br>
  <a href="scrolling.php">Scrolling Messages </a>
</p>
<p>&nbsp;</p>
<form name="login_frm" id="login_frm" method="POST" action="<?php echo $loginFormAction; ?>">
  <p>Login</p>
  <p>Username
    <input name="username" type="text" id="username" />
  </p>
  <p>Password     
    <input name="password" type="text" id="password" />
</p>
  <p>
    <input type="submit" name="Submit" value="Submit" />
</p>
</form>
<p>&nbsp;</p>
</body>
</html>

 

[ingresman]

should

$_SESSION["MM_userGroup"]= $MM_fldUserAuthorization

be

$_SESSION["MM_userGroup"]= $loginStrGroup

 

[trufla]

Yeah I thought that! I tried that first, but the variable Usergroup is still empty in the session.


MM_username|s:19:"tru@fla.co.uk";
MM_password|s:8:"beagle
MM_userGroup|n;

 

[trufla]

Wait, I got it!!!!!!!!!!!!!!!!! Woooooo hooooooo!

 

[ingresman]

yes and.....

 

[Muppsy007]

Gee thanks for posting the solution trufla.

 

[Olavxxx]

lol

Olav Alexander Mjelde

http://www.volvo-power.net

Admin & Webmaster