any chance someone can look at this for me please

Accurax · #1 Dec 7th, 2006, 12:02

Ive got a little problem with my sessions, let me explain what im doing and maybe someone can see where im going wrong here..... as allways ... thanks in advance.

Ok, i have 3 pages .... login.php, checkuser.php & secretpage.php

basically, a user will fill in there username and password in login.php and then checkuser.php will make sure everythings in order, and then they should be allowed to veiew secretpage.php .... simple eh?

ok heres login.php, its actually a simple htm file, its only still got the php extension because i was playing with it earlier.

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<form method="POST" action="checkuser.php">
  <input type="text" name="username" />
 User name 
 <p>
    <input type="text" name="password" />
  Password</p>
  <p>
    <input type="submit" name="Submit" value="Submit" />
  </p>
</form>
</body>
</html>

And heres checkuser.php

Code: Select all

<?php
session_start();
include("Vars.inc");


$connection=mysql_connect($host, $user, $passwd)
        or die ("Could not connect !");
$db = mysql_select_db($database, $connection)
        or die ("Could not connect to Database");

$username = $_POST['username'];
$password = $_POST['password'];
$pass = md5($password);

$query = "SELECT password FROM customer WHERE user_name='$username'";
$result = mysql_query($query)
        or die ("could not find user");
$row = mysql_fetch_array($result);

if ($pass == $row['password'] )
{
    session_register("auth");
    @$_SESSION['auth'] = "yes";
    echo "login successfull<br />";
}
else
{
    echo "invalid password<br />";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<ul>
<li><a href="secretpage.php">secret page</a></li>
</ul>
</body>
</html>

Pretty straigh forward.... the above 2 files work perfectly, the problem comes when i want to access further secure pages, such as secretpage.php

heres secretpage.php at the momnent

Code: Select all

<?php
session_start();
if ( @$SESSION['auth'] != "yes" )
    {
        header("location: hacker.php");
        exit();
    }
else
    {
        echo "You are now logged in!";
    }
    
?>
<html>
<head><title>Secret Page </title></head>
<body>

This is my testing secret page.
</body></html>

At the moment all i can manage to do is get thrown out towards hacker.php .... which is clearly not what i want here.

I know its something to do with the way im handleing the sessions...... any idea's please??

Accurax · #2 Dec 7th, 2006, 13:05

its ok i got it.... I missed a damn underscore.... lol

JacobHaug · #3 Dec 8th, 2006, 00:14

hahaha...they are really important...lol

Ryan Fait · #4 Dec 9th, 2006, 22:30

I see that.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
50% transparent png with PHP... no chance?	Lucleonhart	PHP Forum	3	Feb 26th, 2008 21:59
Second Chance Sunday(Monday)	acrikey	Webforumz Cafe	10	May 30th, 2007 16:42

		Webforumz.com > Main Forums > Program Your Website > PHP Forum
any chance someone can look at this for me please