Since most of you are rather experienced in PHP, I figured you might know why this doesn't work. It above the HTML tag of all protected pages, and the pages are protected despite whether the password is correct or incorrect. Also, I want to have it as an include file but when I tried that the invalidlogin page was displayed followed by the protected page :-(... why would the exit command not stop the loading? Please help me out. If you want to see the result visit http://crosse5.com/members/dying.php and use test as the username and pass as the password. Thanks in advance.....

Or if you know of any working ones that don't have advertisements on them please let me know.


<?php

if (action == "login") {
if ((isset($PHP_AUTH_USER)) && (isset($PHP_AUTH_PW))) {
// Connect to MySQL
mysql_connect('localhost', 'user', 'pwpw')
or die ('Unable to connect to server.');

// Select database on MySQL server

mysql_select_db('database')
or die ('Unable to select database.');

// Formulate the query

$sql = "SELECT * FROM users WHERE
username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW'";

// Execute the query and put results in $result

$result = mysql_query($sql)
or die ('Unable to execute query.');

// Get number of rows in $result.

$num = mysql_numrows($result);

if ($num != 0)
{
$auth = true;
setcookie("id","$PHP_AUTH_USER",time()+14400,"/",".crosse5.com",0);
setcookie("pass","$PHP_AUTH_PW",time()+14400 ,"/",".crosse5.com",0);
} else {
include ('http://crosse5.com/members/invalidlogin.php');
exit();
}
} else {
include ('http://crosse5.com/members/invalidlogin.php');
exit();
}
} elseif (action == "logout") {
setcookie("id","",time()+14400,"/",".crosse5.com",0);
setcookie("pass","",time()+14400,"/",".crosse5.com",0);
include ('http://crosse5.com/members/invalidlogin.php');
exit();
} else {
if ((isset($id)) && (isset($pass))) {
$PHP_AUTH_USER = $HTTP_COOKIE_VARS["id"];
$PHP_AUTH_PW = $HTTP_COOKIE_VARS["pass"];
// Connect to MySQL

mysql_connect('localhost', 'user', 'pwpw')
or die ('Unable to connect to server.');

// Select database on MySQL server

mysql_select_db('database')
or die ('Unable to select database.');

// Formulate the query

$sql = "SELECT * FROM users WHERE
username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW'";

// Execute the query and put results in $result

$result = mysql_query($sql)
or die ('Unable to execute query.');

// Get number of rows in $result.

$num = mysql_numrows($result);

if ($num != 0) {
$auth = true;
// A matching row was found - the user is authenticated.
setcookie("id","$PHP_AUTH_USER",time()+14400,"/",".crosse5.com",0);
setcookie("pass","$PHP_AUTH_PW",time()+14400 ,"/",".crosse5.com",0);
} else {
$auth = false;
include ('http://crosse5.com/members/invalidlogin.php');
exit();
}
}
else {
$auth = false;
include ('http://crosse5.com/members/invalidlogin.php');
exit();
}
}
?>

Hiya,

I currently can't have a look at your code because of lack of time but I can give you my session login stuff... it works fine for me:

index.php

<?
require('session.inc.php');
session_write_close();

include ("../config.inc");

?>
<html>

FRAMESETS BEING LOADED
</html>


login.php

<?php
$current_page = 'login';
require('session.inc.php');

if ($submit)
{
include ("../config.inc");

//connect
mysql_connect( "localhost", "$username", "$password") or die( "Unable to connect to server!");
mysql_select_db( "$db_name") or die( "Unable to select database");

//some select queries for registering global variables and verifying user
$query = "SELECT id_member, vulgo, pass, status FROM members where vulgo='$vulgo'";
$insert = MYSQL_QUERY($query);
$number = MYSQL_NUMROWS($insert);

if($number != 0) {

$i = 0;
$id_member = mysql_result($insert,$i,"id_member");
$vulgo_db = mysql_result($insert,$i,"vulgo");
$password_db = mysql_result($insert,$i,"pass");
$status = mysql_result($insert,$i,"status");

if ($pass == $password_db) {

$s_valid_user = true;
$s_login = $vulgo_db;
$s_member_id = $id_member;
$s_status = $status;

Header('Location: index.php');
exit;
}}}

?>

<body bgcolor="#FFFFFF"><br><br>

<form method="post" action="<? echo $PHP_SELF; ?>">
Username: <input type="text" name="vulgo" size="40">
Password: <input type="password" name="pass" size="40">
<input type="submit" name="submit" value="Login">
</form>


logout.php

<?
session_start();

session_destroy();

session_unset(); // just in case. though dont really need it.

Header('Location:index.php');
exit;;

?>


session.inc.php

<?php

session_start();
session_register('s_valid_user'); // =true or =false|[empty]
session_register('s_member_id');
session_register('s_login');
session_register('s_status');

if ( ($s_valid_user == false) && ($current_page != 'login'))
{
Header('Location: http://members.montepacis.com/login.php');
exit;
}



?>


The following code will be entered to all protected sites (make sure relative path is right):

<?
require('../session.inc.php');
session_write_close();



Hope this helps working out where you got your problem!

thanks a ton, once i get back from lacrosse (the greatest sport) practice i will give them a run.

Daniel

i have been having a hard time decrypting your code. what is in the status section of the database? i dont see the config.inc file you have listed as an include.

Hiya,

well, the config.inc doesn't have any real intersting code... just some pre-defined parameters. I just named it config.inc because I can store it outside the www folder in my root account.

config.inc

<?

//Global variables:
$username = ""; // Username for database here
$password = ""; // Password for database here
$db_name = ""; //name of your database here
$my_email = ""; // Enter your email address
$subject = ""; // Enter the subject of the notification email
$gbPage = "index.php"; //the main page for each service
$notify = 1; // Email notification? 1 = yes, 0 = no
$limit = 20; // Entries displayed per page
$allowHTML = 1; // To allow HTML 1 = Yes, 0 = No

//User admin:
$userindex = "index.php"; //Index page for the user administration

$sorting = "0"; // Sorting category alphabetically (else sorted by time of entry) 1 = yes, 0 = no
$table_width="100%";
$table_border="0";
$cellspacing="5";
$cellpadding="5";
$table_height="";
$table_bgcolor="";
$bordercolor="";
$td_height="20";
$td_bgcolor="";

?>


You see, not very interesting.... if you can't store it outside your www folder just better use config.inc.php and make sure name and path is correct.

Well, I did created that session system for a sorority. The status just means what status each member has in the organisation. E.g. President, Vice-President, Chief of Finances, ..... I use this to give them different rights. E.g. President and Vice-President can alter anything on their homepage... normal members without special functions can just alter their personal info and add new pictures to the image galleries...

As for the functionality:

Everytime a user wants to connect to a protected site the session.inc.php file is included.
This script starts the sessions, registers a few variables and then checks whether a valid user exists and if not and the current paga is not the login.php it gets directed there.
Notice: I did use an aboslut path because it makes things more easy with the session.inc.php file.

When the login page is called you see a form with two fields. Username and password are being entered and upon pressiong submit the script calls itself again, compares the data there with your data in the database. For the moment username is also case-sensitive!!!
When the script has done that, it registeres s_valid_user as true meaning an authorised user is on the pages.

Hope that helped.

Here is what I have for the login page........and there is a major problem. The login page doesnt load even if the $submit isnt set. I don't know why. The php code is the first thing and stops right before the <html> tag. Please help me out!

[PHP]<?php
$current_page = 'login';
require ('http://crosse5.com/members/includes/session.inc.php');

if ($submit)
{
include ("http://crosse5.com/members/includes/config.inc");

//connect
mysql_connect( "localhost", "$dbusername", "$dbpassword") or die( "Unable to connect to server!");
mysql_select_db( "$db_name") or die( "Unable to select database");

//some select queries for registering global variables and verifying user
$query = "SELECT username, password FROM users where username='$username'";
$insert = MYSQL_QUERY($query);
$number = MYSQL_NUMROWS($insert);

if($number != 0) {

$i = 0;
$username_db = mysql_result($insert,$i,"username");
$password_db = mysql_result($insert,$i,"password");

if ($password == $password_db) {

$s_valid_user = true;
$s_login = $username_db;

Header('Location: http://crosse5.com/members/index.php');
exit;
}}}

?>[PHP]

I get a 504 gateway timeout. I set all the variables in the config.inc file. Any ideas?