Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    241
    Thanks
    48
    Thanked 3 Times in 3 Posts

    Another Login Script issue

    could someone please fill me in on how to keep the session alive..

    meaning..

    I login.. no problem..
    It shows the username that is logged in..

    the problem..

    when I goto a different page within the website is stop showing the username that is logged in.. and shows the login screen again.

    Thanks in advance.

    Slayer.

  • #2
    Regular Coder
    Join Date
    Jul 2009
    Location
    Chicago, IL
    Posts
    169
    Thanks
    26
    Thanked 3 Times in 3 Posts
    Did you include session_start(); at the top of every page? That's a start. If so, please post some code.

  • #3
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    241
    Thanks
    48
    Thanked 3 Times in 3 Posts
    I have not... I guess I should..

    Thanks.. I will let ya know.

    Thanks.

  • #4
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    241
    Thanks
    48
    Thanked 3 Times in 3 Posts
    added that to 2 pages just to test..

    the index page and the page that I was clicking on to test..?

    Slayer.

  • #5
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    241
    Thanks
    48
    Thanked 3 Times in 3 Posts
    I was looking though my cookies to see if the cookie is created.. and it is not..


    but when I logout ther is one..??

    any thoughts..?

    thanks,

  • #6
    Regular Coder
    Join Date
    Jul 2009
    Location
    Chicago, IL
    Posts
    169
    Thanks
    26
    Thanked 3 Times in 3 Posts
    Could you post some of your code? It makes it a lot easier to diagnose that way.

  • #7
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,512
    Thanks
    8
    Thanked 1,090 Times in 1,081 Posts
    Slayer,
    PHP SESSIONS are stored on the server, not on the user's PC (like cookies).
    So, they are like "server cookies".

    Sessions will expire when the user closes their browser, or "logs-out", if you have
    that feature on your site. And yes, we need to see your code.

  • #8
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    241
    Thanks
    48
    Thanked 3 Times in 3 Posts
    login.php
    PHP Code:
    <?php
    session_start
    ();
    // Connects to your Database
    mysql_connect("localhost""***""***") or die(mysql_error());
    mysql_select_db("db") or die(mysql_error());

    //Checks if there is a login cookie
    if(isset($_COOKIE['ID_my_site']))

    //if there is, it logs you in and directes you to the members page

    $username $_COOKIE['ID_my_site'];
    $pass $_COOKIE['Key_my_site'];
    $check mysql_query("SELECT * FROM gsiteusers WHERE username = '$username'")or die(mysql_error());
    while(
    $info mysql_fetch_array$check )) 
    {
    if (
    $pass != $info['email'])
    {
    }
    else
    {
    header("Location: welcome.php");

    }
    }
    }

    //if the login form is submitted
    if (isset($_POST['submit'])) { // if form has been submitted

    // makes sure they filled it in
    if(!$_POST['username'] | !$_POST['email']) {
    echo 
    "You did not fill in a required field.";
    }
    // checks it against the database

    if (!get_magic_quotes_gpc()) {
    $_POST['email'] = addslashes($_POST['email']);
    }
    $check mysql_query("SELECT * FROM gsiteusers WHERE username = '".$_POST['username']."'")or die(mysql_error());

    //Gives error if user dosen't exist
    $check2 mysql_num_rows($check);
    if (
    $check2 == 0) {
    echo 
    "That user does not exist in our database. <a href='reg.php' target='middle'>Click Here to Register</a>";
    }
    while(
    $info mysql_fetch_array$check )) 
    {
    $_POST['email'] = stripslashes($_POST['email']);
    $info['email'] = stripslashes($info['email']);
    $_POST['email'] = md5($_POST['email']);

    //gives error if the password is wrong
    if ($_POST['email'] != $info['email']) {
    echo 
    "Incorrect email, please try again.";
    }

    else
    {

    // if login is ok then we add a cookie 
    $_POST['username'] = stripslashes($_POST['username']);
    $hour time() + 3600;
    setcookie(ID_my_site$_POST['username'], $hour);
    setcookie(Key_my_site$_POST['email'], $hour);

    //then redirect them to the members area 
    echo "Welcome, <font color=red><b>".$_POST['username']."</b></font> to the Slayer's Intranet";
    echo 
    "<br><a href=\"syslogin/logout.php\">Logout</a>";
    header("Location: notwelcome.php");
    }
    }
    }
    else 
    {

    // if they are not logged in 
    ?>
    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    <table border="0">
    <tr><td colspan=2><h1></h1></td></tr>
    <tr><td>Name:</td><td>
    <input type="text" name="username" size="10" maxlength="40">
    </td></tr>
    <tr><td>Email:</td><td>
    <input type="text" name="email" size="10" maxlength="50">
    </td></tr>
    <tr><td colspan="2" align="right">
    <input type="hidden" name="date" value="date">
    <input type="submit" name="submit" value="Login">
    </td></tr>
    </table>
    </form>
    <?php
    }

    ?>
    logout.php
    PHP Code:
    <?php
    header
    ('Location: index.php');
    $past time() - 100;
    //this makes the time in the past to destroy the cookie 
    setcookie(ID_my_sitegone$past); 
    setcookie(Key_my_sitegone$past); 

    ?>
    If need be I could send you the link to the site with a temp password and username to see what is happening.

    Thanks again.. in advance.

    Slayer.

  • #9
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,512
    Thanks
    8
    Thanked 1,090 Times in 1,081 Posts
    It's too bad they are only using cookies for this ...
    I think it poses a big security issue.

    Normally, SESSIONS are used for the login, and if there is a checkbox to
    "remain logged-in", that alone uses a cookie that validates against the database,
    and a session is established. The cookie really does nothing except tell the script
    that the user has permission to establish a session.

    Too many changes required to convert your script.
    I really recommend you find a newer, more secure "membership" script.

    To answer your question though, EVERY page you have needs to have the whole
    upper part of the script that opens the database, reads, checks cookie, etc.
    A whole lot of processing when simple SESSIONS could be used instead.

    Sorry I don't have a better answer, but that's the scoop.

  • #10
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    241
    Thanks
    48
    Thanked 3 Times in 3 Posts
    Thanks for the input..

    I have no issues with what you have to say.. I will always take what you have to say as knowledge.

    I would love it if you could lead me down the path to a new and more secure heading.

    Thanks, Slayer.

  • #11
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    241
    Thanks
    48
    Thanked 3 Times in 3 Posts
    Thank you all for your help.

    I found a solution and have now got it implemeted.

    Slayer.

  • #12
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,512
    Thanks
    8
    Thanked 1,090 Times in 1,081 Posts
    Slayer ...
    For others viewing this thread,
    what was the solution?
    Did you find another script?

  • #13
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    241
    Thanks
    48
    Thanked 3 Times in 3 Posts
    Yes I found another script that would allow me to get what was needed after you told me that the current script was not what I was looking for.

    when I get home tonight I will post the script.

    if that is okay..

    thanks, Slayer

  • #14
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,512
    Thanks
    8
    Thanked 1,090 Times in 1,081 Posts
    Yea ... or post the link to it.
    There might be some others on here who have the same issue as you had.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •