Jump to content
xisto Community
Sign in to follow this  
mwbouwkamp

Login Script

Recommended Posts

I am using the following code as a login page. I try to start by checking if a session already exists so that people don't have to login each time. The problem is that it is just being ignored. How do I check if a session is already set?

if (isset($_SESSION['loginname'])){ print('you were already logged in');}else{ if (submit) {  list($users,$passwords,$accounttypes)=GetCurrentUsers($user,$password,$accounttype);  $nologin=1;  for ($i=0;$i<sizeof($users);$i++)  {   if (($users[$i]==$loginname) and ($passwords[$i]==crypt($loginpassword,$passwords[$i])))   {	$nologin=0;   }  } } if ($nologin==0) {     session_start();  $_SESSION['loginname']=$loginname;  print('you are logged in'); } else {  print('<form>');   print('<br />Username: <input type="text" name="loginname" size="20">');  print('<br />Password: <input type="password" name="loginpassword" size="20">');  print('<br /><input type="submit" name="submit" value="login">');  print('</form>'); }}

Notice from BuffaloHELP:
Use proper bbcode

Share this post


Link to post
Share on other sites

Hum it all seems a little complicated to me so ill show the code for my login script ive used before and see if it is of any use to you.

this is as i remember it anyway...

<?SESSION_start();if($_SESSION[loggedin] == "1"){// any code to be executed when logged in.else{//anything to do if they arent logged in, usually an error message or login page redirection.};

to check sessions i used a seperate php file that was included on every login protected page including the login page, the session script set a variable which i used in the login page something like
if($loggedin == "1"){ echo "you are logged in already";}else{echo <HTML>login page data</HTML>";};

it worked for me!

ive only used sessions once so its fairly basic but i tried basic attempts at bypassing it and i couldnt. However there was an issues with using session_start(); to continue a session which you should check out on http://phpsec.org/ i cant remember it so its probably best you read it, its in the articles section if i remember rightly.

Share this post


Link to post
Share on other sites

I am not doing much different. My script can be summarized as:

 

if (isset($_SESSION['loginname']))

{

you are already logged in

}

else

{

if (submit)

{

check if the password and username are valid and if so, you are logged in

}

else

{

print the form to login

}

}

 

The problem is that the first line "if (isset($_SESSION['loginname'])" that is supposed to check if there is a login name in the current session is always returning false, even if there is a session with a loginname in there.

 

~M

Share this post


Link to post
Share on other sites

I have googled this issue a little and it seems that I should start my entire script with "session_start()". The problem is, though, that it regenerates a NEW session, instead of using the old one.
~M


Yes for the session global variables to be avaliable you need to use session_start() im not sure if it was the way my script was set out that allowed it to keep track of sessions basically it is this:

include("check.php");if($_SESSION['loggedin'] == "1"){//if user is logged in make html content}else {//give an error}

check .php was the only page where i used session_start so perhaps because it was controlled on one page it kept track of things. Otherwise it could be a problem with the installation you as using as youmight need to fiddle with directories to allow sessions to be stored and/or make sure cookies are enabled. I dont see a problem with the script myself as i thought that session_start simply brought back the global array $_SESSION[' '] for use and to overwrite a session you had to destroy it first. Check that you have a "tmp" or "temp" or similar directory in your server root, if using a hosting company it shouldnt be a problem but if using a development environment it might need tampering as if this directory exsists sessions cant be saved on the web server and this could cause problems if the ini file says that all sessions must be saved on the server.

but other than that im afraid i dont know what to say, like i said ive not had much experience with sessions :) Good luck though

Share this post


Link to post
Share on other sites

Well session_start() must be the first thing you must call before any headers are outputed.If headers are first called before the session_start() function is called it would result in an E_WARNING level error.Your present script does not contain this function in the beginning resulting in this false return.Also I would like to add that Sessions are stored on the Server itself in a file or if you want in a Database like MySQL and the client is recognised by means of a SESSION ID that is transmitted through either the cookies on the Client side or through the URL using the GET Method. So if the user has no COOKIES Enbled it would again result in the failure of your script.Well this is just part of all the Security concerns and when sessions could fail.Hope this info helped.

Share this post


Link to post
Share on other sites

My script now starts with "session_start()". The problem is, that each time I reload the page, it makes a new session instead of using the information of the old session. I have php and mysql installed locally on my computer and there is a session file created in my session directory. The problem is, that its excistence is ignored. Also, accepting cookies is enabled.~M

Share this post


Link to post
Share on other sites

You have to consider checking if there are old sessions stored if no old sessions are stored then it is time to create a new session. IMHO, your script generates a new session everytime it loads.

like:

if(empty($_SESSION['new_login']) && isset($_SESSION['old_login'])   $_SESSION['new_login'] = $_SESSION['old_login'];

Something like that.

Notice from BuffaloHELP:
Use the proper bbcode!

Share this post


Link to post
Share on other sites

Just for "fun" I switched on the warnings and I got the following warning:

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at c:\program files\easyphp1-8\www\chembase\login.php:7) in c:\program files\easyphp1-8\www\chembase\login.php on line 8

Even if I move the "session_start()" to the top of the page and it is the first php command (you can see from the warning that it is on line 8), I still get this warning.

~M

Notice from BuffaloHELP:
Use the proper bbcode and do not sign off with every post. We all can see who made the reply.

Share this post


Link to post
Share on other sites

try something like this..

<?session_start();if (isset($_SESSION['loginname'])){you are already logged in}else if ($_POST[submit]){check if the password and username are valid and if so, you are logged in}else{print the form to login}?>


Hope this work.. if not then message me again..

dedesigns

Notice from BuffaloHELP:
Use the proper bbcode and refrain from signing off with every post you make.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.