0
I am trying to create a self-written PHP/mySQL membership script with sessions for security. I think I have the login part working successfully but I'm experiencing 1 problem.
When I visit login.php without any registered sessions I see the login form, then I enter username and userpw and process the form. The form does get processed properly *I think* because it updates the status column in the user_data table.
The page then refreshes, so it can re-process the code which checks if the user is online, which if the user is online (status = 2) it hides the form and displays links such as "User CP | Logout" etc. However this doesn't seem to be happening
(it was working perfectly the night I started this, so I may have modified the code and tampered with it
)If anyone could take a look at my login.php file It would be much appreciated. I seem to always come across big problems in PHP
Login.php:
<?php
include("config.php");
// include the session manager class
require "class.dbsession.php";
// instantiate a new session object
// note that you don't need to call the session_start() function
// as it is called automatically when the object is instantiated
$session = new dbsession();
$status = $_SESSION["status"];
// get user status
if(!isset($_SESSION["status"]) && (!isset($_SESSION["userid"]))) {
$_SESSION["status"] = "0";
$_SESSION["userid"] = "0";
}
if(($_SESSION["status"] != "2") && (!$_SESSION["userid"] > "0")) {
echo "
<form name='Login' action='' method='post'>
<b>Login</b>
<br />
Username:
<br />
<input type='text' name='username' value='' />
<br />
<br />
Password:
<br />
<input type='password' name='userpw' value='' />
<br />
<br />
<input type='submit' name='processLogin' />
</form>
";
if($_POST["processLogin"]) {
$username = $_POST["username"];
$userpw = $_POST["userpw"];
if(!$username || !$userpw) {
echo "Please provide username and password for Query";
exit();
}
$username = mysql_real_escape_string($username);
$userpw = mysql_real_escape_string(md5($userpw));
$query2 = mysql_query("SELECT `id`, `username`, `userpw`, `status`, `useraccesslevel` FROM user_data WHERE username='$username'") or die(mysql_error());
$row2 = mysql_fetch_array($query2);
$dbusername = $row2["username"];
$dbuserpw = $row2["userpw"];
if($dbusername == $username && $dbuserpw == $userpw) {
$_SESSION["userid"] = $row2["id"];
$_SESSION["userpw"] = $row2["userpw"];
$_SESSION["useraccesslevel"] = $row2["useraccesslevel"];
$_SESSION["status"] = $row2["status"];
$userid = $_SESSION["userid"];
$query3 = mysql_query("UPDATE user_data SET status='2' WHERE id='$userid'") or die(mysql_error());
echo "
<b>Online</b>
<br />
<br />
Refreshing ...
<meta http-equiv=\"refresh\" content=\"1\">
";
} else {
echo "<b>Error:</b> incorrect username and/or password";
exit();
}
}
} else {
$userid = $_SESSION["userid"];
$query = mysql_query("SELECT `status` FROM user_data WHERE id='$userid'") or die(mysql_error());
$row = mysql_fetch_array($query);
$status = $row["status"];
if($status == "2") {
echo "<form action='' method='post'>User CP | <input type='submit' name='logout' value='Logout' class='logout' /></form>";
if($_POST["logout"]) {
$userid2 = $_SESSION["userid"];
$query4 = mysql_query("UPDATE user_data SET status='0' WHERE id='$userid2'") or die(mysql_error());
$session->stop(); // ends session (logout)
echo "
<b>Offline</b>
<br />
<br />
Refreshing ...
<meta http-equiv=\"refresh\" content=\"1\">
";
}
}
}
?>
Also, if you can see any security vulns or give some advice please do
Thanks
-Chris
Edited by Chris_GFX, 11 February 2007 - 08:19 AM.
Thanks a bunch mate, working perfectly, I can see what I've done wrong.![:whoosh[1]:](http://www.pixel2life.com/forums/public/style_emoticons/default/bigwink.gif)
