Titan85
07-21-2007, 03:48 PM
Hello, I am having some trouble with my login script for some reason. When I login, I get the success message, but then when I go to another page, I have to login again. Every time I go to another page, I just get redirected to the login page. Here is my login script:
<?php
########## If Login Hit ##########
if ($_POST['login']) {
$user = mysql_real_escape_string($_POST['user']);
$pass = md5($_POST['pass']);
// Get User Data
$check = mysql_query("SELECT * FROM `admins` WHERE user = '$user'") or die ("Error Checking Username! \n<br />\n" .mysql_error());
$u = mysql_fetch_array($check);
$chk = mysql_num_rows($check);
//
// Check Fields
if (!$user || !$pass) { echo('<meta http-equiv="refresh" content="2;URL='.$_SERVER['PHP_SELF'].'" /> <div class="error">Please fill in all fields!</div>'); }
//
// Check User
else if ($chk < 1) { echo('<meta http-equiv="refresh" content="2;URL='.$_SERVER['PHP_SELF'].'" /> <div class="error">Invalid username!</div>'); }
//
// Check Password
else if ($u['pass'] !== $pass) { echo('<meta http-equiv="refresh" content="2;URL='.$_SERVER['PHP_SELF'].'" /> <div class="error">Invalid password!</div>'); }
//
// If Everything Checks Out
else if ($pass == $u['pass'] && $chk >= 1) {
@$_SESSION['user'] = $user;
@$_SESSION['pass'] = $pass;
@$_SESSION['site'] = $siteName;
echo('<meta http-equiv="refresh" content="2;URL=index.php" /> <div class="message">Welcome '.$user.', you are now logged in!</div>');
}
//
// If Another Error Occurs
else { echo('<meta http-equiv="refresh" content="2;URL='.$_SERVER['PHP_SELF'].'" /> <div class="error">Invalid password!</div>'); }
//
}
########## If Login Not Hit ##########
if (!$_POST['login']) { ?>
<div class="message">Admin Login</div> <br /><br />
<!-- Login Form -->
<form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<table width="250" align="center">
<tr>
<td>Username:</td>
<td><input type="text" name="user" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="pass" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="login" value="Login" /></td>
</tr>
</table>
</form>
<!-- /Login Form -->
<? }
?>That script is contained in this page:
<?php @session_start(); require('config.php'); require('includes/chk_ban.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php echo $m['title'] ?> | Admin Panel</title>
<link rel="stylesheet" href="main-style.css" type="text/css" />
</head>
<body>
<div id="frame">
<div id="border">
<div id="top">
<div class="t_txt"><?php echo $siteName ?></div>
</div>
<div id="left">
<div class="s_title">Navigation</div>
<?php require('includes/nav.inc.php'); ?>
</div>
<div id="main">
<div class="spacer"><?php require('login.inc.php'); ?></div>
</div>
<div id="footer">
<div id="footer_txt"><?php echo $m['copyright'] ?></div>
</div>
</div>
</div>
</body>
</html>
Here is how I check the login:
<?php @session_start(); if (!isset($_SESSION['user']) || !isset($_SESSION['pass']) || $_SESSION['site'] != $siteName) { header('Location: '.$cmsHome.''); } ?>That script is included on all protected pages like this:
<?php require('../chk_login.inc.php'); require('../config.php'); require('../includes/chk_ban.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php echo $m['title'] ?> | Admin Panel</title>
<link rel="stylesheet" href="../main-style.css" type="text/css" />
</head>
<body>
<div id="frame">
<div id="border">
<div id="top">
<div class="t_txt"><?php echo $siteName ?></div>
<div class="r_txt"><?php require(''.$cmsHome.'/includes/user.inc.php'); ?></div>
</div>
<div id="left">
<div class="s_title">Navigation</div>
<?php require('../includes/nav.inc.php'); ?>
</div>
<div id="main">
<div class="spacer">
<?php require('manage.inc.php'); ?>
</div>
</div>
<div id="footer">
<div id="footer_txt"><?php echo $m['copyright'] ?></div>
</div>
</div>
</div>
</body>
</html>
I can not figure out why it is not working. It is probably something simple, but I can't seem to locate it. Anyone see a problem? Thanks
<?php
########## If Login Hit ##########
if ($_POST['login']) {
$user = mysql_real_escape_string($_POST['user']);
$pass = md5($_POST['pass']);
// Get User Data
$check = mysql_query("SELECT * FROM `admins` WHERE user = '$user'") or die ("Error Checking Username! \n<br />\n" .mysql_error());
$u = mysql_fetch_array($check);
$chk = mysql_num_rows($check);
//
// Check Fields
if (!$user || !$pass) { echo('<meta http-equiv="refresh" content="2;URL='.$_SERVER['PHP_SELF'].'" /> <div class="error">Please fill in all fields!</div>'); }
//
// Check User
else if ($chk < 1) { echo('<meta http-equiv="refresh" content="2;URL='.$_SERVER['PHP_SELF'].'" /> <div class="error">Invalid username!</div>'); }
//
// Check Password
else if ($u['pass'] !== $pass) { echo('<meta http-equiv="refresh" content="2;URL='.$_SERVER['PHP_SELF'].'" /> <div class="error">Invalid password!</div>'); }
//
// If Everything Checks Out
else if ($pass == $u['pass'] && $chk >= 1) {
@$_SESSION['user'] = $user;
@$_SESSION['pass'] = $pass;
@$_SESSION['site'] = $siteName;
echo('<meta http-equiv="refresh" content="2;URL=index.php" /> <div class="message">Welcome '.$user.', you are now logged in!</div>');
}
//
// If Another Error Occurs
else { echo('<meta http-equiv="refresh" content="2;URL='.$_SERVER['PHP_SELF'].'" /> <div class="error">Invalid password!</div>'); }
//
}
########## If Login Not Hit ##########
if (!$_POST['login']) { ?>
<div class="message">Admin Login</div> <br /><br />
<!-- Login Form -->
<form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<table width="250" align="center">
<tr>
<td>Username:</td>
<td><input type="text" name="user" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="pass" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="login" value="Login" /></td>
</tr>
</table>
</form>
<!-- /Login Form -->
<? }
?>That script is contained in this page:
<?php @session_start(); require('config.php'); require('includes/chk_ban.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php echo $m['title'] ?> | Admin Panel</title>
<link rel="stylesheet" href="main-style.css" type="text/css" />
</head>
<body>
<div id="frame">
<div id="border">
<div id="top">
<div class="t_txt"><?php echo $siteName ?></div>
</div>
<div id="left">
<div class="s_title">Navigation</div>
<?php require('includes/nav.inc.php'); ?>
</div>
<div id="main">
<div class="spacer"><?php require('login.inc.php'); ?></div>
</div>
<div id="footer">
<div id="footer_txt"><?php echo $m['copyright'] ?></div>
</div>
</div>
</div>
</body>
</html>
Here is how I check the login:
<?php @session_start(); if (!isset($_SESSION['user']) || !isset($_SESSION['pass']) || $_SESSION['site'] != $siteName) { header('Location: '.$cmsHome.''); } ?>That script is included on all protected pages like this:
<?php require('../chk_login.inc.php'); require('../config.php'); require('../includes/chk_ban.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php echo $m['title'] ?> | Admin Panel</title>
<link rel="stylesheet" href="../main-style.css" type="text/css" />
</head>
<body>
<div id="frame">
<div id="border">
<div id="top">
<div class="t_txt"><?php echo $siteName ?></div>
<div class="r_txt"><?php require(''.$cmsHome.'/includes/user.inc.php'); ?></div>
</div>
<div id="left">
<div class="s_title">Navigation</div>
<?php require('../includes/nav.inc.php'); ?>
</div>
<div id="main">
<div class="spacer">
<?php require('manage.inc.php'); ?>
</div>
</div>
<div id="footer">
<div id="footer_txt"><?php echo $m['copyright'] ?></div>
</div>
</div>
</div>
</body>
</html>
I can not figure out why it is not working. It is probably something simple, but I can't seem to locate it. Anyone see a problem? Thanks