Hello everyone,
Ok.. i've come to a little puzzle for myself. Back in the day this would have been easy *neck sinks into shoulders*.
Anyhow, here is my code for the login page.
PHP Code:
<?php
session_start(); ## Allows sessions
include("inc/conn.php"); ## Includes the connection file for the database
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>Clientel - QualityXHTML.com - A service to remember!</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<!--[if lte IE 7]>
<link rel="stylesheet" type="text/css" href="ie7.css" />
<script defer type="text/javascript" src="pngfix.js"></script>
<![endif]-->
<!--[if lte IE 6]>
<link rel="stylesheet" type="text/css" href="ie6.css" />
<![endif]-->
</head>
<body>
<div id="container">
<div id="content">
<div id="logo">
<a href="http://clientel.qualityxhtml.com"><img src="img/logo.png" alt="Logotype" /></a>
</div><!-- logo -->
<div id="title">
<h3>QualityXHTML Client Area</h3>
</div><!-- title -->
<div id="login">
<?php
if(isset($_POST['submit'])) { ## If the submit button was pressed do the following
$usn = htmlspecialchars(addslashes($_POST['username'])); ## Submitted Username stored in a variable
$psd = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST['password'])))))))); ## Submitted Password stored in a variable
$slct = mysql_query("SELECT * FROM `clients` WHERE `user` = '$usn'") or die(mysql_error());
$check = mysql_num_rows($slct);
if($check == '0') {
echo "<p>Please supply the correct Username and Password!</p>";
} else {
$udata = mysql_fetch_array($slct);
if($udata[client] == 1) {
$_SESSION['id'] = "$user[id]";
$_SESSION['password'] = "$user[password]";
echo "<p>Welcome, $udata[full_name]!</p>" . "<p> </p>" . "<p>You will be redirect in a moment...</p>";
## Now we must redirect the user
echo "<meta http-equiv='Refresh' content='2; URL=panel.php'/>";
} else {
if($udata[admin] == 1) {
$_SESSION['id'] = "$user[id]";
$_SESSION['password'] = "$user[password]";
echo "<p>Welcome back, $udata[full_name]!</p>" . "<p> </p>" . "<p>Please <a href='/admin/'>click here</a> to goto your admin area!</p>";
}
}
}
} else {
?>
<p class="italic">This area is for new and existing clients only.</p>
<p>Please logon to your account below.</p>
<form id="login" name="client login" method="post" action="">
<fieldset>
<div id="form_top">
<input type="text" name="username" class="form" value="Username" /><input type="submit" name="submit" value="" title="Login" id="submit" />
</div><!-- form_top -->
<div id="form_bottom">
<input type="password" name="password" class="form" value="*********" /><a href="#" id="password">Forgot password?</a>
</div><!-- form_bottom -->
</fieldset>
</form>
<?php
} ## Close the loop
?>
</div><!-- login -->
</div><!-- content -->
</div><!-- container -->
</body>
</html>
Ok, so here we are, if you get the username and password right in the database, then it'll show a message then direct you to a page. Bare in mind this login page is working perfectly fine.
However, what I want to do is secure that panel.php, so if the registered session is not identical to the one in the database, then it should throw up a message. But if its all correct, then display the site.
Here is the code I have got for the panel.php...
PHP Code:
<?php
session_start(); ## Allows sessions
include("inc/conn.php"); ## Includes the connection file for the database
## Session Security
$usn = $_SESSION['id'];
$slct = mysql_query("SELECT * FROM `clients` WHERE `user` = '$usn'") or die(mysql_error());
$udata = mysql_fetch_array($slct);
if(!$usn) {
echo "NO!!!!!";
} else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>Clientel</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<!--[if lte IE 6]><link rel="stylesheet" type="text/css" href="ie6.css" /><![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" href="ie7.css" /><![endif]-->
<script type="text/javascript" src="jquery-latest.pack.js"></script>
<script type="text/javascript" src="jquery.pngFix.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(document).pngFix();
});
</script>
</head>
<body>
<div id="container_2">
<div id="logo_2">
<a href="http://clientel.qualityxhtml.com"><img src="img/logo.png" alt="Logotype" /></a>
</div><!-- logo -->
<div id="wrapper">
<div id="top">
</div><!-- top -->
<div id="wrap">
<div id="left_side">
</div><!-- left_side -->
<div id="right_side">
</div><!-- right_side -->
</div>
</div><!-- wrapper -->
</div><!-- container_2 -->
</body>
</html>
<?php
} ## Close Session Security
?>
All help is highly appreciated.
Join the friendly bunch on IRC...
PHP Session Login - help needed.
Threaded Mode
