i have this log in script from a book that uses session variable to
track the user.. everything works fine in firefox but in IE 6.0 the
page only refreshes and the user can be authenticated... i have tried
most of the solutions posted on the web.. but to no avail.. if anyone
can look at the code.. and help me..
thanks.. kelli
here are the scripts..
// stories.php
<?php
// Listing 26.5
// stories.php Is the Interface for Writers to Manage Their Stories
include('include_fns.php');
session_start();
if (!check_auth_user()) {
?>
<form action="login.php" method="post">
<table border="0">
<tr>
<td>Username</td>
<td><input size="16" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input size="16" type="password" name="password"></td>
</tr>
</table>
<input type="submit" value="Log in">
</form>
<?php
}
else {
$conn = db_connect();
$w = get_writer_record($HTTP_SESSION_VARS['auth_user']);
print 'Welcome, '.$w['full_name'];
print ' (<a href="logout.php">Logout</a>)';
print '<p>';
$sql = 'select * from stories where writer = \''.
$HTTP_SESSION_VARS['auth_user'].'\' order by created desc';
$result = mysql_query($sql, $conn);
print 'Your stories: ';
print mysql_num_rows($result);
print ' (<a href="story.php">Add new</a>)';
print '</p><br /><br />';
if (mysql_num_rows($result)) {
print '<table>';
print '<tr><th>Headline</th><th>Page</th>';
print '<th>Created</th><th>Last modified</th></tr>';
while ($qry = mysql_fetch_array($result)) {
print '<tr>';
print '<td>';
print $qry['headline'];
print '</td>';
print '<td>';
print $qry['page'];
print '</td>';
print '<td>';
print date('M d, H:i', $qry['created']);
print '</td>';
print '<td>';
print date('M d, H:i', $qry['modified']);
print '</td>';
print '<td>';
if ($qry['published'])
print '[Published '.date('M d, H:i', $qry['published']).']';
else {
print '[<a href="story.php?story='.$qry['id'].'">edit</a>] ';
print '[<a
href="delete_story.php?story='.$qry['id'].'">delete</a>] ';
print '[<a
href="keywords.php?story='.$qry['id'].'">keywords</a>]';
}
print '</td>';
print '</tr>';
}
print '</table>';
}
}
?>
///////login.php
<?php
session_start();
include('include_fns.php');
session_register("auth_user");
if ( (!isset($HTTP_POST_VARS['username'])) ||
(!isset($HTTP_POST_VARS['password'])) ) {
print 'You must enter your username and password to proceed';
exit;
}
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];
if (login($username, $password)) {
$HTTP_SESSION_VARS['auth_user'] = $username;
header('Location: '.$HTTP_SERVER_VARS['HTTP_REFERER']);
}
else {
print 'The password you entered is incorrect';
exit;
}
?>
// user_auther_fns.php
<?php
session_start();
function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
// connect to db
$conn = db_connect();
if (!$conn)
return 0;
$result = mysql_query("select * from writers
where username='$username'
and password ='$password'");
if (!$result)
return 0;
if (mysql_num_rows($result)>0)
return 1;
else
return 0;
}
function check_auth_user($auth_user)
// see if somebody is logged in and notify them if not
{
global $HTTP_SESSION_VARS;
if (isset($HTTP_SESSION_VARS['auth_user']))
return true;
else
return false;
}
?>
