I'm trying to use sessions to allow people to log into my site. The problem
is that sometimes it works and sometimes it doesn't! As far as I'm aware my
script is fine (hence why it works sometimes) and I've had people tell me
it's fine too. Basically, when a user enters their username and password it
checks that against my mysql database and if correct creates a session and
stores their username in it in a variable called uname. Then, when they
access another area of the site it checks to see if uname is set and if it
is then it lets them access that area and if it isn't asks them to log in
again. The session id is kept so I know the session is there but it doesn't
always register the variable uname. I think the php version is 4.1.2 (it's
hosted on sourceforge).
I've listed three files below. admin.php is where the user enters their
username and password. admin2.php is where it checks the username and
password and displays the admin section and addnews.php allows you to add
news to the site. It's when I try to add news when it sometimes works and
sometimes doesn't. When I click add news half of the time it shows the add
news section and half of the time it doesn't. This is because uname isn't
set when it should be (and is half of the time). If you want to see the site
go to http://linrar.sourceforge.net/index2.php (I will rename it index.php
once the site works).
admin.php
<?php
session_start() ;
session_unset() ;
session_destroy ();
?>
<html>
<head>
<link rel="stylesheet " type="text/css" href="style.css ">
<title>LinRAR Homepage</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0" >
<tr>
<td>
<table border="0" cellpadding="10 " cellspacing="0" >
<tr>
<td width="122" valign="top">
<table width="122" border="0" cellpadding="2" cellspacing="0"
bgcolor="#00000 0">
<tr>
<td>
<table width="120" border="0" cellpadding="5" cellspacing="0"
bgcolor="#fffff f">
<tr>
<td>
<a href=index.php> News</a><br>
<a href=about.php> About</a><br>
<a href=download.p hp>Download</a><br>
<a href=support.ph p>Support</a><br>
<a href="http://sourceforge.net/projects/linrar">Sourcef orge</a><br>
<a href="admin.php ">Admin</a><br>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
<td valign="top">
<h1>LinRAR - Admin</h1>
<br>
To log in to the admin section type in your username and password below and
click enter:<br><br>
<form action=admin2.p hp method=post>
<table>
<tr><td>
UserName</td><td><input type="text" name="lruname"> </td></tr>
<tr><td>
Password</td><td><input type="password" name="lrpass"></td></tr>
</table>
<br>
<input type="submit" value="Enter" class="flatbutt on">
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
admin2.php
<?php
session_start() ;
?>
<html>
<head>
<link rel="stylesheet " type="text/css" href="style.css ">
<title>LinRAR Homepage</title>
</head>
<body>
<?php
$notfounduser = 0;
$passwordincorr ect = 0;
$db = "linrar";
$user = "linrar";
$pass = "linrardb";
$link = mysql_connect(" mysql.sourcefor ge.net", $user, $pass);
mysql_select_db ($db, $link)
or die("Couldn't open $db: ".mysql_error() );
$result = mysql_query("SE LECT * from users");
$num_rows = mysql_num_rows( $result);
while ($a_row = mysql_fetch_arr ay($result))
{
if ($a_row[lruname] != $lruname)
$notfounduser = 1;
else
{
$notfounduser = 0;
$lrpass = md5($lrpass);
if ($a_row[lrpass] != $lrpass)
$passwordincorr ect = 1;
}
if ($notfounduser == 0)
break;
}
if ($notfounduser == 1)
print "User $lruname was not found.";
if ($passwordincor rect == 1)
print "Incorrect password entered for user $lruname.";
if ($notfounduser == 0 && $passwordincorr ect == 0)
{
session_registe r("uname");
$uname = $lruname;
print "<table border=0 cellpadding=0 cellspacing=0>" ;
print "<tr>";
print "<td>";
print "<table border=0 cellpadding=10 cellspacing=0>" ;
print "<tr>";
print "<td width=122 valign=top>";
print "<table width=122 border=0 cellpadding=2 cellspacing=0
bgcolor=#000000 >";
print "<tr>";
print "<td>";
print "<table width=120 border=0 cellpadding=5 cellspacing=0
bgcolor=#ffffff >";
print "<tr>";
print "<td>";
print "<a href=\"index.ph p\">Back (Logout)</a><br>";
print "<a href=\"addnews. php?".session_n ame()."=".sessi on_id()."\">Add
News</a><br>";
print "<a href=\"addadmin .php?".session_ name()."=".sess ion_id()."\">Ad d
Admin</a><br>";
print "<a
href=\"changepw d.php?".session _name()."=".ses sion_id()."\">C hange
Password</a><br>";
print "<a href=BoardPlus/forum.html>Foru m</a><br>";
print "<a href=\"phpMyAdm in-2.5.1\"</a>phpMyAdmin<br >";
print "<a href=count.php> Site Stats</a><br>";
print "</td>";
print "</tr>";
print "</table>";
print "</td>";
print "</tr>";
print "</table>";
print "</td>";
print "<td valign=top>";
print "<h1>LinRAR - Admin</h1>";
print "<br>";
print "Welcome $uname to the admin section.";
}
?>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
addnews.php
<?php
session_start() ;
?>
<html>
<head>
<link rel="stylesheet " type="text/css" href="style.css ">
<title>LinRAR Homepage</title>
</head>
<body>
<?php
if (session_is_reg istered("uname" ))
{
print "<table border=0 cellpadding=0 cellspacing=0>" ;
print "<tr>";
print "<td>";
print "<table border=0 cellpadding=10 cellspacing=0>" ;
print "<tr>";
print "<td width=122 valign=top>";
print "<table width=122 border=0 cellpadding=2 cellspacing=0
bgcolor=#000000 >";
print "<tr>";
print "<td>";
print "<table width=120 border=0 cellpadding=5 cellspacing=0
bgcolor=#ffffff >";
print "<tr>";
print "<td>";
print "<a href=\"index.ph p\">Back (Logout)</a><br>";
print "<a href=\"addnews. php?".session_n ame()."=".sessi on_id()."\">Add
News</a><br>";
print "<a href=\"addadmin .php?".session_ name()."=".sess ion_id()."\">Ad d
Admin</a><br>";
print "<a href=\"changepw d.php?".session _name()."=".ses sion_id()."\">C hange
Password</a><br>";
print "<a href=BoardPlus/forum.html>Foru m</a><br>";
print "<a href=\"phpMyAdm in-2.5.1\"</a>phpMyAdmin<br >";
print "<a href=count.php> Site Stats</a><br>";
print "</td>";
print "</tr>";
print "</table>";
print "</td>";
print "</tr>";
print "</table>";
print "</td>";
print "<td valign=top>";
print "<h1>LinRAR - Add News</h1>";
print "<br>";
if ($changed == 1)
{
$dateadded = time();
$db = "linrar";
$user = "linrar";
$pass = "linrardb";
$link = mysql_connect(" mysql.sourcefor ge.net", $user, $pass);
if (!$link)
die ("Couldn't connect to MySQL: ".mysql_error() );
mysql_select_db ($db)
or die("Couldn't connect to database $db: ".mysql_error() );
$query = "INSERT INTO news VALUES ('$uname', '$dateadded', '$ntitle',
'$nmessage')";
mysql_query($qu ery, $link)
or die ("Couldn't add data to the table: ".mysql_error() );
mysql_close($li nk);
print "The following news has been added...<br><br >";
print "Title: $ntitle<br><br> ";
print "Message: $nmessage<br><b r>";
print "Posted by: $uname<br><br>" ;
$dateadded = date("d/m/y", $dateadded);
print "Date added: $dateadded<br>" ;
}
else
{
print "<form action=addnews. php?$sess&chang ed=1 method=post>";
print "Title <input type=text size=50 name=ntitle><br ><br>";
print "Message<br >";
print "<textarea rows=5 cols=70 name=nmessage></textarea><br><b r>";
print "<input type=submit value=Add>";
print "</form>";
}
}
else
{
print "Not logged in. <a href=admin.php> Click Here</a> to log in.";
}
?>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>