I'm trying to use sessions to allow people to log into my site. The problem
is that sometimes it works and sometimes it doesn't! As far as I'm aware my
script is fine (hence why it works sometimes) and I've had people tell me
it's fine too. Basically, when a user enters their username and password it
checks that against my mysql database and if correct creates a session and
stores their username in it in a variable called uname. Then, when they
access another area of the site it checks to see if uname is set and if it
is then it lets them access that area and if it isn't asks them to log in
again. The session id is kept so I know the session is there but it doesn't
always register the variable uname. I think the php version is 4.1.2 (it's
hosted on sourceforge).
I've listed three files below. admin.php is where the user enters their
username and password. admin2.php is where it checks the username and
password and displays the admin section and addnews.php allows you to add
news to the site. It's when I try to add news when it sometimes works and
sometimes doesn't. When I click add news half of the time it shows the add
news section and half of the time it doesn't. This is because uname isn't
set when it should be (and is half of the time). If you want to see the site
go to http://linrar.sourceforge.net/index2.php (I will rename it index.php
once the site works).
admin.php
<?php
session_start();
session_unset();
session_destroy();
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>LinRAR Homepage</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<table border="0" cellpadding="10" cellspacing="0">
<tr>
<td width="122" valign="top">
<table width="122" border="0" cellpadding="2" cellspacing="0"
bgcolor="#000000">
<tr>
<td>
<table width="120" border="0" cellpadding="5" cellspacing="0"
bgcolor="#ffffff">
<tr>
<td>
<a href=index.php>News</a><br>
<a href=about.php>About</a><br>
<a href=download.php>Download</a><br>
<a href=support.php>Support</a><br>
<a href="http://sourceforge.net/projects/linrar">Sourceforge</a><br>
<a href="admin.php">Admin</a><br>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
<td valign="top">
<h1>LinRAR - Admin</h1>
<br>
To log in to the admin section type in your username and password below and
click enter:<br><br>
<form action=admin2.php method=post>
<table>
<tr><td>
UserName</td><td><input type="text" name="lruname"></td></tr>
<tr><td>
Password</td><td><input type="password" name="lrpass"></td></tr>
</table>
<br>
<input type="submit" value="Enter" class="flatbutton">
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
admin2.php
<?php
session_start();
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>LinRAR Homepage</title>
</head>
<body>
<?php
$notfounduser = 0;
$passwordincorrect = 0;
$db = "linrar";
$user = "linrar";
$pass = "linrardb";
$link = mysql_connect("mysql.sourceforge.net", $user, $pass);
mysql_select_db($db, $link)
or die("Couldn't open $db: ".mysql_error());
$result = mysql_query("SELECT * from users");
$num_rows = mysql_num_rows($result);
while ($a_row = mysql_fetch_array($result))
{
if ($a_row[lruname] != $lruname)
$notfounduser = 1;
else
{
$notfounduser = 0;
$lrpass = md5($lrpass);
if ($a_row[lrpass] != $lrpass)
$passwordincorrect = 1;
}
if ($notfounduser == 0)
break;
}
if ($notfounduser == 1)
print "User $lruname was not found.";
if ($passwordincorrect == 1)
print "Incorrect password entered for user $lruname.";
if ($notfounduser == 0 && $passwordincorrect == 0)
{
session_register("uname");
$uname = $lruname;
print "<table border=0 cellpadding=0 cellspacing=0>";
print "<tr>";
print "<td>";
print "<table border=0 cellpadding=10 cellspacing=0>";
print "<tr>";
print "<td width=122 valign=top>";
print "<table width=122 border=0 cellpadding=2 cellspacing=0
bgcolor=#000000>";
print "<tr>";
print "<td>";
print "<table width=120 border=0 cellpadding=5 cellspacing=0
bgcolor=#ffffff>";
print "<tr>";
print "<td>";
print "<a href=\"index.php\">Back (Logout)</a><br>";
print "<a href=\"addnews.php?".session_name()."=".session_id ()."\">Add
News</a><br>";
print "<a href=\"addadmin.php?".session_name()."=".session_i d()."\">Add
Admin</a><br>";
print "<a
href=\"changepwd.php?".session_name()."=".session_ id()."\">Change
Password</a><br>";
print "<a href=BoardPlus/forum.html>Forum</a><br>";
print "<a href=\"phpMyAdmin-2.5.1\"</a>phpMyAdmin<br>";
print "<a href=count.php>Site Stats</a><br>";
print "</td>";
print "</tr>";
print "</table>";
print "</td>";
print "</tr>";
print "</table>";
print "</td>";
print "<td valign=top>";
print "<h1>LinRAR - Admin</h1>";
print "<br>";
print "Welcome $uname to the admin section.";
}
?>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
addnews.php
<?php
session_start();
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>LinRAR Homepage</title>
</head>
<body>
<?php
if (session_is_registered("uname"))
{
print "<table border=0 cellpadding=0 cellspacing=0>";
print "<tr>";
print "<td>";
print "<table border=0 cellpadding=10 cellspacing=0>";
print "<tr>";
print "<td width=122 valign=top>";
print "<table width=122 border=0 cellpadding=2 cellspacing=0
bgcolor=#000000>";
print "<tr>";
print "<td>";
print "<table width=120 border=0 cellpadding=5 cellspacing=0
bgcolor=#ffffff>";
print "<tr>";
print "<td>";
print "<a href=\"index.php\">Back (Logout)</a><br>";
print "<a href=\"addnews.php?".session_name()."=".session_id ()."\">Add
News</a><br>";
print "<a href=\"addadmin.php?".session_name()."=".session_i d()."\">Add
Admin</a><br>";
print "<a href=\"changepwd.php?".session_name()."=".session_ id()."\">Change
Password</a><br>";
print "<a href=BoardPlus/forum.html>Forum</a><br>";
print "<a href=\"phpMyAdmin-2.5.1\"</a>phpMyAdmin<br>";
print "<a href=count.php>Site Stats</a><br>";
print "</td>";
print "</tr>";
print "</table>";
print "</td>";
print "</tr>";
print "</table>";
print "</td>";
print "<td valign=top>";
print "<h1>LinRAR - Add News</h1>";
print "<br>";
if ($changed == 1)
{
$dateadded = time();
$db = "linrar";
$user = "linrar";
$pass = "linrardb";
$link = mysql_connect("mysql.sourceforge.net", $user, $pass);
if (!$link)
die ("Couldn't connect to MySQL: ".mysql_error());
mysql_select_db($db)
or die("Couldn't connect to database $db: ".mysql_error());
$query = "INSERT INTO news VALUES ('$uname', '$dateadded', '$ntitle',
'$nmessage')";
mysql_query($query, $link)
or die ("Couldn't add data to the table: ".mysql_error());
mysql_close($link);
print "The following news has been added...<br><br>";
print "Title: $ntitle<br><br>";
print "Message: $nmessage<br><br>";
print "Posted by: $uname<br><br>";
$dateadded = date("d/m/y", $dateadded);
print "Date added: $dateadded<br>";
}
else
{
print "<form action=addnews.php?$sess&changed=1 method=post>";
print "Title <input type=text size=50 name=ntitle><br><br>";
print "Message<br>";
print "<textarea rows=5 cols=70 name=nmessage></textarea><br><br>";
print "<input type=submit value=Add>";
print "</form>";
}
}
else
{
print "Not logged in. <a href=admin.php>Click Here</a> to log in.";
}
?>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>