User 1 - Unsername: Davey Jones
User 2 - Unsername: David Smith
I log out from Davey Jones, then login as David Smith the Welcome message below will show "Welcome Davey". And it will be Davey's information that is accessible - not David Smith's. So something is amiss but I don't know what.
(BTW, this login script is based on the one found in Larry Ullman's book "PHP and MySQL for dynamic websites 2nd edition - Chapter13.)
Expand|Select|Wrap|Line Numbers
- // Welcome the user (by name if they are logged in).
- echo '<h1>Welcome';
- if (isset($_SESSION['first_name'])) {
- echo ", {$_SESSION['first_name']}!";
- }
- echo '</h1>';
Expand|Select|Wrap|Line Numbers
- At Top of Page
- <?php
- ob_start();
- // Initialize a session.
- session_start();
- $page_title = "Home";
- include('includes/config.inc.php');
- include('functions.php');
- do_html_header($page_title);
- ?>
- At Bottom of Page
- <?php
- bottom();
- footer();
- ?>
The login scripts are located in a folder called "members" - /mysite.com/members/login.php
The pages in the members folder has this at the top of each page:
Expand|Select|Wrap|Line Numbers
- At Top of Page
- <?php
- include('./../includes/sess.php');
- include('./../includes/config.inc.php');
- include('js_functions.php');
- $page_title = 'Member Control Panel';
- include('./../includes/top.php');
- login_check();
- main_bar();
The sess.php contains:
Expand|Select|Wrap|Line Numbers
- <?php
- // This page begins the HTML header for the site.
- // Start output buffering.
- ob_start();
- // Initialize a session.
- session_start();
- ?>
Expand|Select|Wrap|Line Numbers
- <?php
- include("./../functions.php");
- do_html_header($page_title);
- echo "<h3>$page_title</h3><br>";
- ?>
The js_function.php page is located in the members folder.
The js_functions.php contains:
Expand|Select|Wrap|Line Numbers
- <?php
- function welcome_bar()
- {
- echo "
- <center>
- <div style='width:95%; background-color:#EAF4FF; padding:3px'>
- <strong>Welcome!</strong>
- </div>
- </center>
- <br><br>
- ";
- }
- function pages_bar()
- {
- echo "
- <center>
- <div style='width:95%; background-color:#EAF4FF; padding:3px'>
- Return to <a href='main.php'><u><strong>Member Control Panel</strong></u></a>
- </div>
- </center>
- <br><br>
- ";
- }
- function main_bar()
- {
- echo "
- <center>
- <div style='width:95%; background-color:#EAF4FF; padding:3px'>
- <strong>What would you like to do?</strong>
- </div>
- </center>
- <br><br>
- ";
- }
- function login_check()
- {
- // If no user_id variable exists, redirect the user.
- if (!isset($_SESSION['user_id']))
- {
- // Start defining the URL.
- $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
- // Check for a trailing slash.
- if ((substr($url, -1) =='/') OR (substr($url, -1) == '\\') )
- {
- // Chop off the slash.
- $url = substr ($url, 0, -1);
- }
- // Redirect to this page if not logged in.
- $url .= './../members/login.php';
- header("Location: $url");
- // Quit the script.
- exit();
- }
- else
- {
- // Welcome the user (by name if they are logged in).
- if (isset($_SESSION['user_title']) && ($_SESSION['first_name']) && ($_SESSION['last_name']));
- {
- echo "
- <p><strong>Hello:</strong> {$_SESSION['user_title']} {$_SESSION['first_name']} {$_SESSION['last_name']}</p>
- ";
- }
- }
- }
- function real_login_check()
- {
- // If user_id variable exists, redirect the user.
- if (isset($_SESSION['user_id']))
- {
- // Start defining the URL.
- $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
- // Check for a trailing slash.
- if ((substr($url, -1) =='/') OR (substr($url, -1) == '\\') )
- {
- // Chop off the slash.
- $url = substr ($url, 0, -1);
- }
- // Redirect to this page if not logged in.
- $url .= './../members/main.php';
- header("Location: $url");
- // Quit the script.
- exit();
- }
- else
- {
- echo "
- <center>
- <div style='width:95%; background-color:#EAF4FF; padding:3px'>
- <strong>Welcome!</strong>
- </div>
- </center>
- <br><br>
- ";
- }
- }
- ?>
I tried to get cute and place a login form at the top of the functions.php page to eliminate the need to first go to the member's area to log in. If the user is logged in the welcome message is displayed instead of the login form. Here is that bit of code:
Expand|Select|Wrap|Line Numbers
- if (isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'], -10) != 'members/logout.php'))
- {
- echo "
- <strong>Hello, {$_SESSION['user_title']} {$_SESSION['first_name']} {$_SESSION['last_name']}</strong><br />
- <a href='http://www.mysite.com/members/logout.php'>Logout</a><br />
- <a href='http://www.mysite.com/members/index.php'>Member Control Panel</a>
- ";
- }
- else
- {
- // Not logged in
- echo "
- <form action='http://www.mysite.com/members/login.php' method='post'>
- <strong>Member Login:</strong><br />
- Email Address <input type='text' name='email' size='15' maxlength='45' value=''><br />
- Password <input type='password' name='pass' size='10' maxlength='20'><br />
- <input type='submit' name='submit' value='Login'>
- <input type='hidden' name='submitted' value='TRUE'>
- </form>
- <br />
- <a href='http://www.mysite.com/members/register.php'>Register</a>
- ";
- }
Expand|Select|Wrap|Line Numbers
- <?php
- ob_start();
- // Initialize a session.
- session_start();
Expand|Select|Wrap|Line Numbers
- </body></html>";
- ob_end_flush();
So, back to my problem of the last user "logged out" being carried over when someone else logs in. I'm not sure where the problem lies. I think I have listed everything here in this post that relates to logging in and sessions. These are the variables that are set when logging in:
Expand|Select|Wrap|Line Numbers
- // Register the values & redirect.
- $row = mysql_fetch_array ($result, MYSQL_NUM);
- mysql_free_result($result);
- mysql_close(); // Close the database connection.
- $_SESSION['user_id'] = $row[0];
- $_SESSION['email'] = $row[1];
- $_SESSION['user_title'] = $row[3];
- $_SESSION['first_name'] = $row[4];
- $_SESSION['last_name'] = $row[5];
- $_SESSION['city'] = $row[7];
- $_SESSION['stateid'] = $row[8];
Expand|Select|Wrap|Line Numbers
- (substr($_SERVER['PHP_SELF'], -10) != 'members/logout.php')
I would like to keep the logging in feature at the top of all the pages. It's much like the one on this website and I find it quite handy. But if this is what is causing my logout and login problems, and if it can't be fixed I'll scrap it.
Thanks for any help.
David