www.webdeveloper.com
Results 1 to 6 of 6

Thread: Quick Question

  1. #1
    Join Date
    Feb 2011
    Posts
    177

    Question Quick Question

    I have created a form for quick additions to database. It has the following code at the front

    PHP Code:
    <?php 
    session_start
    ();
    if (!isset(
    $_SESSION["manager"])) {
        
    header("location: admin_login.php"); 
        exit();
    }
    // Be sure to check that this manager SESSION value is in fact in the database
    $managerID preg_replace('#[^0-9]#i'''$_SESSION["id"]); // filter everything but numbers and letters
    $manager preg_replace('#[^A-Za-z0-9]#i'''$_SESSION["manager"]); // filter everything but numbers and letters
    $password preg_replace('#[^A-Za-z0-9]#i'''$_SESSION["password"]); // filter everything but numbers and letters
    // Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
    // Connect to the MySQL database  
    include "../SiteScripts/connect_to_mysql.php"
    $sql mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person
    // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
    $existCount mysql_num_rows($sql); // count the row nums
    if ($existCount == 0) { // evaluate the count
         
    echo "Your login session data is not on record in the database.";
         exit();
    }
    ?>
    It works fine for the first page but any other page it tells me "Your login session data is not on record in the database" If I take out the above code then it works fine. Any ideas on how to fix this issue? It use to work for all the pages but now it doesn't and I'm not sure what is wrong. Any ideas are much appreciated.

  2. #2
    Join Date
    Jan 2009
    Posts
    3,346
    I wouldn't store the password as a session variable. It looks like you are wanting to reauthenticate the user during every page load...you can just check that the user exists in the database (and is still active if appropriate) on each page load while a session is active.

  3. #3
    Join Date
    Feb 2011
    Posts
    177

    Question

    So is there something wrong with the way I checked to make sure the person is login? Am I suppose to do something different? How should i do the admin login file if not a session? I'm still learning so any pointers are much appreciated.

  4. #4
    Join Date
    Jan 2009
    Posts
    3,346
    Usually I just store the username as a session variable and last request so I can fine tune how long an admin account can be active.

    PHP Code:
    if(!isset($_SESSION['adminUser']){
       
    //user is not logged in as admin
    } else {
       
    //check if account is still active in database (ie "SELECT userID FROM user_table WHERE username={$_SESSION['adminUser']} AND active = true LIMIT 1;"
       
    $stillActive true;//would be a true/false depending on a database query
       
    if(!$stillActive){
          
    //session should be invalidated and user returned to a login form
       
    } else {
          
    //continue page as though user is authenticated/authorized
       
    }

    I know it looks kind of sloppy but does that make some sense?

  5. #5
    Join Date
    Feb 2011
    Posts
    177

    Question

    Hey,

    Thanks for the help I tried exactly what you said Im getting issues with that so what am i doing here?
    PHP Code:
    <?php 
    session_start
    ();
    if(!isset(
    $_SESSION['adminUser']){
       
    //user is not logged in as admin
    } else {
       
    //check if account is still active in database 
       
    ("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1");
       
    $stillActive true;//would be a true/false depending on a database query
       
    if(!$stillActive){
          
    //session should be invalidated and user returned to a login form
       
    } else {
          
    //continue page as though user is authenticated/authorized
       
    }
    }
    ?>

  6. #6
    Join Date
    Jan 2009
    Posts
    3,346
    What I posted was more like psuedocode as a general concept guide....not something you can just plug in to your data structure and run with it.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles