login script

luitron

i have this log in script, so far it works fine untill the instruction told me to add this script at the top of my php file:

<?php
             session_start();
             include("config.php");
             $db = mysql_connect("$db_host", "$db_user", "$db_pwd");
             $dbsel = mysql_select_db("$db_name");
             $query = "SELECT sid FROM login_1 WHERE id='$id_log'";

         @ $result = mysql_query($query);
         if (!result) { echo "Sorry, the connection to the database was refused.  Please review the 'config.php' file";}
         $data = mysql_fetch_array($result);
         if ($data['sid']==session_id()) {}
         else {echo "<center><font face='Tahoma, Helvetica'>Sorry, you are not authorized to view this page.  Please
         login <a href='login.php'>here</a>.";die;}
?>
<html>
<frameset rows="81,*" frameborder="NO" border="0" framespacing="0">
  <frame name="top" scrolling="NO" noresize src="top.html" marginwidth="0" marginheight="0" >
  <frame name="mainFrame" src="web.php" marginwidth="0" marginheight="0" noresize>
</frameset>
<noframes>
<head>
</head>

<body>
</body>

</html>

but it keeps asking me to log in. but whe i ad this one:

<?php
  session_start();


if ($sid==session_id()) {}
else {echo "sorry";die;}

?>

it lets me in. i rather use the first code than this one one. i look at that code and it feels something doesnt look right .🙁

OhLordy

try echoing the session id from the session and the one from the database to see which one isn't as expected.
HTH
Rob

luitron

i feel so newbie by asking this but how do i go about doing that. 🙁

OhLordy

echo("session_id: ".session_id()." | DB id: ".$datd['sid']);

put this after the line

$data = mysql_fetch_array($result);

HTH
Rob

luitron

cool. ok now im getting this error:

Parse error: parse error, unexpected T_ELSE in /home/vision3/public_html/tmp/index.php on line 12

this is line:

else {echo "<center><font face='Tahoma, Helvetica'>Sorry, you are not authorized to view this page. Please

This is how my code looks now:

<?php
             session_start();
             include("config.php");
             $db = mysql_connect("$db_host", "$db_user", "$db_pwd");
             $dbsel = mysql_select_db("$db_name");
             $query = "SELECT sid FROM login_1 WHERE id='$id_log'";

         @ $result = mysql_query($query);
         if (!result) { echo "Sorry, the connection to the database was refused.  Please review the 'config.php' file";}
         $data = mysql_fetch_array($result);
         echo("session_id: ".session_id()." | DB id: ".$datd['sid']);
         else {echo "<center><font face='Tahoma, Helvetica'>Sorry, you are not authorized to view this page.  Please
         login <a href='login.php'>here</a>.";die;}
?>
<html>
<frameset rows="81,*" frameborder="NO" border="0" framespacing="0">
  <frame name="top" scrolling="NO" noresize src="top.html" marginwidth="0" marginheight="0" >
  <frame name="mainFrame" src="web.php" marginwidth="0" marginheight="0" noresize>
</frameset>
<noframes>
<head>
</head>

<body>
</body>

</html>

luitron

please help can someone help me. please look at the script above and tell me what can i do.

b0ksah

this if / else structur is Fubar

<?php


if (!result) { echo "Sorry, the connection to the database was refused.  Please review the 'config.php' file";}  /* --- You end your if here .... 
the else should follw right behind it .. but it doesn't */

         $data = mysql_fetch_array($result);
         echo("session_id: ".session_id()." | DB id: ".$datd['sid']);

          else {echo "<center><font face='Tahoma, Helvetica'>Sorry, you are not authorized to view this page.  Please
         login <a href='login.php'>here</a>.";die;}


?>

Moonglobe

you forgot the original if in your new code. i think this should work. also, it's probably a good idea to make your code readable by people other than yourself 😉

<?php
session_start();
include("config.php");
$db = mysql_connect("$db_host", "$db_user", "$db_pwd");
$dbsel = mysql_select_db("$db_name");
$query = "SELECT sid FROM login_1 WHERE id='$id_log'";
@$result = mysql_query($query);
if (!result) 
{ 
    echo "Sorry, the connection to the database was refused.  Please review the 'config.php' file";
}
$data = mysql_fetch_array($result);
echo("session_id: ".session_id()." | DB id: ".$data['sid']);
if ($data['sid']==session_id())
{
    //do nothing
}
else 
{
    echo "<center><font face='Tahoma, Helvetica'>Sorry, you are not authorized to view this page.  Please login <a href='login.php'>here</a>.";
    die();
}
?>
<html>
<frameset rows="81,*" frameborder="NO" border="0" framespacing="0">
  <frame name="top" scrolling="NO" noresize src="top.html" marginwidth="0" marginheight="0" >
  <frame name="mainFrame" src="web.php" marginwidth="0" marginheight="0" noresize>
</frameset>
<noframes>
<head>
</head>

<body>
</body>

</html>