Trying out sessions..

mak-uk

Hi all,

Having looked at a couple of tutorials on sessions, I thought I would play about with my own file.

The problem is, no matter what I do, it keeps printing out the 'Access Denied' portion of the code. Am I missing a curly brace somewhere or something?

<?php // index.php 
session_start();
include_once './inc/db.inc';

$uid = isset($_POST['EMail']) ? $_POST['EMail'] : $_SESSION['EMail']; 
$pwd = isset($_POST['Password']) ? $_POST['Password'] : $_SESSION['Password'];

if(!isset($_SESSION['EMail'])) { 
$_SESSION['EMail'] = ''; 
} 

if(!isset($_POST['SUBMITFORM'])) { 
?> 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>...</title>
FORM GOES HERE:
<FORM METHOD="POST" NAME="Login" AUTOCOMPLETE="off" action="<?=$_SERVER['PHP_SELF']?>">

<table width="200" height="122" border="0" cellpadding="0">
<tr>
<tr>
<td valign="middle" align="right" class="mediumblack">EMail&nbsp;</td>

<td width="65%" class="forminput"><INPUT TYPE="text" class="forminput" NAME="EMail" size="20" maxlength="35" /></td>

</tr>

<tr>
<td valign="middle" align="right" class="mediumblack">Password&nbsp;</td>

<td class="forminput"><INPUT TYPE="password" class="forminput" NAME="Password" size="20" maxlength="20" /></td>

</tr>

<tr>
<td><br></td>
<td align="center">
<input type="checkbox" name="autologin" value="Y">Automatic login<br>&nbsp;<a href="#">What is this?</a></td>

</tr>

<tr>
<td><br></td>
<td valign="bottom" align="center" height="18"> 
<!-- <input type="image" src="img/go.gif" border="0"> -->
<INPUT name="SUBMITFORM" TYPE="submit" VALUE="Login"> 
</td>

</tr>

<tr align="center"> 

<td height="18" colspan="2" valign="bottom"><a href="#" title="Forgot Password">Forgot your password?</a></td>

</tr>

<tr align="center"> 
<td height="18" colspan="2" valign="bottom"><a aref="join.php" title="Join Here">Not a Member yet?</a></td>
</tr>

</table>
</FORM>

</html>
<?php
}
else { 
$_SESSION['EMail'] = (string) $_POST['EMail']; 
$_SESSION['Password'] = (string) $_POST['Password']; 
} 

dbConnect("pa" ); 
$sql = "SELECT * FROM members WHERE 
mEMail = '$EMail' AND mPassword = PASSWORD('$Password')"; 
$result = mysql_query($sql); 

if (!$result) { 
error('A database error occurred while checking your '. 
'login details.\\nIfhis error persists, please '. 
'contact [email]you@example.com[/email].'); 
}

if (mysql_num_rows($result) == 0) { 
unset($_SESSION['EMail']); 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]"> 
<html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]"> 
<head> 
<title> Access Denied </title> 
<meta http-equiv="Content-Type" 
content="text/html; charset=iso-8859-1" /> 
</head> 
<body> 
<h1> Access Denied </h1> 
<p>Your user ID or password is incorrect, or you are not a 
registered user on this site. To try logging in again, click 
<a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant 
access, click <a href="join.php">here</a>.</p> 
</body> 
</html> 
<?php 
exit; 
}
?>

Any ideas on what I am doing wrong?

Thanks.

Mak 🙂

The_Chancer

In your final query before the Access Denied part, you are referring to $Email and $password - neither of which are stated in the code you posted.

If you changed these to $uid and $pwd, you might get a better response.

Also, if there is a successful login - ie mysql_num_rows($result) gives a result of 1, then there is no place for this eventuality.

It might be a good idea to echo out your SQL query as well, at least you will be able to find out why the query didn't work.

If you had missed out a } you would have received a parse error though, not just an anomolous answer to your code.

mak-uk

Even when I replace the query with:

$sql = "SELECT * FROM members WHERE mEMail = '$uid' AND mPassword = PASSWORD('$pwd')";

At the bottom, it still displays 'Access Denied'. This is without the user logging in or anything but just the script being displayed for the first time!

Help! 🙁

Thanks.

Mak 🙂

The_Chancer

I just tried your code, with no changes and it gave me the login for straight away...

Make sure you have no caching problems, control F5, or use something like

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");  // always modified
header("Cache-Control: no-store, no-cache, must-revalidate");  // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");                          // HTTP/1.0