Whats wrong with my php login code???

velocityX

Why it wont get admin flags.....
following is login.php

<?php
$DBhost = "localhost";
$DBuser = "";
$DBpass = "";
$DBName = "";
$user_logged_in = false;
$username     = isset($_POST['username'])       ? $_POST['username']          : null;
$userpassword = isset($_POST['userpassword'])   ? md5($_POST['userpassword']) : null;

if ($username and $userpassword)
{
  $DB = mysql_connect($DBhost,$DBuser,$DBpass) or die('Unable to connect to database.');
  @mysql_select_db($DBName) or die('Unable to select database: '.$DBName); 

  $result = mysql_query('SELECT id, admin_flags FROM ibf_members where name = ''.$username.'' and password=''.$userpassword.'' ', $DB); 

  if ($row = mysql_fetch_array($result))
  {
    session_set_cookie_params(time()+7200);
    session_cache_limiter('private');
    session_start();
      session_register('username');
      session_register('permissions');
      session_register('aid');
      session_register('sid');
      session_register('ipad');
      $_SESSION['permissions'] = (int)$row[1];
      $_SESSION['username'] = $username;
      $_SESSION['aid'] = (int)$row[0];
      $_SESSION['sid'] = session_id();
      $_SESSION['ipad'] = $_SERVER['REMOTE_ADDR'];
    session_write_close();
  }
  else
  {
    session_start();
    $_SESSION = array();
    session_destroy();
  }
}

?>

on the page that I used it I did this,

<?
require 'login.php';


$permissions = array('maps'      => 1,
                     'news'      => 2,
                     'superuser' => 4,
                     'high'      => 4);


function get_permissions($admin_flags)
{
  global $permissions;

  $tmp = $admin_flags;
  $permset = array();
  $s = $permissions['high'];

  while ($s >= 1) {
    $permset[$s] = (int)($tmp / $s);
    $tmp = $tmp % $s;
    $s = $s / 2;
  }

  return $permset;
}

session_start();
  $sess_user  = $_SESSION['username'];
  $sess_perms = $_SESSION['permissions'];
  $user_ip    = $_SESSION['ipad'];
session_write_close();

$user_perms = get_permissions($sess_perms);

foreach($_SESSION as $k=>$v) echo '"'. $k . '"=>"' . $v .'"<br>';
foreach($user_perms as $k=>$v) echo '"'. $k . '"=>"' . $v .'"<br>';

if (isset($user_ip) and ($user_ip != $_SERVER['REMOTE_ADDR'])) exit;

$user_login_state = 'Not logged in.';
$user_logged_in = false;
if (isset($sess_user))
{
  $user_login_state = 'Logged in as:<br>' . $username;
  $user_logged_in = true;
}

?>

the part with the permissions

 <font size="1" face="Verdana" color="#FFFFFF"><center><br><?=$user_login_state?><br></center></font>

<? if ($user_logged_in) { ?>

<? if ($sess_perms > 0) {?>
	<br><img src="line_admin.jpg" width="147" height="18">
<? } else { ?>
	<br><img src="line_login.jpg" width="147" height="18">
<? } ?>

<? if ($user_perms[$permissions['superuser']]) { ?>
	<br> &nbsp; <font size="1" face="Verdana" color="#FFFFFF"><a href="#admin.php">Administer Site</a></font>
<? } ?>
<? if ($user_perms[$permissions['maps']]) { ?>
	<br> &nbsp; <font size="1" face="Verdana" color="#FFFFFF"><a href="#modmaps.php">Moderate Submissions</a></font>
<? } ?>
<? if ($user_perms[$permissions['news']]) { ?>
	<br> &nbsp; <font size="1" face="Verdana" color="#FFFFFF"><a href="updatenews.php">Write a News Post</a></font>
<? } ?>
        <br><center><input type="button" name="logout" value="logout" onclick="location.href='logout.php?url=<?=urlencode($_SERVER['REQUEST_URI'])?>';" STYLE="color: #FFFFFF; font-family: Verdana; font-size: 10px; border-width: 1; border-color: #000000; border-style: solid; background-color: #3D729C;"></center>
<? } else { ?>
	<br><img src="line_login.jpg" width="147" height="18">
        <FORM method="POST" action="index.php"><center>
          <font size="1" face="Verdana" color="#FFFFFF">Username:<br>
          </font><INPUT type="text" name="username" STYLE="color: #FFFFFF; font-family: Verdana; font-size: 10px; border-width: 1; border-color: #000000; border-style: solid; background-color: #3D729C;" size="19" maxlength="30"><font size="1" face="Verdana" color="#FFFFFF"><br>
          Password:<br></font>
          <INPUT type="password" name="userpassword" STYLE="color: #FFFFFF; font-family: Verdana; font-size: 10px; border-width: 1; border-color: #000000; border-style: solid; background-color: #3D729C;" size="19" maxlength="30"><br>
          <INPUT type="submit" value="login" STYLE="color: #FFFFFF; font-family: Verdana; font-size: 10px; border-width: 1; border-color: #000000; border-style: solid; background-color: #3D729C;" name="userlogin"></center>
        </FORM>
<? } ?>

stolzyboy

for starters, no pun intended, session_start(); always has to be the first line of your code, php or otherwise

velocityX

Thats cause its not my full code that i posted

stolzyboy

Originally posted by velocityX
Thats cause its not my full code that i posted

that's besides the point, you have session_start(); all over in your code, after other lines of php and html, it HAS to be the first line for it to work

this is how you start a sessioned page

<?
session_start();

and you are mixing $_SESSION['varname'], and session_register

that is not the correct way of doing it, you only need to use one or the other, according to php.net, i would suggest just using the $_SESSION['varname'] way, as that is the preferred way