[Resolved] Login Issue

John_wilson

<?
include("header.php");
include("config.php");
print ("$logres");
$logres=@mysql_num_rows(mysql_query("select * from pupils where name=$user AND password=$pass"));

if($logres<=0)
{
print ("login correct");
print ("Please click <A href=index.htm> here </a> to continue");
print("$logres");
session_register("user");
}
else
{
print ("incorrect logon");
print ("Please click <A href=testlogon.php> here </a> to re-try");
}

Right above code is meant to check logins, ( it always lets people in, it shouldn't) Are there any obvious balls ups?

Also, sometimes, later ( in the site) the user will be wrong a previous user will be used, any way I can get a session to die when a page is loaded? (when the user hits back often enough yuo get another users info, even if they log in ( works fine if window is closed)

Thanks

John

Natty_Dreadlock

hi,
your query shoul look like this: select * from pupils where name='$user' AND password='$pass' (u forgot the '). moreover, the if query checks if there are zero or less results so everybody can login. u gotta write: if($logres > 0)
sorry, i did not get your second problem, can u explain it one more time??

John_wilson

Wow that was quick!

Thanks will try the amendments.

Second problem.

If a user ie bob, has finished, and types in the url or hits the back button to the logon screen, then user jim logs in jim will get bobs data.

Not sure if that makes sense but basically I want to stop this.

Any ideas?

Thanks

Natty_Dreadlock

ok got it what kinda session function r u usin?

John_wilson

at the start I run session_start(); the store the vars using session_register($varname);

To be honest I'm not sure if thats what you were after. but sessions are my weak bit (like everything else:p )

Natty_Dreadlock

ok maybe there some problem with your session code (what u told me was indeed what i wanted to know), check if i.e. bob and jim use the same session id... maybe u need to include some logout page that calls session_unset() and session_destroy() to log out the user.
hth

John_wilson

with session_destroy(); can it just be run or do you need the session id?

Natty_Dreadlock

i think it can be run without passin the sid, but have a look at the doc at www.php.net/session_destroy and www.php.net/session_unset .

John_wilson

woo hoo sorted.

Thanks

John