authuser issues

skafreak121

this:

<?php
session_start();
$SESSION['username']=$POST['user'];
$SESSION['userpass']=$POST['pass'];
$_SESSION['authuser']=0;

if (($_SESSION['username']== 'Joe') AND
       ($_SESSION['userpass']== '12345'))
{
$_SESSION['authuser']=1;
}

else
{
echo "Sorry, you dont have permission to view this page!";
exit();
}

<html>
<head>
<title>Find my Favorite Movie!</title>
</head>
<body>
<?php
$myfavmovie=urlencode("Life of Brian");
echo "<a href='http://localhost/moviesite.php?favmovie=$myfavmovie'>";
echo "Click here to see information about my favorite movie!";
echo "</a>";
?>
</body>
</html>

should let me link to this:

<?php
session_start();
//check to see if user has loged on with valid password
if ($SESSION['authuser']!=1) {
echo "Sorry, but you dont have permission to view this page!";
exit();
}
?>
<html>
<head>
<title>My Movie Site - <?php echo $REQUEST['favmovie'] ?></title>
</head>
<body>
<?php
echo "Welcome to our site, ";
echo $SESSION['username'];
echo "! <br>";
echo "My favorite movie is ";
echo $REQUEST['favmovie'];
echo "<br>";
$movierate=5;
echo "My rating for the movie is: ";
echo $movierate;
?>
</body>
</html>

but i only get "sorry, you dont have permission to view this page!"
what did i do wrong?

harmor

Try This

Change

<?php 
session_start(); 
//check to see if user has loged on with valid password 
if ($_SESSION['authuser']!=1) { 
echo "Sorry, but you dont have permission to view this page!"; 
exit(); 
} 
?>

<?php 
session_start(); 
//check to see if user has loged on with valid password 
if ($_SESSION['authuser']!=1) { 
 die('Sorry, but you dont have permission to view this page!'); 
} 
?>

skafreak121

seemed to do the same thing

harmor

Try This

Change

<?php  

session_start();  

//check to see if user has loged on with valid password 
if ($_SESSION['authuser']!=1) {  

 die('Sorry, but you dont have permission to view this page!');  

}  

?>

<?php  

session_start();  

//check to see if user has loged on with valid password 
if (!$_SESSION['authuser']=1) {  

 die('Sorry, but you dont have permission to view this page!');  

}  

?>

I just moved the exclimation point

skafreak121

okay that worked. thank you very much. just a quick question...why did moving the ! work?

harmor

Actually I have no clue.
Glad yoou got it working.

skafreak121

hahahahahahahahah....that great lol....thanks again

harmor

While I'm here I'll explain why I used

die('Sorry, but you dont have permission to view this page!');

As opposed to

echo "Sorry, but you dont have permission to view this page!";

Using "echo"
If the person types in the wrong username and/or password it'll display the "Sorry, but you dont have permission to view this page!" message but will also display the contents below it.

Using "die"
If the person types in the wrong username and/or password it'll display any information down to where you have your if statement.
Lets say you had

<?php   

session_start(); 

$_SESSION['username']

//check to see if user has loged on with valid password 
if (!$_SESSION['authuser']=1) {   

 die('Sorry, but you dont have permission to view this page!');   

}  

//the other php here 
?>

While $_SESSION['username'] will be displayed the php under the "die" statement will not be displayed.

skafreak121

thank you. i do have one more question, the page is working fine except i should see the username along with "Welcome to our site, " code:
<?php
echo "Welcome to our site, ";
echo $_SESSION['username'];

but the username isnt showing up

harmor

Originally posted by skafreak121
thank you. i do have one more question, the page is working fine except i should see the username along with "Welcome to our site, " code:
<?php
echo "Welcome to our site, ";
echo $_SESSION['username'];

but the username isnt showing up

You don't need to "echo" everyline

<?php 
echo "Welcome to our site, ".$_SESSION['username']."! <br>
My favorite movie is ".$_REQUEST['favmovie']."<br>
".$movierate."=5 My rating for the movie is: ".$movierate."";
?>

hopefully I fixed your problem with the username.

skafreak121

page still came up, but still no username

harmor

I don't know why it doesn't work.

Go to http://forums.invisionize.com/index.php?showforum=41 and ask your question there.
You'll probably get your answer solved there before you do here.

harmor

Credit goes to Nickoladze on invisionize.com

Try

<?php 
session_start(); 
print_r($_SESSION);
//check to see if user has loged on with valid password 

//the rest of the php here

Noce the print_r($_SESSION);

drew010

actually it probably wasnt printing username cause session_start() wasnt called before using $_SESSION. that has to be in place in every script you want to use sessions in.

also, die and exit are identical. die is an alias of exit.

the problem with the line
if (!$SESSION['authuser']=1) {
is the =1 part.
=1 is going to assign $SESSION['authuser'] the value of 1.
== is the comparison operator.

take the following code:

$var = "hello";
if ($var = "goodbye") {
  echo "var is goodbye";
}

at first, var contains hello. inside the if statement it gets assigned the value goodbye, and "var is goodbye" is output to the browser because the assignment was successful (which will pretty much always be the case.

<?php
session_start();

if ($_SESSION['authuser'] != 1) {
  echo "Not authorized";
  exit;
}
?>

should be the correct code for what you want to do.

harmor

Would this work also?

<?php 
session_start(); 

if (!$_SESSION['authuser'] == 1) { 
  echo "Not authorized"; 
  exit; 
} 
?>

drew010

yeah that works too.

skafreak121

but, drew010 if you look at my original post (2nd set of code), you should find that start_session() was call out right at the beginning.

skafreak121

all the print_r did was show Array() at the beginning of the page

drew010

maybe the session id isnt being passed. make sure session.use_trans_sid is turned on and session.use_only_cookies is off.

skafreak121

session.use_trans_sid is turned on

i turned this on and it didnt seem to matter

session.use_only_cookies is off.

this has been turned off

any other suggestions?