Authentication not working.
LOGIN.PHP
Code:
<?php require_once('Connections/myconn.php'); ?>
<?php
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "a_index.php";
$MM_redirectLoginFailed = "login.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_myconn, $myconn);
$LoginRS__query=sprintf("SELECT id,email, password FROM members WHERE email='%s' AND password='%s' and active = 'Yes' ",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $myconn) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
//admin type
$loginStrGroup = "MEMBER";
$array = mysql_fetch_assoc($LoginRS);
$GLOBALS['memberID'] = $array['id'];
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
session_register("memberID");
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
echo "login fail";
}
}
?>
LOGIN-CHECK.PHP
Code:
<?php
$MM_authorizedUsers = "MEMBER";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
echo "<script>window.location = 'login.php'; </script>";
exit;
}
?>
RELEVENT OPENING LINES of a_index.php
Code:
<?php
include('header.php');
require_once('myfunctions.php');
require_once('Connections/myconn.php'); ?>
<?php
//debug check
print $_SESSION['memberID'];
print $_SESSION['MM_Username'];
print $_SESSION['MM_Usergroup'];
//
//fetch header
require_once('login_check.php');
$currentPage = $_SERVER["PHP_SELF"];
The debug is empty and it appears the session variables are blank and because of that its causing every login attempt to default to hitting this line.
Code:
echo "<script>window.location = 'login.php'; </script>";
I enter tha member and password oon LOGIN.PHP it accepts it successfully and redirects me to 1_index.php, then it goes through the PHP and hits the LOGIN-CHECK.php at which point the seesion variables I believe are empty so it fails the check and sends me back to login.php.
This session junk is not my strong suit and this has wasted my whole morning.
Apreciate any help.