MSUK1 Posted January 29, 2011 Share Posted January 29, 2011 hello, so i have a php login area for my clients... when i register a client it sets the user level to 1 admin user level is 9 any user whose level i >9 it redirect loops between the directory www.domain.com/ClientArea/ i changed that users level to 9, to see if it would log in, and it did fine... so i am a bit stuck as to where the problem is? here are some code snippets you'll need to help me if you can:) process.php (where the form is sent) function procLogin(){ global $session, $form; /* Login attempt */ $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); /* Login successful */ if($retval){ header("Location: ../ClientArea/"); } /* Login failed */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ../ClientArea/?login=failed"); } } session.php (where the magic happens) its inc into the process.php and inc into the index.php of clientarea /** * startSession - Performs all the actions necessary to * initialize this session object. Tries to determine if the * the user has logged in already, and sets the variables * accordingly. Also takes advantage of this page load to * update the active visitors tables. */ function startSession(){ global $database; //The database connection session_start(); //Tell PHP to start the session /* Determine if user is logged in */ $this->logged_in = $this->checkLogin(); /** * Set guest value to users not logged in, and update * active guests table accordingly. */ if(!$this->logged_in){ $this->username = $_SESSION['username'] = GUEST_NAME; $this->userlevel = GUEST_LEVEL; $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); } /* Update users last active timestamp */ else{ $database->addActiveUser($this->username, $this->time); } /* Remove inactive visitors from database */ $database->removeInactiveUsers(); $database->removeInactiveGuests(); /* Set referrer page */ if(isset($_SESSION['url'])){ $this->referrer = $_SESSION['url']; }else{ $this->referrer = "/"; } /* Set current url */ $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF']; } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ global $database; //The database connection /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ $this->username = $_SESSION['username'] = $_COOKIE['cookname']; $this->userid = $_SESSION['userid'] = $_COOKIE['cookid']; } /* Username and userid have been set and not guest */ if(isset($_SESSION['username']) && isset($_SESSION['userid']) && $_SESSION['username'] != GUEST_NAME){ /* Confirm that username and userid are valid */ if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['userid']); return false; } /* User is logged in, set class variables */ $this->userinfo = $database->getUserInfo($_SESSION['username']); $this->username = $this->userinfo['username']; $this->userid = $this->userinfo['userid']; $this->userlevel = $this->userinfo['userlevel']; $this->firstname = $this->userinfo['firstname']; $this->lastname = $this->userinfo['lastname']; $this->company = $this->userinfo['company']; $this->tel = $this->userinfo['tel']; $this->address = $this->userinfo['address']; $this->email = $this->userinfo['email']; return true; } /* User not logged in */ else{ return false; } } /** * login - The user has submitted his username and password * through the login form, this function checks the authenticity * of that information in the database and creates the session. * Effectively logging in the user if all goes well. */ function login($subuser, $subpass, $subremember){ global $database, $form; //The database and form object /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered"); } else{ /* Check if username is not alphanumeric */ if(!eregi("^([0-9a-z])*$", $subuser)){ $form->setError($field, "* Username not alphanumeric"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, "* Password not entered"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Checks that username is in database and password is correct */ $subuser = stripslashes($subuser); $result = $database->confirmUserPass($subuser, md5($subpass)); /* Check error codes */ if($result == 1){ $field = "user"; $form->setError($field, "* Username or password incorrect"); } else if($result == 2){ $field = "pass"; $form->setError($field, "* Username or password incorrect"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Username and password correct, register session variables */ $this->userinfo = $database->getUserInfo($subuser); $this->username = $_SESSION['username'] = $this->userinfo['username']; $this->userid = $_SESSION['userid'] = $this->generateRandID(); $this->userlevel = $this->userinfo['userlevel']; /* Insert userid into database and update active users table */ $database->updateUserField($this->username, "userid", $this->userid); $database->addActiveUser($this->username, $this->time); $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his random value userid. It expires by the time * specified in constants.php. Now, next time he comes to our site, we will * log him in automatically, but only if he didn't log out before he left. */ if($subremember){ setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH); } /* Login completed successfully */ return true; } Quote Link to comment Share on other sites More sharing options...
MSUK1 Posted January 29, 2011 Author Share Posted January 29, 2011 anyone had a change to find any bugs in this? Quote Link to comment Share on other sites More sharing options...
MSUK1 Posted January 30, 2011 Author Share Posted January 30, 2011 ive tried to narrow this down a bit more, the code is executing a logon, as i changed the succesful login url to /asufhasfihsd and it loaded that page.. so something is going wrong AFTER the user is logged in? still any suggestions? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted January 30, 2011 Share Posted January 30, 2011 what i do is obliterate my code with echo statements to follow the logic and check the values of variables all along the way, looking for unexpected variables and cases where a true/false check is the opposite of what it should be. i find it much more difficult to walk through the logic in my head, trying to remember what variable is supposed to be set to what where. that is my entire savings of 2 cents. Quote Link to comment Share on other sites More sharing options...
MSUK1 Posted January 30, 2011 Author Share Posted January 30, 2011 i'll give that a go, not wanting to look like im after a quick-fix [well i am] but i have patience.. it just doesnt make sense for it to work for a userlevel of 9 and not for 1 Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted January 30, 2011 Share Posted January 30, 2011 Try this code - i've added a debug catch that will collect info in a session array on each loop and force stop any loops at 10 runs, then print debug data. Look in the source code (View source) and copy/paste here. if($retval){ $_SESSION['DEBUG_COUNT'] = (isset($_SESSION['DEBUG_COUNT']))? ($_SESSION['DEBUG_COUNT'] + 1) : 1); $_SESSION['DEBUG_LOG'] = (!isset($_SESSION['DEBUG_LOG'])) array() : $_SESSION['DEBUG_LOG']; $_SESSION['DEBUG_LOG'][] = array( "current_path"=> realpath("./"), "next_path"=> realpath("../ClientArea/"), "login_result"=> $retval ); // Break any loops if($_SESSION['DEBUG_COUNT'] >= 10){ print_r( $_SESSION); unset($_SESSION['DEBUG_COUNT'],$_SESSION['DEBUG_LOG']); exit(); } header("Location: ../ClientArea/"); exit(); // Should put exit()s behind your header redirects } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.