Jump to content

redirect loop for non admin users?

MSUK1

By MSUK1
in PHP Coding Help

 Share

Recommended Posts

MSUK1 Member

MSUK1

Posted
Posted

hello, so i have a php login area for my clients...

 

when i register a client it sets the user level to 1

admin user level is 9

 

any user whose level i >9 it redirect loops between the directory www.domain.com/ClientArea/

 

i changed that users level to 9, to see if it would log in, and it did fine...

 

so i am a bit stuck as to where the problem is?

 

here are some code snippets you'll need to help me if you can:)

process.php (where the form is sent)

   function procLogin(){
      global $session, $form;
      /* Login attempt */
      $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
      
      /* Login successful */
      if($retval){
         header("Location: ../ClientArea/");
      }
      /* Login failed */
      else{
         $_SESSION['value_array'] = $_POST;
         $_SESSION['error_array'] = $form->getErrorArray();
         header("Location: ../ClientArea/?login=failed");
      }
   }

 

session.php (where the magic happens) its inc into the process.php and inc into the index.php of clientarea


   /**
    * startSession - Performs all the actions necessary to 
    * initialize this session object. Tries to determine if the
    * the user has logged in already, and sets the variables 
    * accordingly. Also takes advantage of this page load to
    * update the active visitors tables.
    */
   function startSession(){
      global $database;  //The database connection
      session_start();   //Tell PHP to start the session

      /* Determine if user is logged in */
      $this->logged_in = $this->checkLogin();

      /**
       * Set guest value to users not logged in, and update
       * active guests table accordingly.
       */
      if(!$this->logged_in){
         $this->username = $_SESSION['username'] = GUEST_NAME;
         $this->userlevel = GUEST_LEVEL;
         $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
      }
      /* Update users last active timestamp */
      else{
         $database->addActiveUser($this->username, $this->time);
      }
      
      /* Remove inactive visitors from database */
      $database->removeInactiveUsers();
      $database->removeInactiveGuests();
      
      /* Set referrer page */
      if(isset($_SESSION['url'])){
         $this->referrer = $_SESSION['url'];
      }else{
         $this->referrer = "/";
      }

      /* Set current url */
      $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
   }

   /**
    * checkLogin - Checks if the user has already previously
    * logged in, and a session with the user has already been
    * established. Also checks to see if user has been remembered.
    * If so, the database is queried to make sure of the user's 
    * authenticity. Returns true if the user has logged in.
    */
   function checkLogin(){
      global $database;  //The database connection
      /* Check if user has been remembered */
      if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
         $this->username = $_SESSION['username'] = $_COOKIE['cookname'];
         $this->userid   = $_SESSION['userid']   = $_COOKIE['cookid'];
      }

      /* Username and userid have been set and not guest */
      if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
         $_SESSION['username'] != GUEST_NAME){
         /* Confirm that username and userid are valid */
         if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
            /* Variables are incorrect, user not logged in */
            unset($_SESSION['username']);
            unset($_SESSION['userid']);
            return false;
         }

         /* User is logged in, set class variables */
         $this->userinfo  = $database->getUserInfo($_SESSION['username']);
         $this->username  = $this->userinfo['username'];
         $this->userid    = $this->userinfo['userid'];
         $this->userlevel = $this->userinfo['userlevel'];
         $this->firstname = $this->userinfo['firstname'];
         $this->lastname  = $this->userinfo['lastname'];
         $this->company   = $this->userinfo['company'];
         $this->tel       = $this->userinfo['tel'];
         $this->address   = $this->userinfo['address'];
         $this->email   = $this->userinfo['email'];
         return true;
      }
      /* User not logged in */
      else{
         return false;
      }
   }

   /**
    * login - The user has submitted his username and password
    * through the login form, this function checks the authenticity
    * of that information in the database and creates the session.
    * Effectively logging in the user if all goes well.
    */
   function login($subuser, $subpass, $subremember){
      global $database, $form;  //The database and form object

      /* Username error checking */
      $field = "user";  //Use field name for username
      if(!$subuser || strlen($subuser = trim($subuser)) == 0){
         $form->setError($field, "* Username not entered");
      }
      else{
         /* Check if username is not alphanumeric */
         if(!eregi("^([0-9a-z])*$", $subuser)){
            $form->setError($field, "* Username not alphanumeric");
         }
      }

      /* Password error checking */
      $field = "pass";  //Use field name for password
      if(!$subpass){
         $form->setError($field, "* Password not entered");
      }
      
      /* Return if form errors exist */
      if($form->num_errors > 0){
         return false;
      }

      /* Checks that username is in database and password is correct */
      $subuser = stripslashes($subuser);
      $result = $database->confirmUserPass($subuser, md5($subpass));

      /* Check error codes */
      if($result == 1){
         $field = "user";
         $form->setError($field, "* Username or password incorrect");
      }
      else if($result == 2){
         $field = "pass";
         $form->setError($field, "* Username or password incorrect");
      }
      
      /* Return if form errors exist */
      if($form->num_errors > 0){
         return false;
      }

      /* Username and password correct, register session variables */
      $this->userinfo  = $database->getUserInfo($subuser);
      $this->username  = $_SESSION['username'] = $this->userinfo['username'];
      $this->userid    = $_SESSION['userid']   = $this->generateRandID();
      $this->userlevel = $this->userinfo['userlevel'];
      
      /* Insert userid into database and update active users table */
      $database->updateUserField($this->username, "userid", $this->userid);
      $database->addActiveUser($this->username, $this->time);
      $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);

      /**
       * This is the cool part: the user has requested that we remember that
       * he's logged in, so we set two cookies. One to hold his username,
       * and one to hold his random value userid. It expires by the time
       * specified in constants.php. Now, next time he comes to our site, we will
       * log him in automatically, but only if he didn't log out before he left.
       */
      if($subremember){
         setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
         setcookie("cookid",   $this->userid,   time()+COOKIE_EXPIRE, COOKIE_PATH);
      }

      /* Login completed successfully */
      return true;
   }

Link to comment
Share on other sites
BlueSkyIS Newbie

BlueSkyIS

Posted
Posted

what i do is obliterate my code with echo statements to follow the logic and check the values of variables all along the way, looking for unexpected variables and cases where a true/false check is the opposite of what it should be. i find it much more difficult to walk through the logic in my head, trying to remember what variable is supposed to be set to what where. that is my entire savings of 2 cents.

Link to comment
Share on other sites
ChemicalBliss Newbie

ChemicalBliss

Posted
Posted

Try this code - i've added a debug catch that will collect info in a session array on each loop and force stop any loops at 10 runs, then print debug data.

 

Look in the source code (View source) and copy/paste here.

 

      if($retval){
        $_SESSION['DEBUG_COUNT'] = (isset($_SESSION['DEBUG_COUNT']))? ($_SESSION['DEBUG_COUNT'] + 1) : 1);
		$_SESSION['DEBUG_LOG'] = (!isset($_SESSION['DEBUG_LOG'])) array() : $_SESSION['DEBUG_LOG'];
		$_SESSION['DEBUG_LOG'][] = array(
			"current_path"=>	realpath("./"),
			"next_path"=>		realpath("../ClientArea/"),
			"login_result"=>	$retval
		);

		// Break any loops
		if($_SESSION['DEBUG_COUNT'] >= 10){
			print_r( $_SESSION);
			unset($_SESSION['DEBUG_COUNT'],$_SESSION['DEBUG_LOG']);
			exit();
		}

            header("Location: ../ClientArea/");
		exit(); // Should put exit()s behind your header redirects
      }

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.