Once again, thanks for the replies...
But I'm afraid I'm not getting this right... I've tested with the various
versions of $_SESSION syntax which I've been recommended by the people on
this group. i.e.:
$_SESSION['s_user'] = $_POST['s_user'];
$_SESSION['s_pass'] = $_POST['s_pass'];
or
$_SESSION['s_user'] = "s_user";
$_SESSION['s_pass'] = "s_pass";
None of this seems to really make a difference.... I was wondering if this
was due to the nature of the array being used...
If I understand you right
session_register("s_user");
session_register("s_pass");
adds the values "s_user" and "s_pass" to an array, I suppose by index so the
key/value pairs would look like this "0/s_user" and "1/s_pass" - correct?
Now when I use the $_SESSION syntax as mentioned above I would think the
array changed nature so the key value pairs would look like this instead
"s_user/s_user" and "s_pass/s_pass", is that right?
How would this affect the use of the session variables in the
application/site?
As I said I'm not getting any real headway here, so I've posted the relevant
pages below in the hope that someone had the time and inclination to take a
look at them.
I've added a few comments of my own and removed the MySQL credentials 8-)
--- START session.php START ---
<?php
session_start();
include("_include/loginFunc.php");
/* ==========================================
* When we got this code, it looked like this:
*
* session_register("s_user");
* session_register("s_pass");
*
* ===========================================
*/
$_SESSION['s_user'] = "s_user";
$_SESSION['s_pass'] = "s_pass";
/* =========================================
* General variables
*
* I added this section because I got warnings about undeclared
* variables, when I ran this earlier.
*
* =========================================
*/
$user = "";
$pass = "";
drawhtmlhead();
dologin($user,$pass);
if($sub == "logout")
dologout();
?>
--- END session.php END ---
--- START loginfunc.php START ---
<html>
<head>
<title>PAGE TITLE</title>
<script language=javascript>
function doSubmit(sub)
{
document.form.sub.value = sub;
document.form.submit();
}
</script>
</head>
<?php
# generic stuff
/* =========================================
* Password and Username directly in the code?!?!?
*
* I commented on this earlier in the thread, but I would like to
* your comments on this... personally I think it's a terrible way
* of handling security!
*
* =========================================
*/
$LOGIN_INFO = "<center>LOGIN</center>";
$HEADER = "ADMIN";
$USER = "admin";
$PASS = "admin";
$WIDTH = 600;
$logout_text = "<center><h3>You have now logged out from the Admin
Application</h3></center>";
$login_page = "adminHome.php";
#-----------------#
# login functions #
#-----------------#
function checklogin($s_user, $s_pass)
{
global $USER,$PASS;
if($s_user == $USER && $s_pass == $PASS)
return "OK";
else
return "0";
}
function drawlogin()
{
global $LOGIN_INFO,$HEADER,$PHP_SELF;
?>
<center><br>
<form name=form method=post action=<? echo $PHP_SELF; ?>>
<input type=hidden name=sub>
<table border=0 cellpadding=1 cellspacing=0 width=1><tr><td
bgcolor=#444444>
<table border=0 cellpadding=16 cellspacing=0><tr><td bgcolor=white>
<table border=0 cellpadding=0 cellspacing=0 bgcolor=white>
<tr>
<td colspan=2><center><b><? echo $HEADER; ?><b></center> </b></b></td>
</tr>
<tr>
<td>username: </td>
<td><input type=text name=user></td>
</tr>
<tr>
<td>password: </td>
<td><input type=password name=pass></td>
</tr>
<tr>
<td> </td>
<td><a href=javascript:doSubmit('login');>[
login ]</a> <a href=javascript:document.form.reset();>[
clear ]</a></td>
</tr>
<tr>
<td
colspan=2><center>__________________________________</center> <br>
<? echo $LOGIN_INFO; ?>
</td>
</tr>
</table>
</td></tr></table>
</td></tr></table>
</form>
</center>
<?php
}
function dologout()
{
global $logout_text,$login_page;
session_destroy();
echo $logout_text;
echo "<a href='$login_page'><center><h3>Log in</h3></center></a>";
}
function dologin($user,$pass)
{
global $s_user, $s_pass;
if($user && $pass)
{
$s_user = $user;
$s_pass = $pass;
}
if($s_user && $s_pass)
{
if(!checklogin($s_user,$s_pass))
{
if($user && $pass)
echo "wrong username/password";
else
drawlogin();
die();
}
}
else
{
drawlogin();
die();
}
}
#---------------------#
# end login functions #
#---------------------#
#-----------------#
# basic functions #
#-----------------#
function drawhtmlhead()
{ global $style_page,$title;
?>
<p>
<?php
}
function drawhtmltail()
{
?>
<p>
<?php
}
function drawloggedintop()
{
global $HEADER, $WIDTH;
?>
<center>
<table width=<? echo $WIDTH; ?> cellpadding=0 cellspacing=0 border=0>
<tr>
<td align=right><small><? echo $HEADER; ?></small></td>
</tr>
</table>
</center>
<?
}
function drawloggedinhead()
{
global $HEADER, $WIDTH, $PHP_SELF;
?>
<center>
<table width=<? echo $WIDTH; ?> border=0 cellpadding=1
cellspacing=0><tr><td bgcolor=#444444>
<table width=100% border=0 cellpadding=16 cellspacing=0><tr><td
bgcolor=white>
<form name=form method=post action=<? echo $PHP_SELF; ?>
enctype="multipart/form-data">
<input type=hidden name=sub>
<?
}
function drawloggedintail()
{
?>
</form></td></tr></table></td></tr></table></center>
<?
}
#---------------------#
# end basic functions #
#---------------------#
?>
</html>
--- END loginfunc.php END ---
--- START adminHome.php START ---
<?php
include("session.php");
include("_include/global.php");
?>
<html>
<body>
<H1> Choose page to edit </H1>
<a href="adminForm.php?<?php print SID ?>&id=1">Home</a>
<a href="adminForm.php?<?php print SID ?>&id=2">Company</a>
<a href="adminForm.php?<?php print SID ?>&id=3">Products</a>
<a href="adminForm.php?<?php print SID ?>&id=4">Price</a>
<a href="adminForm.php?<?php print SID ?>&id=5">Links</a>
<a href="logout.php">Log Out</a>
</body>
</html>
--- END adminHome.php END ---
--- START global.php START ---
<?php
/* =========================================
* MYSQL Databas Login and variables
* =========================================
*/
$MYSQL_DB_NAME ="[DATABASE_NAME]";
$MYSQL_HOST = "[DATABASE_HOST]";
$MYSQL_USER = "[DATABASE_USER]";
$MYSQL_PS = "[DATABASE_PASSWORD]";
/* =========================================
* General variables
*
* I added this section because I got warnings about undeclared
* variables, when I ran this earlier.
*
* =========================================
*/
$content = "";
$image = "";
$modified_by = "";
/* ==============================================
* Function: db_connect()
* Return: connecting to the mysql db
* ===============================================
*/
function db_connect(){
mysql_connect($GLOBALS["MYSQL_HOST"],$GLOBALS["MYSQL_USER"],
$GLOBALS["MYSQL_PS"]) or die ("Could not connect to mysql");
mysql_select_db($GLOBALS["MYSQL_DB_NAME"]);
return;
}
/* ==============================================
* SQL Qureies
* ===============================================
*/
$sql_query_row ="SELECT * from tab_page where id=$id";
//$sql_query_content ="SELECT content from tab_page where id=$id";
//$sql_query_image ="SELECT image from tab_page where id=$id";
//$sql_query_modified_by ="SELECT modified_by from tab_page where id=$id";
//$sql_query_modified_date ="SELECT modified_date from tab_page where
id=$id";
$sql_update = "UPDATE tab_page
SET content = '$content',
image = '$image',
modified_by = '$modified_by',
modified_date = CURRENT_DATE
WHERE id= $id";
/*
$sql_ud_content = "UPDATE tab_page
SET content = $content
WHERE id= $id";
$sql_ud_image = "UPDATE tab_page
SET image = $image
WHERE id= $id";
$sql_ud_modified_by = "UPDATE tab_page
SET modified_by = $modified_by
WHERE id= $id";
*/
?>
--- END global.php END ---
The more I look at all of this, the more convinced I get that the dev's just
downloaded this code from somewhere - or rather a couple of somewheres, the
comments on the different pages are in entirely different styles and the PHP
sections in loginfunc.php were of the "<? ?>" version instead of the more
accepted "<?php ?>" version.
/KLL
"Justin Patrin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Kim L. Laage wrote:
>
> > (This msg. may arrive twice, with two different senders, I've had a
little
> > trouble with the news server)
> >
> > Hi, thanks for your reply.
> >
> >
> >>first $_SESSION works like this:
> >>
> >>session_start();
> >>$_session[user]=$_POST[user];//if using register_globals=off
> >>$_SESSION[user]=$user;//if register_globals=on..unsafe though
> >>
> >>$_SESSION superglobal is an array (usually associative) meaning that the
> >>element of the array (the part in the []) is either a variable name or
> >
> > some
> >
> >>custom name instead of the element number....
> >>
> >>$_POST[user] and $user are 2 different variables if
> >
> > register_globals=off...
> >
> > Just a couple of questions.
> > 1. I tried adding the lines as you wrote them, but then I got a "Notice:
Use
> > of undefined constant user - assumed 'user' in [FILENAME]", I assume I
need
> > to add quotation marks around "user" on both sides of the equal sign,
that
> > at least removes that notice.
> > 2. I also get a "Notice: Undefined index: user in [FILENAME]", do I need
to
> > declare the $_SESSION variable before populating it?
> >
>
> This is due to using this syntax:
> $_SESSION[user]
>
> You want to do this instead:
> $_SESSION['user'] = $_POST['user'];
>
> Whenever you index into an associative array, you should use strings for
> the key/index (i.e. use quotation marks). That is, unless you're using
> define(), but that's out of scope for this thread. ;-)
>
>
> --
> paperCrane <Justin Patrin>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
