Hello ,
Those code doesn't mean anything to client browser, you may session cookie
problem. Please check php.net online manual about it.
Regards
Sancar
On Saturday 04 August 2007 18:20:49 Brian Seymour wrote:
> I mostly use Firefox but still I check to make sure everything works in IE7
> and other browsers equally as well. I had strange results here. I have a
> simple login form(user/pass field and submit button). I have the actual
> login request script in a common php file. I have an Authentication class
> that handles my auth stuff. With the code the way it is, it works perfectly
> in firefox. However, in IE7 when you log in it shows the restricted stuff
> but as soon as you navigate anywhere else you no longer have access. If you
> login again then it works fine just like the first time you logged in using
> firefox.
>
> Now if you change $_SESSION['uid']=="" to !isset($_SESSION['uid']) then it
> works perfectly on both browsers.
>
> Anyhow, rifle through the code -- just something to think about. Anybody
> else have a similar issue before?
>
> Web Code:
> Restricted stuff:
> <?php
> if ($_SESSION['uid']==""){
> $ops->postLogin($e);
> }else{
> ?>
> Logged in stuff(Restricted stuff)
> <?php } ?>
>
> Common snippet:
> if ($_POST[action]=="login"){
> $auth = new
> Authentication($host,$user,$pass,"dbname","http://aerocore.net/";);
> if
> ($auth->verifyCreds($_POST['username'],$_POST['password'],"base_contributor
>s ","id"))
> {
> $_SESSION['uid'] = $auth->retId;
> $auth->failSafe();
> break;
> }
> }
>
> Authentication:
> class Authentication extends SQL {
> public $errorMsg;
> public $retId;
> public $clean = array();
> public $fail;
>
> public function __construct($host,$user,$pass,$dbname =
> null,$fail)
> {
> parent::__construct($host,$user,$pass,$dbname =
> null);
> $this->fail=$fail;
> }
>
> public function failSafe()
> {
> header("Location: {$this->fail}");
> }
>
> final public function sanitizeLoginCreds($user, $pass)
> {
> $this->clean['username']=strip_tags($user);
> $this->clean['password']=strip_tags($pass);
> if (!ctype_alnum($this->clean['username'])){
> $this->clean['username']=""; }
> if (!ctype_alnum($this->clean['password'])){
> $this->clean['password']=""; }
> }
>
> final public function verifyCreds($user, $pass, $table,
> $retVal = null)
> {
> $this->sanitizeLoginCreds($user,$pass);
>
> //$this->result = $this->query("SELECT * FROM $table
> where username='{$this->clean[username]}' and
> password='{$this->clean[password]}'");
>
> if ($this->fetchNumRows("SELECT * FROM $table where
> username='{$this->clean[username]}' and
> password='{$this->clean[password]}'") == 0)
> {
> $this->errorMsg = "Incorrect
> Username/Password Combo";
> $this->failSafe();
> return false;
> }
> else
> {
> if (isset($retVal))
> {
> $this->retId =
> $this->fetchArray("SELECT * FROM $table where
> username='{$this->clean[username]}' and
> password='{$this->clean[password]}'");
> $this->retId =
> $this->retId[$retVal];
> }
> return true;
> }
>
> }
>
> final public function secureLogout()
> {
> $_SESSION = array();
> session_destroy();
> $this->failSafe();
> }
>
> public function __destruct(){}
> }
>
> Brian Seymour
> Zend Certified Engineer
> AeroCoreProductions
> http://www.aerocore.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
