Login_check fail

General PHP Help
#1

My login info is correct as it lets me login, but my login check always fails. Any suggestions? [php]function login_check($mysqli) {
// Check if all session variables are set
if(isset($_SESSION[‘user_id’], $_SESSION[‘username’], $_SESSION[‘login_string’])) {
$user_id = $_SESSION[‘user_id’];
$login_string = $_SESSION[‘login_string’];
$username = $_SESSION[‘username’];

 $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

 if ($stmt = $mysqli->prepare("SELECT password FROM users WHERE id = ? LIMIT 1")) { 
    $stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
    $stmt->execute(); // Execute the prepared query.
    $stmt->store_result();

    if($stmt->num_rows == 1) { // If the user exists
       $stmt->bind_result($password); // get variables from result.
       $stmt->fetch();
       $login_check = hash('sha512', $password.$user_browser);
       if($login_check == $login_string) {
          // Logged In!!!!
          return true;
       } else {
          // Not logged in
          return false;
       }
    } else {
        // Not logged in
        return false;
    }
 } else {
    // Not logged in
    return false;
 }

} else {
// Not logged in
return false;
}
}

if(login_check($mysqli) == true) {
} else {
echo 'You are not authorized to access this page, please login.
';
}
[/php]

#2

I’m confused, the check fails and it still allows you to log in?

If you run this code below what happens…

[php]function login_check($mysqli) {
// Check if all session variables are set
if(isset($_SESSION[‘user_id’], $_SESSION[‘username’], $_SESSION[‘login_string’])) {
$user_id = $_SESSION[‘user_id’];
$login_string = $_SESSION[‘login_string’];
$username = $_SESSION[‘username’];

 $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

 if ($stmt = $mysqli->prepare("SELECT password FROM users WHERE id = ? LIMIT 1")) { 
    $stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
    $stmt->execute(); // Execute the prepared query.
    $stmt->store_result();

    if($stmt->num_rows == 1) { // If the user exists
       $stmt->bind_result($password); // get variables from result.
       $stmt->fetch();
       $login_check = hash('sha512', $password.$user_browser);
       if($login_check == $login_string) {
          // Logged In!!!!
         echo 'I just logged in';
          return true;
       } else {
          // Not logged in
          return false;
       }
    } else {
        // Not logged in
        return false;
    }
 } else {
    // Not logged in
    return false;
 }

} else {
// Not logged in
return false;
}
}

if(login_check($mysqli) == true) {
} else {
echo 'You are not authorized to access this page, please login.
';
} [/php]

Does it say

I just logged in You are not authorized to access this page, please login.

or just

You are not authorized to access this page, please login.
Sponsor our Newsletter | Privacy Policy | Terms of Service