Hello, this is a strange one for me, I’ve got this script that runs from a login form. It works fine to login, but it won’t let me login from other places. It saves my ipaddress from when I set it up and session ID in a database but I’m unsure of how to drop the ipaddress and session from the table on logout/browser close.
Here’s my code:
[php]
<?php session_start(); $server_dat['user_ip'] = $_SERVER['REMOTE_ADDR']; $server_dat['user_session'] = session_id(); $sql['host'] = "HIDDEN"; $sql['user'] = "HIDDEN"; $sql['pass'] = "HIDDEN"; $sql['name'] = "HIDDEN"; $sql['t_users'] = "users"; // DECLARE VALIDATION TRIGGERS $myusername['empty'] = false; $mypassword['empty'] = false; $myusername['chars'] = false; $mypassword['chars'] = false; $loggedin = false; // LOGIN STATE $allokay = true; // PROCESS STATE // DECLARE VALIDATION TRIGGERS // GET POSTED DATA AND PREPARE $myusername['data'] = $_POST['myusername']; // GET DATA FROM POST $mypassword['data'] = $_POST['mypassword']; // GET DATA FROM POST $myusername['data'] = stripslashes($myusername['data']); // REMOVE SLASHS $mypassword['data'] = stripslashes($mypassword['data']); // REMOVE SLASHS // GET POSTED DATA AND PREPARE // VALIDATE POSTED DATA if ($myusername['data']!==''){ $myusername['empty'] = true; } if ($mypassword['data']!==''){ $mypassword['empty'] = true; } $myusername['chars'] = ctype_alnum($myusername['data']); // CHECK FOR ALPHANUMERIC DATA $mypassword['chars'] = ctype_alnum($mypassword['data']); // CHECK FOR ALPHANUMERIC DATA // VALIDATE POSTED DATA // ERROR TRAPPING if ($myusername['empty']===false){ $allokay = false; } if ($mypassword['empty']===false){ $allokay = false; } if ($myusername['chars']===false){ $allokay = false; } if ($mypassword['chars']===false){ $allokay = false; } // ERROR TRAPPING // IF OKAY TO PROCESS if ($allokay===true){ // CONNECT TO SQL AND QUERY mysql_connect($sql['host'], $sql['user'], $sql['pass']) or die("cannot connect"); mysql_select_db($sql['name']) or die("cannot select DB"); $query = "SELECT * FROM ".$sql['t_users']." WHERE username='".$myusername['data']."'"; $result = mysql_query($query); // CONNECT TO SQL AND QUERY // LOOP RESULTS FROM SQL while ($row=mysql_fetch_assoc($result)) { $row['id']; // DATA FROM THIS RECORD $row['username']; // DATA FROM THIS RECORD $row['password']; // DATA FROM THIS RECORD $row['session']; // DATA FROM THIS RECORD $row['ipadd']; // DATA FROM THIS RECORD // PERFORM COMPARISON WITH CODE NOT SQL if (($row['username']===$myusername['data'])and($row['password']===$mypassword['data'])){ $loggedin = true; $user['id'] = $row['id']; // COPY MATCHED DATA $user['username'] = $row['username']; // COPY MATCHED DATA $user['password'] = $row['password']; // COPY MATCHED DATA $user['session'] = $row['session']; // COPY MATCHED DATA $user['ipadd'] = $row['ipadd']; // COPY MATCHED DATA } // PERFORM COMPARISON WITH CODE NOT SQL } unset($row); // UNSET ROW POINTER // LOOP RESULTS FROM SQL } // IF OKAY TO PROCESS // IF LOGIN STATE IS TRUE if ($loggedin===true){ $query = "UPDATE ".$sql['t_users']." SET session = '".$server_dat['user_session']."' WHERE id = '".$user['id']."' "; mysql_query($query); unset($query); $query = "UPDATE ".$sql['t_users']." SET ipadd = '".$server_dat['user_ip']."' WHERE id = '".$user['id']."' "; mysql_query($query); unset($query); // FORWARD TO SUCCES PAGE echo ""; // FORWARD TO SUCCES PAGE } // IF LOGIN STATE IS TRUE // IF LOGIN STATE IS FALSE if ($loggedin===false){ if ($myusername['empty']===false) { echo "Username cannot be empty"."\n"; } elseif ($mypassword['empty']===false) { echo "Password cannot be empty"."
\n"; } elseif ($myusername['chars']===false) { echo "Username contains duff chars"."
\n"; } elseif ($mypassword['chars']===false) { echo "Username contains duff chars"."
\n"; } else { echo "No username or password match was made"."
\n"; } } // IF LOGIN STATE IS FALSE ?>
[/php]
Any suggestions?