Php login help!


#1

Hello, this is a strange one for me, I’ve got this script that runs from a login form. It works fine to login, but it won’t let me login from other places. It saves my ipaddress from when I set it up and session ID in a database but I’m unsure of how to drop the ipaddress and session from the table on logout/browser close.

Here’s my code:

[php]

<?php session_start(); $server_dat['user_ip'] = $_SERVER['REMOTE_ADDR']; $server_dat['user_session'] = session_id(); $sql['host'] = "HIDDEN"; $sql['user'] = "HIDDEN"; $sql['pass'] = "HIDDEN"; $sql['name'] = "HIDDEN"; $sql['t_users'] = "users"; // DECLARE VALIDATION TRIGGERS $myusername['empty'] = false; $mypassword['empty'] = false; $myusername['chars'] = false; $mypassword['chars'] = false; $loggedin = false; // LOGIN STATE $allokay = true; // PROCESS STATE // DECLARE VALIDATION TRIGGERS // GET POSTED DATA AND PREPARE $myusername['data'] = $_POST['myusername']; // GET DATA FROM POST $mypassword['data'] = $_POST['mypassword']; // GET DATA FROM POST $myusername['data'] = stripslashes($myusername['data']); // REMOVE SLASHS $mypassword['data'] = stripslashes($mypassword['data']); // REMOVE SLASHS // GET POSTED DATA AND PREPARE // VALIDATE POSTED DATA if ($myusername['data']!==''){ $myusername['empty'] = true; } if ($mypassword['data']!==''){ $mypassword['empty'] = true; } $myusername['chars'] = ctype_alnum($myusername['data']); // CHECK FOR ALPHANUMERIC DATA $mypassword['chars'] = ctype_alnum($mypassword['data']); // CHECK FOR ALPHANUMERIC DATA // VALIDATE POSTED DATA // ERROR TRAPPING if ($myusername['empty']===false){ $allokay = false; } if ($mypassword['empty']===false){ $allokay = false; } if ($myusername['chars']===false){ $allokay = false; } if ($mypassword['chars']===false){ $allokay = false; } // ERROR TRAPPING // IF OKAY TO PROCESS if ($allokay===true){ // CONNECT TO SQL AND QUERY mysql_connect($sql['host'], $sql['user'], $sql['pass']) or die("cannot connect"); mysql_select_db($sql['name']) or die("cannot select DB"); $query = "SELECT * FROM ".$sql['t_users']." WHERE username='".$myusername['data']."'"; $result = mysql_query($query); // CONNECT TO SQL AND QUERY // LOOP RESULTS FROM SQL while ($row=mysql_fetch_assoc($result)) { $row['id']; // DATA FROM THIS RECORD $row['username']; // DATA FROM THIS RECORD $row['password']; // DATA FROM THIS RECORD $row['session']; // DATA FROM THIS RECORD $row['ipadd']; // DATA FROM THIS RECORD // PERFORM COMPARISON WITH CODE NOT SQL if (($row['username']===$myusername['data'])and($row['password']===$mypassword['data'])){ $loggedin = true; $user['id'] = $row['id']; // COPY MATCHED DATA $user['username'] = $row['username']; // COPY MATCHED DATA $user['password'] = $row['password']; // COPY MATCHED DATA $user['session'] = $row['session']; // COPY MATCHED DATA $user['ipadd'] = $row['ipadd']; // COPY MATCHED DATA } // PERFORM COMPARISON WITH CODE NOT SQL } unset($row); // UNSET ROW POINTER // LOOP RESULTS FROM SQL } // IF OKAY TO PROCESS // IF LOGIN STATE IS TRUE if ($loggedin===true){ $query = "UPDATE ".$sql['t_users']." SET session = '".$server_dat['user_session']."' WHERE id = '".$user['id']."' "; mysql_query($query); unset($query); $query = "UPDATE ".$sql['t_users']." SET ipadd = '".$server_dat['user_ip']."' WHERE id = '".$user['id']."' "; mysql_query($query); unset($query); // FORWARD TO SUCCES PAGE echo ""; // FORWARD TO SUCCES PAGE } // IF LOGIN STATE IS TRUE // IF LOGIN STATE IS FALSE if ($loggedin===false){ if ($myusername['empty']===false) { echo "Username cannot be empty"."
\n"; } elseif ($mypassword['empty']===false) { echo "Password cannot be empty"."
\n"; } elseif ($myusername['chars']===false) { echo "Username contains duff chars"."
\n"; } elseif ($mypassword['chars']===false) { echo "Username contains duff chars"."
\n"; } else { echo "No username or password match was made"."
\n"; } } // IF LOGIN STATE IS FALSE ?>

[/php]

Any suggestions?


#2

The script should first time update sql entry after sucessfuly login and then looking if the ip and sessions ar still the same (i think it trys to see if the user is still online and then he try to login the user back if the ip & session id are the sam ex. after 1 hour idle)

If you change the order it should work, on browser close and logout you will get another session id and then you `ll need to login again.


#3

Use: session_unset();

This will close all sessions. If you want just one session closed, you will need the session name.

That should work for you…


#4

Worked A charm!

Thankyou so much.
Regards
Sean