Hello!

Mgraphic wrote this for me about a year ago, however I've only just used it and it appears to be problematic.

It isn't logging in! It checks if the username and password are fine, but doesn't set the session to remain logged in. Any suggestions?

PHP Code:

function check_login($username, $password, $required = 0, $redirect = "http://www.siteurl.com/login.php")
{
  if (isset($_SESSION['user']) && isset($_SESSION['pass'])) return true;
  if (!empty($username) && !empty($password))
  {
    $username = stripslashes($username);
    $password = stripslashes($password);
    $checkq = mysql_query("
      SELECT `username`, `password`
      FROM `accounts`
      WHERE
        `username` = '" . $username . "'
        AND `password` = '" . md5($password) . "'
      LIMIT 1
    ");
    if (mysql_num_rows($checkq) > 0)
    {
      $session_backup = $_SESSION;
      unset($_COOKIE[session_name()]);
      session_destroy();
      session_start();
      $_SESSION = $session_backup;
      unset($session_backup);
      
      $user_row = mysql_fetch_assoc($checkq);
      $_SESSION['user'] = $user_row['username'];
      $_SESSION['pass'] = $user_row['password'];
      unset($user_row);
      
      return true;
    }
  }
  if ($required == 1)
  {
    header("location: $redirect");
    exit();
  }
  return false;
} 


I sure don't remember writing this, but check if $_SESSION['user'] and $_SESSION['pass'] is set and holds a value for each. If so, it should be logged in.

Seems they are not being set. Cannot understand why though.

And yes you did write it, I found it in my PHP Login Function post about a year ago

Can you include the script that calls this function?

Try calling session_start() before anything

It's not setting the session. I have session_start(); at the top of all things also.

I shoved it in the config. The only code to it is:

PHP Code:

function check_login($username, $password, $required = 0, $redirect = "http://www.bestadboard.com/login.php")
{
  if (isset($_SESSION['user']) && isset($_SESSION['pass'])) return true;
  if (!empty($username) && !empty($password))
  {
    $username = stripslashes($username);
    $password = stripslashes($password);
    $checkq = mysql_query("
      SELECT `username`, `password`
      FROM `accounts`
      WHERE
        `username` = '" . $username . "'
        AND `password` = '" . md5($password) . "'
      LIMIT 1
    ");
    if (mysql_num_rows($checkq) > 0)
    {
      $session_backup = $_SESSION;
      unset($_COOKIE[session_name()]);
      session_destroy();
      session_start();
      $_SESSION = $session_backup;
      unset($session_backup);
      
      $user_row = mysql_fetch_array($checkq);
      $_SESSION['user'] = $user_row['username'];
      $_SESSION['pass'] = $user_row['password'];
      unset($user_row);
      
      return true;
    }
  }
  if ($required == 1)
  {
    header("location: $redirect");
    exit();
  }
  return false;
}

if(check_login()){
$user = mysql_fetch_array(mysql_query("select * from accounts where id = '".$_SESSION['user']."' limit 1"));
die($user['username']);
$loggedin = true;
} 


and the login.php is

PHP Code:

if($loggedin == true) {
header("location:$siteurl");
}

if(check_login($_POST['username'], $_POST['password'])) {
header("location: account.php");
} 


It's kind of annoying because I wanted to use this function instead of my "overdone" version :P

Heh, I messed around and managed to get it working. Dunno what the retarded mistake on my part was.

Sorry for wasting ya' time ^^

Quote:

Originally Posted by Galaxian

Heh, I messed around and managed to get it working. Dunno what the retarded mistake on my part was.

Sorry for wasting ya' time ^^

I'm glad you got it going, I'm still not sure where the problem was...