I am trying to get this program login to work with sessions. I don't know what I am doing wrong, but part of my code is displaying on the page instead of just my login form. Here is my code
<?php
session_start();
$_SESSION['name']= "test4";
define('DBSERVER', 'localhost');
define('DATABASE', 'dbname');
define('USER', 'myusername');
define('PASSWRD', 'mypassword');
define('TABLE', 'mytablename');
$thisfile = basename($SCRIPT_NAME);
$url = $_REQUEST['url'];
$cmd = $_REQUEST['cmd'];
$goto = $thisfile."?url=".$url;
if ($cmd == "logout") {
$message = "<p>You have been logged out.</p>";
}
if ($cmd == "verify") {
$slogin = $_POST['username'];
$spassword = $_POST['password'];
//first we look to see if we can find the login
$sql="SELECT password, clearance FROM " . TABLE . " WHERE login='$slogin'";
$connection = mysql_connect(DBSERVER,USER,PASSWRD);
$selectdb = mysql_select_db(DATABASE);
$result = mysql_query($sql);
if(mysql_num_rows($result) == 0) {
//login was not found
$message = "<p>Username was not found. Try again? </p>";
} else {
//login okay let's see what that password is
$row = mysql_fetch_array($result, MYSQL_ASSOC) ;
$password = $row['password'];
$clearance = $row['clearance'];
if($password == $spassword) {
//that's a match
$message = "<p>Your clearance level is $clearance.</p>";
//let's redirect to the page to display the cookie
$goto = $url;
} else {
//login okay, password did not match
$message = "<p>Password did not match username. Try again? </p>";
}
}
mysql_close($connection);
}
session_destroy();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>User Authentication</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?
if (($cmd == "verify") or ($cmd == "logout")) {
echo "$message";
?>
<meta http-equiv="refresh" content="2;URL=<? echo "$goto";?>">
<? } else { ?>
<h3 align="center">Please enter database username and password:</h3>
<form name="form1" method="post" action="<? echo "$thisfile";?>">
<div align="center">
<table border="0">
<tr>
<td><strong>Username</strong>:</td>
<td><input name="username" type="text" size="20" maxlength="20"></td>
</tr>
<tr>
<td><strong>Password</strong>:</td>
<td><input name="password" type="password" id="password" size="20" maxlength="20">
</td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="Submit" value="Submit"> <input name="Reset" type="reset" id="Reset" value="Reset"></td>
</tr>
</table>
<input name="cmd" type="hidden" id="cmd" value="verify">
<input name="url" type="hidden" id="url" value="<? echo "$url" ?>">
</div>
</form>
<? } ?>
</body>
</html>
?>
Here is my other file
<?
session_start();
echo $_SESSION['name'];
//this is the location of this script
$thisfile = "test4.php";
//this is the relative path location of the authentication script
$auth = "authenticate.php";
if ($_SESSION['login']!="go"){
header("Location: authenticate.php")
exit();
}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Test Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?
//now we have to see if the proper clearance is available to see stuff.
if ($clearance < 1) {
?>
<H1>PRIVATE! FOR YOUR EYES ONLY!</H1>
<H5><a href="<? echo "$auth?url=$thisfile&cmd=logout"; ?>">LOGOUT</a></H5>
<?
} else {
?>
<H1>SECRURITY ALERT</H1>
<P>You do not have sufficient clearance to view this information.</P>
<meta http-equiv="refresh" content="2;URL=<? echo "$auth?url=$thisfile"; ?>">
<?
}
}
session_destroy();
?>
</body>
</html>
and here is what is displaying
You have been logged out.
"; } if ($cmd == "verify") { $slogin = $_POST; $spassword = $_POST; //first we look to see if we can find the login $sql="SELECT password, clearance FROM " . TABLE . " WHERE login='$slogin'"; $connection = mysql_connect(DBSERVER,USER,PASSWRD); $selectdb = mysql_select_db(DATABASE); $result = mysql_query($sql); if(mysql_num_rows($result) == 0) { //login was not found $message = "
Username was not found. Try again?
"; } else { //login okay let's see what that password is $row = mysql_fetch_array($result, MYSQL_ASSOC) ; $password = $row; $clearance = $row; if($password == $spassword) { //that's a match $message = "
Your clearance level is $clearance.
"; //let's set a cookie with this information setcookie("clearance",$clearance,0); //let's redirect to the page to display the cookie $goto = $url; } else { //login okay, password did not match $message = "
Password did not match username. Try again?
"; } } mysql_close($connection); } ?> ">
Please enter database username and password:
">
Username:
Password:
">