Thank you for all the helpful input so far!
I have now tried to implement the changes you suggested, but I unfortunately
keep getting an error in line 114, in {-bracket in the switch statement. I
know it is not very desirable to send all the code in a mail, but I think
this is the best solution to find where the error(s) are located.
Also when it comes to implementing the loggedin-function as Geoff Shang so
kindly suggested for the config.php. I keep getting an error message that
says that there is an error in the * "return true;" - line
*
*function loggedin()
{*
*if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))
return true;
else
return false;*
*}*
So for now this code-block is the same as it used to be, because this done
not generate any errors.
When it comes to the function loggedin() inside the connexions.php, I am not
sure where to call the function. Should this be just before the comparing of
the password?
..........or before the switch statement?
*connextion.php*
*<?php*
*include('config.php');*
*?>*
*
*
*<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>*
* <head>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet"
title="Style" />
<title>Connexion</title>
</head>
<body> <div class="header">*
* <a href="<?php echo $url_home; ?>"><img src="<?php echo
$design; ?>/images/logo.png" alt="Members Area" /></a>*
* </div>*
*<?php*
*// LOGGOUT:
//If the user is logged, we log him out*
*if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid'],
$_SESSION['usr_level']);*
*?>*
*<div class="message">You have successfuly been loged out.<br />
<a href="<?php echo $url_home; ?>">Home</a></div>
<?php*
*} // close the if-loop "user logged in"*
*else
{*
* $ousername = '';*
* //We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))*
* {*
* //We remove slashes depending on the configuration
// And encrypt the password using salt and md5*
* if(get_magic_quotes_gpc())
{*
* $ousername = stripslashes($_POST['username']);
$username =
mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);*
* $salt = sha1(md5($password));
$password = md5($salt.$password);*
* } // close the remove slashes and encrypting-loop*
* else
{*
* $username =
mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];*
* $salt = sha1(md5($password));
$password = md5($salt.$password);*
* } // close the elese: "get_magic_quotes_gpc()" - block*
* *
* //We get the password of the user*
* $req = mysql_query('select password,id,usr_level from users
where username="'.$username.'"');
$dn = mysql_fetch_array($req);*
* //Get user level of the user*
* $usr_level = $dn['usr_level'];*
*
*
* // if (loggedin()){ ------> should be placed her??*
* *
* //We compare the submited password and the real one, and we
check if the user exists *
* if($dn['password']==$password and mysql_num_rows($req)>0)
{ *
* //If the password is ok, we set the $loginok var to
true
$loginok = true;*
* //If the password is good, we dont show the form
$form = false;
*
* // If the user is alredy logged in
if ($loginok)
{
if ($remember=="on")
setcookie("username", $username,
time()+3600*48);*
* else *
*
//We save the user name in the session
username and the user Id in the session userid*
* $_SESSION['username'] =
$username;
$_SESSION['userid'] =
$dn['id'];
$_SESSION['usr_level'] =
$dn['usr_level'];
*
* // if (loggedin()){ ------> should be placed her??
*
* switch ($usr_level) *
* {
case admin:
$access_name = "admin";
$page_suffix = "admin";
break;*
* case newbie:
$access_name = "newbie";
$page_suffix = "newbe";
break;*
* case advanced:
$access_name = "advanced";
$page_suffix = "advanced";
break
} //close the switch-looop*
* } // close the if-logged in - loop *
* ?>*
*<html><head>
<title>Redirecting...</title>
<meta http-equiv="REFRESH" content="10;url=http://<?php echo
$_SERVER["HTTP_HOST"] . "/index_$page_suffix.html"?>">*
*</head><body>*
*<div class="message">You have successfully been logged in. You can
now access the <?php echo $access_name ?> area.<br /></div>*
*</body> </html>*
*<?php*
* } // the comparing of passwords
else
{*
* //Otherwise, we say the password is incorrect.*
* $loginok = false;
$form = true;
$message = 'The username or password is incorrect.';
*
* } // close the else-coparing of passwords
} //close the $form-loop, ($form = false;)*
* else*
* {*
* $form = true;*
* } // close the password is not good, ($form = true;)*
*
*
* // if $form is true, password is not good. Display $message, (what
is $message????)*
* if($form)
{*
* //We display a message if necessary
if(isset($message))
{
echo '<div class="message">'.$message.'</div>';
} // close the display-block*
* //We display the form, redirect back to login-page
header("Location: header_login.php");
} // close the display message if-loop*
*
*
*?>*
* *
* </body> </html>*
