I've been having issues with DWMX 2004's user authentication. I rewrote my login script and now none of my members can login!
I have two computers I'm using, and the crux of the problem seems to stem from SOMETHING within the script (the actual page? The connection script? Or something in the _mmServerScripts?) is LOADING SOMETHING from my local machine. On computer #1 (the laptop), I can create the script, upload it via FTP, then navigate to it through the web browser and the login script works. But then, when I access it via the browser on Computer #2 (the desktop), it send me to the FAIL page. All of my members are getting the same failure message... therefore, THE SCRIPT ONLY WORKS ON THE LOCAL MACHINE!
I've searched through all of the coding to see if I could discover anything that might be loading from my harddrive rather than the server and I can't find a single thing. It does that same thing, conversely, when I create the page on my desktop. I go to the laptop, browse to the page via IE, and it doesn't work, even though it works ON THE DESKTOP when it's been UPLOADED from the desktop.
I swear it's possessed.
I'll post my code below. If anyone can help, make a suggestion, ANYTHING, please let me know. None of my members can access the members section and they're not terribly happy with me right now. LOL
Thanks in advance!
Autumn
CODE FROM THE LOGIN PAGE:
<?php require_once('Connections/connect_members.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$_SESSION['PrevUrl'] = $accesscheck;
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "http://www.oregonbigfoot.com/members/index.php";
$MM_redirectLoginFailed = "http://www.oregonbigfoot.com/help.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_connect_members, $connect_members);
$LoginRS__query=sprintf("SELECT username, password FROM memberinfo WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $connect_members) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup;
//register the session variables
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess ); }
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
CODE FROM THE TARGET (SUCCESS) PAGE:
<?php require_once('../Connections/connect_members.php'); ?>
<?php
//initialize the session
session_start();
// Logout the current user.
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
session_unregister('MM_Username');
session_unregister('MM_UserGroup');
$logoutGoTo = "http://www.oregonbigfoot.com/login.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
session_start();
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "http://www.oregonbigfoot.com/help.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
mysql_select_db($database_connect_members, $connect_members);
$query_members = "SELECT * FROM memberinfo";
$members = mysql_query($query_members, $connect_members) or die(mysql_error());
$row_members = mysql_fetch_assoc($members);
$totalRows_members = mysql_num_rows($members);
mysql_select_db($database_connect_members, $connect_members);
$query_login = "SELECT * FROM log ORDER BY time DESC";
$login = mysql_query($query_login, $connect_members) or die(mysql_error());
$row_login = mysql_fetch_assoc($login);
$totalRows_login = mysql_num_rows($login);
?>