Hello all
I’ve been working on this CMS system that i found on this site herehttp://www.intranetjournal.com/php-cms/.
Now so far its been working great but i have one problem with the login sections. I’ll show my code and then explain whats going wrong.
sentry code
<?php
class sentry {
////////////////////////////////////////////////////////////////////////////////////////
// Class: sentry
// Purpose: Control access to pages
// accesses numbers: 1-10 1 being the strongest 10 being weakest number.
///////////////////////////////////////////////////////////////////////////////////////
var $loggedin = false; // Boolean to store whether the user is logged in
var $userdata; // Array to contain user's data
function sentry(){
session_start();
header("Cache-control: private");
}
//======================================================================================
// Log out, destroy session
function logout(){
unset($this->userdata);
session_destroy();
return true;
}
//======================================================================================
// Log in, and either redirect to goodRedirect or badRedirect depending on success
function checkLogin($user = '',$pass = '', $group='10' ,$goodRedirect = '',$badRedirect = ''){
// Include database and validation classes, and create objects
require_once('DbConnector.php');
require_once('Validator.php');
$validate = new Validator();
$loginConnector = new DbConnector();
// If user is already logged in then check credentials
if ($_SESSION['user'] && $_SESSION['pass']){
// Validate session data
if (!$validate->validateTextOnly($_SESSION['user'])){return false;}
if (!$validate->validateTextOnly($_SESSION['pass'])){return false;}
$getUser = $loginConnector->query("SELECT * FROM cmsusers WHERE user = '".$_SESSION['user']."' AND pass = '".$_SESSION['pass']."' AND thegroup <= ".$group.' AND enabled = 1');
if ($loginConnector->getNumRows($getUser) > 0){
// Existing user ok, continue
if ($goodRedirect != '') {
header('Location: '.$goodRedirect.'?'.strip_tags(SID)) ;
}
return true;
}else{
// Existing user not ok, logout
$this->logout();
return false;
}
// User isn't logged in, check credentials
}else{
$password = sha1($pass);
// Validate input
if (!$validate->validateTextOnly($user)){return false;}
if (!$validate->validateTextOnly($pass)){return false;}
// Look up user in DB
$getUser = $loginConnector->query("SELECT * FROM cmsusers WHERE user = '$user' AND pass = '$password' AND thegroup <= $group AND enabled = 1");
$this->userdata = $loginConnector->fetchArray($getUser);
if ($loginConnector->getNumRows($getUser) > 0){
// Login OK, store session details
// Log in
$_SESSION["user"] = $user;
$_SESSION["pass"] = $this->userdata['pass'];
$_SESSION["thegroup"] = $this->userdata['thegroup'];
if ($goodRedirect) {
header('Location: '.$goodRedirect.'?'.strip_tags(SID)) ;
}
return true;
}else{
// Login BAD
unset($this->userdata);
if ($badRedirect) {
header("Location: ".$badRedirect) ;
}
return false;
}
}
}
}
?>
login page
<?php
require_once("../includes/Sentry.php");
$sentry = new Sentry();
if ($_POST['user'] != ''){
$sentry->checkLogin($_POST['user'],$_POST['pass'],10,'index.php','login.php');
}
if ($HTTP_GET_VARS['action'] == 'logout'){
if ($sentry->logout()){
echo 'You have been logged out';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
>
<title></title>
>
</head>
<body>
<form name="form1" method="post" action="login.php">
User:<br>
<input type="text" name="user"><br>
Pass:<br>
<input type="password" name="pass"><br>
<input type="submit" name="Submit2" value="Submit">
</form>
<a href="login.php?action=logout">Logout</a>
</p>
</body>
</html>
a secure page
<?php
require_once('../includes/Sentry.php');
$theSentry = new Sentry();
if (!$theSentry->checkLogin('','',4,'','') ){ header("Location: login.php"); die();}
if ($_GET['action'] == 'logout'){
if ($sentry->logout()){
echo 'You have been logged out';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
Welcome to the admin area / edit details on site
</body>
</html>
another secure page
<?php
require_once('../includes/Sentry.php');
$theSentry = new Sentry();
if (!$theSentry->checkLogin('','',1,'','') ){ header("Location: index.php"); die();}
if ($_GET['action'] == 'logout'){
if ($sentry->logout()){
echo 'You have been logged out';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
Welcome to the admin area / edit details on site
</body>
</html>
Now my problem is this: I can log into the area no problems there, but when i access an area that isn’t allowed by my given access level ie: 1 instead of keeping me logged in and moving me back a page it completely logs me out. Any ideas how i can resolve this. I’m sure its something simple but i can’t see it.
If this doesn’t make sense then i’ll do my best to explain it again.
Thanks in advance.
