Posted by Ezechiele on 11/09/07 20:13

> I wander where's Steve to kick your ass for such flagrant formatting. I
> give up.

<?php
session_start();
error_reporting(E_ALL);
if (!defined("BASE_PATH")) define('BASE_PATH', isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : substr($_SERVER['PATH_TRANSLATED'],0, -1*strlen($_SERVER['SCRIPT_NAME'])));
$_SERVER['DOCUMENT_ROOT']=BASE_PATH;
include($_SERVER['DOCUMENT_ROOT']."/script/dbconnect.php");
if (!isset($_SESSION['Login'])) $_SESSION['Login']=false;
//echo "SESSION[Login]:".$_SESSION['Login'];
$IdUser=session_id();
$data=date('Y-m-d');
if (!isset($HTTP_COOKIE_VARS["TeachingOnLine"])) setcookie("TeachingOnLine",$IdUser,time()+60*60*24*365);
else
$IdUser=$HTTP_COOKIE_VARS["TeachingOnLine"];
// Apertura tabelle dei dati
//mysql_select_db($dbname);
$username=$_POST["username"];
if (strlen($username)<=3)
{
session_write_close();
if (isset($_SERVER['HTTP_REFERER']))
$url=$_SERVER['HTTP_REFERER'];
else
$url='http://'.$SERVER['HTTP_HOST']."/index.php";
header("Location: $url");
}
$username=mysql_escape_string($username);
$password=$_POST["password"];
$password=mysql_escape_string($password);
$tabella="utenti";
// Ricerca nella tabella Utenti la coppia UserName e UserPassword
$query="Select IdUser, Username, UserPassword from $tabella where ('$password'=UserPassword) and ('$username'=Username)";
$result=mysql_query($query) or die(mysql_error());
// Legge IdUser
$record=mysql_fetch_array($result);
//$UserId=$record["IdUser"];
//$Username=$record["Username"];
//echo "UserId=".$UserId;
//echo " Username=".$Username;
// Se esiste l'utente con username e password allora consenti il login if
(mysql_affected_rows()==1)
{
$_SESSION['Login']=True;
//echo "SESSION[Login]:".$_SESSION['Login'];
$_POST['Login']=False;
////echo '<input type="hidden" name="Login" value='.$_SESSION['Login'].">";
$UserId=$record['IdUser'];
$Username=$record["Username"];
//echo "UserId=".$UserId;
$permessi="permessiutente";
$query_permessi="Select IdUtente, TipoPermesso from $permessi where (IdUtente='$UserId')";
$risultato=mysql_query($query_permessi) or die (mysql_error());
if (mysql_affected_rows()>0)
{
$record=mysql_fetch_array($risultato);
$permit=$record["TipoPermesso"];
//echo "Permesso ".$permit;
if (!isset($_SESSION["TipoPermesso"]))
$_SESSION["TipoPermesso"]=$permit;
////echo '<input type="hidden" name="TipoPermesso" value='.$_SESSION['TipoPermesso'].">";
//echo "Tipo Permesso :". $_SESSION['TipoPermesso'];
}
$url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/index.php";
//echo "Referer: ".$url;
//echo "Login:".$_SESSION['Login'];
session_write_close();
header("Location: $url");
}
else // Invia l'utente sulla pagina di registrazione {
$_SESSION['Login']=False;
//echo "SESSION[Login]:".$_SESSION['Login']; $_POST['Login']=False;
$url='http://'.$HTTP_SERVER_VARS['HTTP_HOST']."/script/RegistraUtente.php";
session_write_close();
header ("Location: $url");
}
?>

I hope now it is ok :-(



--
http://www.itp-news.com

• Next in forum: Re: Scripting Advice
• Prev in forum: Re: Strange things with sessions
• Thread view: Re: Strange things with sessions

[Reply to this message]