login redirect issue. failed not working

Question

i am having a problem with a login directing to a failed page if the session variable isnt present.

Basically its a shopping cart that on the checkout page if the user isnt recognised then the page should direct the user to the login.php but the script isnt working. when i am testing different session are being stored in my cache and the checkout page is displaying even if it isnt the correct user and its displaying no user details.

i am using the following

<?php

// *** Logout the current user.

$FF_Logout = $_SERVER['PHP_SELF'] . "?FF_Logoutnow=1";

if (isset($_GET['FF_Logoutnow']) && $_GET['FF_Logoutnow']=="1") {

if (!session_id()) session_start();

session_unregister("MM_Username");

session_unregister("MM_UserAuthorization");

$FF_logoutRedirectPage = "login.php";

// redirect with URL parameters (remove the "FF_Logoutnow" query param).

if ($FF_logoutRedirectPage == "") $FF_logoutRedirectPage = $_SERVER['PHP_SELF'];

if (!strpos($FF_logoutRedirectPage, "?") && $_SERVER['QUERY_STRING'] != "") {

$FF_newQS = "?";

reset ($_GET);

while (list ($key, $val) = each ($_GET)) {

if($key != "FF_Logoutnow"){

if (strlen($FF_newQS) > 1) $FF_newQS .= "&";

$FF_newQS .= $key . "=" . urlencode($val);

}

if (strlen($FF_newQS) > 1) $FF_logoutRedirectPage .= $FF_newQS;

}

header("Location: $FF_logoutRedirectPage");

exit;

}

// do not cache

header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past

header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified

header ("Cache-Control: no-cache, must-revalidate"); // /1.1

header ("Pragma: no-cache");

// *** Restrict Access To Page: Grant or deny access to this page

$FF_authorizedUsers=" ";

$FF_authFailedURL="login.php";

$FF_grantAccess=0;

if (!session_id()) session_start();

if (isset($_SESSION['priorUrl'])) session_unregister("priorUrl");

if (isset($_SESSION["MM_Username"])) {

if (true || !(isset($_SESSION["MM_UserAuthorization"])) || $_SESSION["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $_SESSION["MM_UserAuthorization"])) {

$FF_grantAccess = 1;

}

if (!$FF_grantAccess) {

$priorUrl = "http://".$_SERVER['_HOST'].$_SERVER['SCRIPT_NAME'];

if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != "") $priorUrl .= "?".$_SERVER['QUERY_STRING'];

$_SESSION['priorUrl'] = $priorUrl;

session_register("priorUrl");

$FF_qsChar = "?";

if (strpos($FF_authFailedURL, "?")) $FF_qsChar = "&";

$FF_referrer = "Restricted Area";

$FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);

header("Location: $FF_authFailedURL");

exit;

}

i have had to add a link saying "no contact details or not you?logout and try again"

which isnt ideal.

if i clear the cache it works but again this isnt the idea

David_Powers · Answer

I haven't been through your code line by line, but surely this should work?

Add the following at the very top of the script:

<?php

session_start();

if (!isset($_SESSION["MM_Username"])) {

header('Location: login.php');

exit;

}

?>

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded