Logged In user switching to another user in PHP session<?php// This is the lo

1. Logged In user switching to another user in PHP session
2. <?php
3. // This is the login page for the site.
4. require_once ('../includes/config.inc.php');
5. // Set the page title and include the HTML header.
6. $page_title = 'Page Title';
7. include ('../includes/header.php');
8.  
9. $mysqli = mysqli_connect("localhost", "some", "some", "some");
10.  
11. if(isset($_SESSION['user_id'])) {
12.  
13. $url = BASE_URL . 'index.php'; // Define the URL.
14. header("Location: $url");
15. exit(); // Quit the script.
16. }
17.  
18. //HTML Purifier
19. require '../htmlpurifier/library/HTMLPurifier.auto.php';
20. //End HTML Purifier
21.  
22. if (isset($_POST['submitted'])) { // start of submit conditional.
23. require_once (MYSQL);
24.  
25. // Validate the username or email address:
26. if (!empty($_POST['login']) && strlen($_POST['login']) <= 255) {
27. $e = mysqli_real_escape_string($dbc, $purifier->purify(strip_tags($_POST['login'])));
28. } else if(!empty($_POST['login']) && strlen($_POST['login']) >= 256) {
29. $e = FALSE;
30. echo 'Error';
31. } else {
32. $e = FALSE;
33. echo 'Error';
34. }
35.  
36. // Validate the password:
37. if (!empty($_POST['pass']) && strlen($_POST['pass']) <= 255) {
38. $p = mysqli_real_escape_string($dbc, $_POST['pass']);
39. } else if(!empty($_POST['pass']) && strlen($_POST['pass']) >= 256) {
40. $p = FALSE;
41. echo 'Error';
42. } else {
43. $p = FALSE;
44. echo 'Error';
45. }
46.  
47. if(($e != FALSE) && ($p != FALSE)) { // check pass
48. $pass_salt = "SELECT users.password, users.salt FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.active IS NULL";
49. $ph = mysqli_query($dbc, $pass_salt) or trigger_error("Query: $pass_saltn<br />MySQL Error: " . mysqli_error($dbc));
50.  
51. while($row = mysqli_fetch_array($ph)){
52. $password = $row['password'];
53. $salt = $row['salt'];
54. }
55.  
56. if(!empty($salt)) {
57. $sha512 = hash('sha512', $p . $salt);
58. }
59.  
60. if(!empty($password) == !empty($sha512)){
61. $user_pass = TRUE;
62. } else {
63. $user_pass = FALSE;
64. }
65. }
66.  
67. if(isset($user_pass) && ($user_pass == TRUE) && !empty($salt)) { // If everything's OK.
68. $q = "SELECT users.user_id, users.first_name, users.user_level FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";
69. $r = mysqli_query ($dbc, $q) or trigger_error("Query: $qn<br />MySQL Error: " . mysqli_error($dbc));
70.  
71. if (@mysqli_num_rows($r) == 1) {
72.  
73. // Register the values & redirect:
74. $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
75. // check if user is logged in then update the old login date
76. $u = "UPDATE users JOIN contact_info ON contact_info.user_id = users.user_id SET users.last_login = NOW(), users.deletion = 0, users.deletion_date = NULL WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";
77. // save the info to the database
78. $r = mysqli_query ($dbc, $u);
79. mysqli_free_result($r);
80. mysqli_close($dbc);
81.  
82. $url = BASE_URL . 'home/'; // Define the URL:
83. header("Location: $url");
84. exit(); // Quit the script.
85.  
86. } else { // No match was made.
87. echo 'Error';
88. }
89.  
90. } else { // If everything wasn't OK.
91. echo 'Error';
92. }
93. mysqli_close($dbc);
94. }
95. ?>
96.  
97. <?php
98. ob_start(); // Start output buffering. // This is the logout page for the site.
99. session_start(); // Initialize a session.
100.  
101. require_once ('../includes/config.inc.php');
102. $page_title = 'Title';
103.  
104. // If no user_id session variable exists, redirect the user:
105. if (!isset($_SESSION['user_id'])) {
106.  
107. $url = BASE_URL . 'index.php'; // Define the URL.
108. ob_end_clean(); // Delete the buffer.
109. header("Location: $url");
110. exit(); // Quit the script.
111.  
112. } else { // Log out the user.
113.  
114. $_SESSION = array(); // Destroy the variables.
115. session_destroy(); // Destroy the session itself.
116. setcookie(session_name(), '', time() - 2592000, '/'); // Destroy the cookie.
117.  
118. }
119.  
120. $url = BASE_URL;
121. ob_end_clean();
122. header("Refresh: 3; $url");
123. include ('../includes/header.php');
124.  
125. $mysqli = mysqli_connect("localhost", "some", "some", "some");
126.  
127. include ('../includes/footer.php');
128. exit(); // Quit the script.
129. ?>
130.  
131. ob_start();// Start output buffering.
132. session_start();// Initialize a session.
133.  
134. // Set the page title and include the HTML header.
135. $page_title = 'Title';
136. include ('../includes/header.php');
137.  
138. // Include the configuration file for error management and such.
139. require_once ('../includes/config.inc.php');
140. require_once ('../mysqli_connect.php'); // Connect to the db.
141.  
142. $mysqli = mysqli_connect("localhost", "some", "some", "some");
143.  
144. // If no user_id session variable exists, redirect the user:
145. if (!isset($_SESSION['user_id'])) {
146.  
147. $url = BASE_URL . 'index.php'; // Define the URL.
148. ob_end_clean(); // Delete the buffer.
149. header("Location: $url");
150. exit(); // Quit the script.
151. }
152.  
153. ...WHERE
154. (contact_info.email = '" . $e . "' OR users.username = '" . $e . "')
155. AND
156. users.password = '" . $sha512 . "'
157. AND
158. users.active IS NULL"