Get Value of uID from Query and Output Session uID Upon Login<?phpsession_sta

1. Get Value of uID from Query and Output Session uID Upon Login
2. <?php
3. session_start();
4.  
5. require_once('../inc/db/dbc.php');
6. ?>
7.  
8. <?php
9. if($_SESSION['valid'] == 1){ #user has logged in by creating a session var
10. echo "<a href='logout.php'>Logout</a>";
11. }
12. else{
13. echo "<a href='index.php'>Login</a>";
14. }
15. ?>
16.  
17. <?php
18. session_start(); #recall session from index.php where user logged
19.  
20. require_once('../inc/db/dbc.php');
21.  
22. $connect = mysql_connect($h, $u, $p) or die ("Can't Connect to Database.");
23. mysql_select_db($db);
24.  
25. $LoginUserName = $_POST['userName'];
26. $LoginPassword = mysql_real_escape_string($_POST['userPass']);
27. //connect to the database here
28. $LoginUserName = mysql_real_escape_string($LoginUserName);
29. $query = "SELECT uID, uUPass, dynamSalt, uUserType FROM User WHERE uUName = '$LoginUserName';";
30.  
31. $result = mysql_query($query);
32. if(mysql_num_rows($result) < 1) //no such USER exists
33. {
34. echo "Invalid Username and/or Password";
35. }
36. $ifUserExists = mysql_fetch_array($result, MYSQL_ASSOC);
37.  
38. function isLoggedIn()
39. {
40. if(isset($_SESSION['valid']) && $_SESSION['valid'])
41. header( 'Location: buyer/' ); # return true if sessions are made and login creds are valid
42. echo "Invalid Username and/or Password";
43. return true;
44. }
45.  
46. function validateUser() {
47. $_SESSION['valid'] = 1;
48. $_SESSION['uID'] = (isset($ifUserExists['uID'])) ? $ifUserExists['uID'] : null;
49. $_SESSION['uUserType'] = 1; // 1 for buyer - 2 for merchant
50. }
51.  
52. $dynamSalt = $ifUserExists['dynamSalt']; #get value of dynamSalt in query above
53. $SaltyPass = hash('sha512',$dynamSalt.$LoginPassword); #recreate originally created dynamic, unique pass
54.  
55. if($SaltyPass != $ifUserExists['uUPass']) # incorrect PASS
56. {
57. echo "Invalid Username and/or Password";
58. }
59.  
60. else {
61. validateUser();
62. }
63. // If User *has not* logged in yet, keep on /login
64. if(!isLoggedIn())
65. {
66. header('Location: index.php');
67. die();
68. }
69. ?>
70.  
71. <?php
72. session_start();
73. if($_SESSION['uUserType'] != 1) // error
74. {
75.  
76. die("
77. <div class='container_infinity'>
78. <div class='container_full' style='position:static;'>
79. <img src='img/error/noAccess.png' style='float:left;' /> <br />
80. <h2>403 Error: You may not view this page. Access denied.</h2>
81. </div>
82. </div>
83. ");
84. }
85.  
86. function isLoggedIn()
87. {
88. return ($_SESSION['valid'] == 1 && $_SESSION['uUserType'] == 1);
89. }
90.  
91. //if the user has not logged in
92. if(!isLoggedIn())
93. {
94. header('Location: ../index.php');
95. die();
96. }
97. ?>
98.  
99. <?php
100. if($_SESSION['valid'] == 1 && $_SESSION['uUserType'] == 1){
101. #echo "<a href='../logout.php'>Logout</a>";
102. echo 'buyerid: '.$_SESSION['uID'];
103. require_once('buyer_profile.php');
104. }
105. else{
106. echo "<a href='../index.php'>Login</a>";
107. }
108. ?>