squigs
-
Posts
135 -
Joined
-
Last visited
Posts posted by squigs
-
-
hmmmmm....
Cookie Data: Array ( ) you suck
-
That is all of my code on this page which is an admin page.
I have posted earlier in this topic the code I am using to set the cookie.
I am receiving no errors at this point. Basically I will know it is working when I try to load this page directly with no cookies saved in my browser and it redirects me to the login page where I can enter my username and password and then be redirected back to the admin page and see the 'you suck' message
-
Yes errors are reported in an error log and no I'm not sure the cookie is being set but would this code not redirect me if my cookie were not set?
-
can I run phpinfo() to find out if its on? I think I have to contact my webhost to enable it if not...
-
nope still not working. Why won't this work??? Even after I delete my cookies and restart my browser to test it the die() message still appears.
<?php if (isset ($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie does not exist, they are taken to the login screen if (!empty ($_COOKIE['ID_my_site'])) { header ('location: login/admin_login.php'); } //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login/admin_login.php"); } //otherwise they are shown the admin area } } else { die("you suck"); } ?> -
Is this how I should check to see if there is a cookie?
<?php if (!$_COOKIE['ID_my_site'] | !$_COOKIE['Key_my_site']) { header ('location: login/admin_login.php'); } ?> -
Thanks I'll mark this solved and try to implement it in my code!
-
It his is how I set my cookie
setcookie("ID_my_site", stripslashes($_POST['username']), time()+60*60*24*30, "/"); setcookie("Key_my_site", stripslashes($_POST['pass']), time()+60*60*24*30, "/");Then what would the best way to say if the cookie does not exist then
header ('location: http://example.com/'); ?
Also when setting my domain in the above code could I and would it be beneficial to write in whole my domain name?
-
This is what I'm stuck at no matter what I try...
<?php //if the cookie does not exist, they are taken to the login screen { die ('you suck2'); } ?>I changed it from a header(location:) to die('you suck') because otherwise it sticks me in an endless loop.
Its like the login pages recognizes the cookie and redirects me to the members area which does not recognize the cookie so sends me back to the login page...
an endless cycle...
-
I'll try that out rwwd and let you know if that is my cause for problems.
cheers!
-
<?php include ('../../Connections/login_db.php');?> <?php if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: ../members.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <p><a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: ../members.php"); } } } else { // if they are not logged in ?> </head> <body> <div id="container"> <div id="header"><?php include ("../../login_header.php") ?></div> <div id="photoNav"><?php include ("../../mainNav.php") ?></div> <div id="tableContent"> <form action="" method="post"> <table border="0" align="center"> <tr><td colspan=2><div class="bold_14" style="padding-bottom:20px;">Please enter your login information</div></td></tr> <tr><td>Username:</td><td> <input name="username" type="text" size="23" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input name="pass" type="password" size="24" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?>This is it plus the form where one would have to log in
-
Nothing happens if I remove the die(). It was more just me playing around with that made me add it. I have figured out that this script does seem to be working somewhat, I set it up to redirect me to a members area which at the moment I'm just testing for proper code.
The code on this page looks something like this.
<?php mysql_connect("servername", "name", "password") or die(mysql_error()); mysql_select_db("whatever_db") or die(mysql_error()); //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login/admin_login.php");} //otherwise they are shown the admin area else { echo "Admin Area<p>"; echo "Your Content<p>"; echo "<a href=logout.php>Logout</a>"; } } } else //if the cookie does not exist, they are taken to the login screen { die ('you suck2'); } ?>I keep making changes hoping to see the echo commands but it continually tell me I suck... Kinda hard on the ego really.
Anyways I can't figure out if its not setting the cookie properly or if something else here is wrong.
This posted script is currently standing alone in a .php file while the one posted in my previous post has the
<?php ?> code all in the head of my page.. Well most of it anyways, there are a couple includes in the body just for sidebar styling etc.
-
Hello,
My latest issue is with a login page I am trying to set a cookie for. I have deduced that it it pulling my info out of my database correctly. It does not give any errors for username or password when they are entered correctly but when I get to the end of the script where I would like to set a cookie and redirect to a new page it just stays on the same page and appears as if it is loading but nothing happens.
After I stop the browser and attempt to reload the page it gives me an error saying the page cannot be displayed.
Do I need to specify anything before I can have the following code work or is it that it is clashing somewhere else along the way?
<?php else { // if login good set cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: http://example.com/"); die(); } ?>If I remove this code and simply leave the redirect as shown above, it works. But that defeats the purpose of the script as on the redirected page there has to be a cookie set to display it.
Any help would be appreciated
-
Yes I do include Mysql connection as one of the first lines. The code in the included file looks like this
<?php mysql_connect("blah", "user", "password") or die(mysql_error()); mysql_select_db("blah_login") or die(mysql_error()); ?>and I believe that error reporting is turned on but I will double check it and turn it on if not...
I will continue to work on this script as a test file and if I (we) perfect the method I will switch over to it and save writing 3+ pages for every error on a page with a form.
As mentioned above I am currently using header('location:') for all my errors
-
here is the original working code if someone wants to help me out down the road feel free.
<?php //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. '); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } // now we insert it into the database $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?> <h1>Registered</h1> <p>Thank you, you have registered - you may now login</a>.</p> <?php } else { ?> <form action="" method="post"> <table border="0"> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="60"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="10"> </td></tr> <tr><td>Confirm Password:</td><td> <input type="password" name="pass2" maxlength="10"> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table> </form> <?php } ?> </body> </html> -
Maybe I should just return to the original script and set up three error pages which just redirect the user on the die command.. I was hoping to get this one working but it seems to me this script won't behave any other way?...
-
I don't know if its just me but when posting in forums a message with any length is a real pain because when you scroll down to see what you're typing it continually jumps back out of view the text area box won't stay in position.
makes it very difficult to get a message right,
otherwise really appreciate the site.
-
<?php if( isset($_POST['submitted']) && $_POST['submitted'] == 'yes' ){ //check for hidden field value to indicate form has been submitted //***still getting an unexpected t_variable on the following line*** $errors = array(); // initialize an array to hold validation errors array_map('trim', $_POST); // trim all $_POST array values if( !empty($_POST['username']) ) { // validate the name field //This is one error message I would like to display if( strlen($_POST['name']) < 3 || strlen($_POST['name'] > 20) ) { $errors[] = 'User name must be between 3 tand 20 characters.'; // if name has too many/few chars, store error } else { $errors[] = 'A user name is a required.'; // if name is empty, store error } } if (!get_magic_quotes_gpc()) { $_POST['username'] = mysql_real_escape_string($_POST['username']);} else { $_POST['username'] = mysql_real_escape_string(stripslashes($_POST['username']));} } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name already exists it gives an error here if ($check2 != 0) { $errors[] = 'Sorry, the username '.$_POST['username'].' is already in use.'; } // this makes sure both passwords entered match and should display an error if false if ($_POST['pass'] != $_POST['pass2']) { $errors[] = 'Your passwords did not match. '; } if( !empty($errors) ) { // if the $errors array is not empty, display the errors to allow the user to correct them and resubmit the form echo "<font color=\"red\">The following errors were detected"; foreach( $errors as $value ) { echo "<br>$value"; } echo '</font>'; } $_POST['pass'] = md5($_POST['pass']); $insert = "INSERT INTO users (username, password)VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?> -
yes that's correct. some of the things i was working on are sortof taken apart because I copied and pasted while I was working on it and trying to edit it in these text areas afterwards is not fun. So I will change the action as you mentioned and hopefully we can also get the rest of it working.
-
<?php if( isset($_POST['submitted']) && $_POST['submitted'] == 'yes' ) { //check for hidden field value to indicate form has been submitted $errors = array(); // initialize an array to hold validation errors array_map('trim', $_POST); // trim all $_POST array values if( !empty($_POST['username']) ) { // validate the name field //This is one error message I would like to display if( strlen($_POST['name']) < 3 || strlen($_POST['name'] > 20) ) { $errors[] = 'User name must be between 3 tand 20 characters.'; // if name has too many/few chars, store error } else { $errors[] = 'A user name is a required.'; // if name is empty, store error } } if (!get_magic_quotes_gpc()) { $_POST['username'] = ($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name already exists it gives an error here if ($check2 != 0) { $errors[] = 'Sorry, the username '.$_POST['username'].' is already in use.'; } // this makes sure both passwords entered match and should display an error if false if ($_POST['pass'] != $_POST['pass2']) { $errors[] = 'Your passwords did not match. '; } if( !empty($errors) ) { // if the $errors array is not empty, display the errors to allow the user to correct them and resubmit the form echo "<font color=\"red\">The following errors were detected"; foreach( $errors as $value ) { echo "<br>$value"; } echo '</font>'; } $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = mysql_real_escape_string($_POST['pass']); $_POST['username'] = mysql_real_escape_string($_POST['username']); } $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?><?php } else { ?> <body> <div id="container"> <div id="header"><?php include ("login_header.php") ?></div> <div id="photoNav"><?php include ("mainNav.php") ?></div> <div id="tableContent"> <div class="bold_16" style="margin-top:40px">Enter Your Registration Information Below</div> <div class="padding_top"><div style="padding-top:10px; text-align:center;"> </div> <form action="<?php echo "admin_registration.php" ?>" method="post"> <table border="0" align="center"> <tr><td>Username:</td><td> <input name="username" type="text" size="23" maxlength="40" value"<?php echo isset($_POST['username']) ? $_POST['username'] : ''; ?>"> </td></tr> <tr><td>Password:</td><td> <input name="pass" type="password" size="24" maxlength="12" value="<?php echo isset($_POST['password']) ? $_POST['password'] : ''; ?>"> </td></tr> <tr><td>Confirm Password:</td><td> <input name="pass2" type="password" size="24" maxlength="12"> </td></tr> <tr><th colspan=2 style="text-align:right;"><input type="hidden" name="submitted" value="yes"/> <input type="submit" name="submit" value="Register" style="margin-top:10px;"></th></tr> </table> </form> <?php } ?> -
<?php //I believe the lines below just mean to verify that the user name isn't already in use with or without slashes. if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } //The next lines are to encrypt password into database $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?>I changed the ['php_self'] is that what you meant to do?
<html> <form action="<?php echo "filename.php"; ?>" method="post"> <table border="0" align="center"> <tr><td>Username:</td><td> <input name="username" type="text" size="23" maxlength="40" value"<?php echo isset($_POST['username']) ? $_POST['username'] : ''; ?>"> </td></tr> <tr><td>Password:</td><td> <input name="pass" type="password" size="24" maxlength="12" value="<?php echo isset($_POST['password']) ? $_POST['password'] : ''; ?>"> </td></tr> <tr><td>Confirm Password:</td><td> <input name="pass2" type="password" size="24" maxlength="12"> </td></tr> <tr><th colspan=2 style="text-align:right;"><input type="hidden" name="submitted" value="yes"/> <input type="submit" name="submit" value="Register" style="margin-top:10px;"></th></tr> </table> </form> </html> <?php } ?>
-
Thanks for the reply pikachu,
I'm not entirely sure how to implement your last suggestion though. I've changes my code up a bit and am now getting the same error but on the following line of code $errors= array().
I am not trying to split it into 2 files but rather just save username and password into my db.
I just checked and magic quotes are turned on on my server
-
yes i did, I'm trying to get it to cooperate with some existing code that uses mysql, I will post it below maybe you can spot something obvious.
<?php if( $_POST['submitted'] == 'yes' ) { //check for hidden field value to indicate form has been submitted $errors = array(); // initialize an array to hold validation errors array_map('trim', $_POST); // trim all $_POST array values if( !empty($_POST['username']) ) { // validate the name field //This is one error message I would like to display if( strlen($_POST['name']) < 3 || strlen($_POST['name'] > 20) ) { $errors[] = 'User name must be between 3 tand 20 characters.'; // if name has too many/few chars, store error } else { $errors[] = 'A user name is a required.'; // if name is empty, store error } } if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name already exists it gives an error here if ($check2 != 0) { $errors[] = 'Sorry, the username '.$_POST['username'].' is already in use.'; } // this makes sure both passwords entered match and should display an error if false if ($_POST['pass'] != $_POST['pass2']) { $errors[] = 'Your passwords did not match. '; } if( !empty($errors) ) { // if the $errors array is not empty, display the errors to allow the user to correct them and resubmit the form echo "<font color=\"red\">The following errors were detected"; foreach( $errors as $value ) { echo "<br>$value"; } echo '</font>'; } $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0" align="center"> <tr><td>Username:</td><td> <input name="username" type="text" size="23" maxlength="40" value"<?php echo isset($_POST['username']) ? $_POST['username'] : ''; ?>"> </td></tr> <tr><td>Password:</td><td> <input name="pass" type="password" size="24" maxlength="12" value="<?php echo isset($_POST['password']) ? $_POST['password'] : ''; ?>"> </td></tr> <tr><td>Confirm Password:</td><td> <input name="pass2" type="password" size="24" maxlength="12"> </td></tr> <tr><th colspan=2 style="text-align:right;"><input type="hidden" name="submitted" value="yes"/> <input type="submit" name="submit" value="Register" style="margin-top:10px;"></th></tr> </table> </form> <?php } ?>
-
I can't seem to avoid an unexpected t_variable on the first line of this suggested code..
setting a cookie
in PHP Coding Help
Posted
here is the code supposed to set the cookie
<?php include ('../../Connections/login_db.php');?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <?php if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { die ('blah'); } else { header ('location:../admin.php'); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <p><a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie setcookie("ID_my_site", stripslashes($_POST['username']), time()+60*60*24*30, "/"); setcookie("Key_my_site", stripslashes($_POST['pass']), time()+60*60*24*30, "/"); //then redirect them to the members area header("../admin.php"); exit; } } } else { // if they are not logged in ?> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="robots" content="noindex,nofollow"/> <title>Administrator logon</title> <link href="../../page.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="container"> <div id="header"><?php include ("../../login_header.php") ?></div> <div id="photoNav"><?php include ("../../mainNav.php") ?></div> <div id="tableContent"> <div class="bold_16" style="margin-top:40px">Administrator Login</div> <div class="padding_top"><div style="padding-top:10px; text-align:center;"> </div> <form action="" method="post"> <table border="0" align="center"> <tr><td colspan=2><div class="bold_14" style="padding-bottom:20px;">Please enter your login information</div></td></tr> <tr><td>Username:</td><td> <input name="username" type="text" size="23" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input name="pass" type="password" size="24" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?>