valgris

define ('BASE_URL', 'localhost/ICU'); you are right its down to how I defined the base url I thought the code would work as follows though: Base url = Localhost/icu + /index.php localhost/icu/index.php not localhost/icu/localhost/icu/index.php

Okay that makes so much more sense, I think I need to call it a night. Though I could even use "." However I would still like to know where I went wrong with the BASE_URL, I am going wrong somewhere and for future reference it would be good to know. Thank you MrGary

Hello I am having another minor issue where I am unable to spot where I am going wrong. The code for my logout button should redirect the user to index.php however I seem to be having an issue with the url. This is on my test server and I am using $url = BASE_URL . 'index.php'; // Define the URL. however the button seems to be taking me to: An I am not quite sure why, the base_url should be localhost/ICU or localhost but the url given out is localhost/ICU/Localhost/ICUindex.php. why is it repeating itself? So where am I going wrong, is it in my understanding of the BASE_URL or something else? As always thank you in advance for any help.

Pretty much all of these free login tutorials have no security in mind whatsoever. So I would be cautious using them. From what I can tell the password does get an encryption and the tutorial allows for pages to only be viewed by users with the right user level. I am not saying that it would be the most secure thing to use and I would by no means use it long term but as a starting point to have a look at and play around with I think its OK. Saying that 'scootstah' has a point and most free tutorials are really only there as a starting point, not to be used as the final thing. At any-rate I hope it helps.

easykiss123.com has a login/registration tutorial with a download you can play with. Though I would not suggest using it long term I think its a great thing to mess around with while you learn. Also picking up some books on php and mysql is worth the investment. I am learning myself and while messing with existing code and figuring out whats going on is good, its no substitute for reading and learning what is actually going on, and it helps with structuring your code too. If you look at 'create your own database driven website' 4th edition, its the first book I had on php and I do think its a good starting place.

I did mean to reply to this last night but my wireless was playing up. It was after-all a BOM issue, re-saving the files without BOM did the trick for the error. Thank you again Pika'.

The code for line 1 of index.php is <?php include ('Login/form_process.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> Its just an include for the form_process.php I don't see why it would cause that error message? The entire page is as follows - <?php include ('Login/form_process.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IUS Home</title> <link href="style.css" rel="stylesheet" type="text/css" /> <script language="javascript" type="text/javascript"> // <!CDATA[ function TextArea1_onclick() { } // ]]> </script> </head> <body> <div> <form action="" method="post" class="LoginForm"> <fieldset> <?php if (isset($_POST['submitted'])) { // Validate the email address: if (empty($_POST['email'])) { echo '<p class="error">enter your email!</p>'; } } ?> <p><b>Email Address:</b></p> <p> <input type="text" name="email" size="20" maxlength="40" /> </p> <?php if (isset($_POST['submitted'])) { // Validate the password: if (empty($_POST['pass'])) { echo '<p class="error">Enter your password!</p>'; } } // End of VALIDATING. ?> <p><b>Password:</b></p> <p> <input type="password" name="pass" size="20" maxlength="20" /> </p> <div align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <!--END FORM--> </div> </body> </html> <?php // Flush the buffered output. ob_end_flush(); ?>

I have read the sticky topic but from what I can see the code is not outputting anything to the browser beforehand so I shouldn't be getting the error. The script is called at the very top of the page before any html outputting. Also the ob_start(); should take care of the output issue, shouldn't it? The last post in the thread talks about byte order marks, could this be the issue? or am I missing something? <?php # Script 16.8 - login.php // This is the login page for the site. require_once ('login/config2.inc.php'); // Start output buffering: ob_start(); // Initialize a session: session_start(); if (isset($_POST['submitted'])) { require_once (MYSQL); // Validate the email address: if (!empty($_POST['email'])) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $e = FALSE; } // Validate the password: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $p = FALSE; } if ($e && $p) { // If everything's OK. // Query the database: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Register the values & redirect: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); $url = BASE_URL . 'index.php'; // Define the URL: ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of SUBMIT conditional. ?>

Hello again, I posted a question earlier about an include issue which I managed to fix but now I am dealing with a completely new error message and unlike before I don't even have a basic Idea of what is going on. The error in question is - the code for form_process.php is as follows <?php # Script 16.8 - login.php // This is the login page for the site. require_once ('login/config2.inc.php'); // Start output buffering: ob_start(); // Initialize a session: session_start(); if (isset($_POST['submitted'])) { require_once (MYSQL); // Validate the email address: if (!empty($_POST['email'])) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $e = FALSE; } // Validate the password: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $p = FALSE; } if ($e && $p) { // If everything's OK. // Query the database: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Register the values & redirect: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); $url = BASE_URL . 'index.php'; // Define the URL: ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of SUBMIT conditional. ?> The process also uses config2.php so I am including the code for that in-case it helps <?php # Script 16.3 - config.inc.php // ********************************** // // ************ SETTINGS ************ // // Flag variable for site status: define('LIVE', FALSE); // Admin contact address: define('EMAIL', 'email@gmail.com'); // Site URL (base for all redirections): define ('BASE_URL', 'localhost/IUS'); // Location of the MySQL connection script: define ('MYSQL', 'login/mysqli_connect.php'); // Adjust the time zone for PHP 5.1 and greater: date_default_timezone_set ('US/Eastern'); // ************ SETTINGS ************ // // ********************************** // // ****************************************** // // ************ ERROR MANAGEMENT ************ // // Create the error handler: function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) { // Build the error message. $message = "<p>An error occurred in script '$e_file' on line $e_line: $e_message\n<br />"; // Add the date and time: $message .= "Date/Time: " . date('n-j-Y H:i:s') . "\n<br />"; // Append $e_vars to the $message: $message .= "<pre>" . print_r ($e_vars, 1) . "</pre>\n</p>"; if (!LIVE) { // Development (print the error). echo '<div class="error">' . $message . '</div><br />'; } else { // Don't show the error: // Send an email to the admin: mail(EMAIL, 'Site Error!', $message, 'From: you@youremail.com'); // Only print an error message if the error isn't a notice: if ($e_number != E_NOTICE) { echo '<div class="error">A system error occurred. We apologize for the inconvenience.</div><br />'; } } // End of !LIVE IF. } // End of my_error_handler() definition. // Use my error handler. set_error_handler ('my_error_handler'); // ************ ERROR MANAGEMENT ************ // // ****************************************** // ?> At first I thought it was because cookies weren't enabled but I am positive they are, so I am really at a loss as-to what's going on, there is more to the error message, though its quite long and will take me a few minutes to go through and remove/alter any sensitive information.

Ah, got it, thank you very much.

Hello. I am having some trouble with an include line. At the very top of my .php page I have the following <?php include ('/IUS/Login/form_process.php'); ?> When I open the page using - localhost/IUS the rest of the page seems to load fine but at the very top I have this error message My file structure is as follows Inside my apache2.2 there is the htdocs folder inside that there is a folder called IUS IUS has the index.php file in it as well as a css style sheet and two folders. 1. folder called 'images' 2.folder called Login Login has the file 'form_process.php' so the structure looks something like this - Apache2.2 htfocs IUS - Index.php, style.css Images - BackgroundRep.png etc... Login - form_process.php, Config.php (red = folder) Where am I going wrong? I can tell that its unable to find the form_process.php file in the path that I am specifying but I am unsure why? Thank you in advance for any help.

Thank you so much for your response, I missed that entirely. I can actually have a go at creating a simple entry form and using the $session to write the users id to the table. Though I think I should probably go into my books a bit more, as that is something I should have been able to spot. Thanks again!

Hello, I am slightly nervous about posting this because I am almost completely new to php, I have a few introductory books on the subject which I am working through at the moment as well as some reference books but I am still getting through the basics of it all. I recently downloaded a login script, which allows a user to login and also allows the protection of some pages if users are not logged in. This script was a free one from easykiss123. it comes with other .php files and I have given them all a look over and I get the general idea of what's going on for the most part, and I THINK as I keep reading my books I will understand everything even more. However, what I really want to do right now is make it so a website would know which user is logged on, and then use this information elsewhere. For example if a particular user logged on and submitted something, I would like obviously the submission to be recorded but also the id of the user that submitted it, at the moment with this code, I do not think that is possible, however I could be wrong. I am looking for any pointers or a nudge in the right direction or link to a tutorial of how I would go about this, anything that may help. I think I would be storing the user ID in a global variable that can be used throughout the site, but again I am not sure. Thanks in advance for any help, I have included both the login script and the script used for protecting pages, as its already freely available online I see no issue with posting snippits of it here since the source has been referenced. <?php # Script 16.8 - login.php // This is the login page for the site. require_once ('includes/config.inc.php'); $page_title = 'Login'; include ('includes/header.html'); if (isset($_POST['submitted'])) { require_once (MYSQL); // Validate the email address: if (!empty($_POST['email'])) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $e = FALSE; echo '<p class="error">You forgot to enter your email address!</p>'; } // Validate the password: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $p = FALSE; echo '<p class="error">You forgot to enter your password!</p>'; } if ($e && $p) { // If everything's OK. // Query the database: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Register the values & redirect: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); $url = BASE_URL . 'index.php'; // Define the URL: ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of SUBMIT conditional. ?> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <?php // Include the HTML footer. include ('includes/footer.html'); ?> <?php require_once ('includes/config.inc.php'); $page_title = 'YOUR PAGE TITLE GOES HERE'; // Start output buffering: ob_start(); // Initialize a session: session_start(); // Check for a $page_title value: if (!isset($page_title)) { $page_title = 'User Registration'; } // If no first_name session variable exists, redirect the user: if (!isset($_SESSION['first_name'])) { $url = BASE_URL . 'index.php'; // Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } ?> <?php // Flush the buffered output. ob_end_flush(); ?>