Jump to content

jeds

Members
  • Posts

    14
  • Joined

  • Last visited

    Never

Contact Methods

  • ICQ
    210241516

Profile Information

  • Gender
    Male
  • Location
    Central NYS Finger Lakes

jeds's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. You are absolutely right. I was fairly certain it was my logic that was causing the problem. By [quote]switching to Registered Globals On[/quote] you mean my session_register statements? Actually I had seen that session_register did not need to be used anymore, but I couldn't get it to work without them. [quote]Notice I don't mix code with output[/quote]. Here I am less clear what you mean, but I will take a stab that code=php and output=html? I do see that you have it separated much better in your example. I also was using file includes, while you are using header location statements. It looks like a better way, but I don't know why. Thank you for the much more than simple (to me) example.
  2. effigy, What I did find out from your code was that I was not checking for the right input, so now that is corrected, I think. However I still have the problem that the preg_match script is not checking the input. So along with my long narrative a couple posts ago, I am putting up my code in as flowchart a manner as I can, maybe somebody can see what is happening. I hope its not overkill, I have tried to keep it as short as possible, without leaving out something that might be relevant login.php: [code]<?php if ($_POST["fieldname"]=="") { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">         <head>                <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />                 <title>login</title> </head> <body> <h4> User Information</h4> ##tried preg_match here## <FORM ACTION="login.php" METHOD="POST"> Entry: <INPUT TYPE="PASSWORD" NAME="fieldname" /><BR /> ##tried preg_match here## <INPUT TYPE="submit" /> ##tried preg_match here## </FORM> ##tried preg_match here## </body> </html> <?php }else{ ##tried preg_match here## $uac=$_POST["fieldname"]; session_start(); if ($fieldname=="loginX"){ $permission="yes";} if ($fieldname=="login2"){ $permission="yes";} $fieldname=$_POST["fieldname"]; session_register("permission"); session_register("fieldname"); if ($permission=="yes"){ ?> <?php include("file2.php"); ?> <?php }else{ ?> <?php include("error.php"); ?> <?php } ?> <?php } ?>[/code] ########################## file2.php: [code]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <?php include("file1.php"); ?> <html xmlns="http://www.w3.org/1999/xhtml">         <head>       <title>Start</title> </head> <body> <a href="first.php">2</a>|<a href="file3.php">3</a>|<a href="file4.php">4</a>|<a href="logout.php">logout</a> Write variables per login: <br /> <?php echo "$var_1"; ?><br /> <?php echo "$var2"; ?><br />         </body> </html>[/code] ##################### file1.php: [code]<?php ##tried preg_match here##(see below)        if ($fieldname == 'loginX') { $var_1 = "value1"; $var2 = "value2"; } elseif ($fieldname == 'login2'){ $var_1 = "value3"; $var2 = "value4"; } else echo "<!DOCTYPE HTML PUBLIC '-//IETF//DTD HTML 2.0//EN'><HTML><HEAD><TITLE>403 Forbidden</TITLE></HEAD><BODY><H1>Forbidden</H1>\nYou don't have permission to access this file.</BODY></HTML>"; ?>[/code] ##################### first.php: [code]<?php session_start(); if ($permission=="yes") { ?> <?php include("file2.php"); ?> <?php }else{ ?> <?php include("error.php"); ?> <?php } ?>[/code] ###################### file3.php etc: [code]<?php session_start(); if ($permission=="yes") { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <?php include("file1.php"); ?> <html xmlns="http://www.w3.org/1999/xhtml">         <head>                 <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />                 <title>Page 3</title> </head> <body> <a href="first.php">2</a>|<a href="file3.php">3</a>|<a href="file4.php">4</a>|<a href="logout.php">logout</a> Write variables per login: <br /> <?php echo "$var_1"; ?><br /> <?php echo "$var2"; ?><br />        </body> </html> <?php }else{ ?> <?php include("error.php"); ?> <?php } ?>[/code] ###################### error.php: [code]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">         <head>                 <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />                 <title>ERROR</title> </head> <body> error msg </body> </html>[/code] ###################### logout.php: [code]<?php session_start(); session_unset(permission); session_unset(fieldname); session_destroy(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">         <head>                 <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />                 <title>Logged Out</title> </head> <body> Logged Out </body> </html>[/code] ###################### preg_match script: (modified after using efigy's script to check for characters other than A-Z, a-z, and 0-9) [code]<?php function validField( $fieldname) { if( preg_match( "/^[a-zA-Z\d]+$/", $fieldname ) ) { return TRUE; } else { print "Bad Chars\n"; } return FALSE; } ?>[/code] Tried it in six places indicated in above files by: ##tried preg_match here## If file1.php has a user (fieldname) that contains a character not allowed, they still log in. Any entry not a fieldname in file1.php returns error.php. Browsing directly to file1.php returns the error message in file1.php preg_match script added to file1.php returns the error message "Bad Chars" to the very top of login.php, regardless of what is entered; allowed characters, not allowed characters, and variable matches!: [code]<?php   { if( preg_match( "/^[a-z0-9]$/i", $fieldname ) ) { return TRUE; } else { print "Bad Chars\n"; } return FALSE; }         if ($fieldname == 'loginX') { $var_1 = "value1"; $var2 = "value2"; } elseif ($fieldname == 'login2'){ $var_1 = "value3"; $var2 = "value4"; } else echo "<!DOCTYPE HTML PUBLIC '-//IETF//DTD HTML 2.0//EN'><HTML><HEAD><TITLE>403 Forbidden</TITLE></HEAD><BODY><H1>Forbidden</H1>\nYou don't have permission to access this file.</BODY></HTML>"; ?>[/code]
  3. ??? umm, should I put the files up here? Do you prefer as code, or zipped attachment. (or not zipped)?
  4. I uploaded the files (may be different now) here: http://www.phpfreaks.com/forums/index.php/topic,110652.msg448282.html#msg448282 I will do that again only if needed, to not use too many resources here. I think that flow is the problem, but don't have the answer. I did try dwees test code, but let me try to explain the layout/flow, before I give the results. page1.php - the login or start page: This actually one large function, see http://www.phptutorial.info/learn/session.php, scroll down to "Password protection using sessions" The only thing I do different from the tutorial above, is after the session starts and the $post variable is registered, is that I use a php include instead of writing a new html statement to page1.php I also include "error.php" instead of his html, that writes if an incorrect value has been posted by the form. The included file is "start.php" (sucessful login) Right after the doc declaration start.php includes the file containing the function that checks to see if the form passed a correct value, and if so makes the associated variable available to print to the pages. That file is called "check.php" Note that check.php has its own error statement. It fires only if someone tries to browse directly to it. Voila! - the only thing viewable in source is "you are not authorized" start.php contains links to the other files that are available upon submission of a correct form value. These each have a session start statement at the top, and an include statement for check.php. They also have an include for the error.php page, which fires if they are not logged in. Now, all of that works, the error page fires with an incorrect login, or if they logout and try to type in one of the "inside" files. A successful login allows me to print the associated variables to any of the inside pages. I just can't get my preg-check function to work. I have tried it:[list] [*]just before the submit button, right after the input entry line. Putting dwees test code there prints the success text there, before (?) submitting a form value. [*]just before the session start/reg. statements in the second part of page1.php.  dwees code here prints 2 session start warnings to the very top of the page: "Cannot send session cookie/cache limiter - headers already sent by page1.php". However, still logged into "start.php, and returning variables from check.php. Clicking a link to the other inside pages fires "error.php, without the session start warnings [*]At the beggining of check.php. Here (and in case 1) my preg_match function does not seem to work. dwees code prints the success statement to the very top of the resulting page, when logged in. [/list]
  5. still, the error message "Bad Chars" never writes to the page (only my other error msg writes, when entering a field value not in the login script), and if the login script has a value using an unnallowed character, it still allows it to login.
  6. Thanks, I tried it and got it to run, but it still is allowing unnallowed characters. [code]<FORM ACTION="page1.php" METHOD="POST"> enter: <INPUT TYPE="PASSWORD" NAME="field" MAXLENGTH="17" /><BR /> <?php extract($_POST); function check_field($field) //allowed chars { if (!preg_match("/^[a-zA-Z0-9]$/i",$field)) return TRUE; else echo "bad entry"; } ?> <INPUT TYPE="submit" /> </FORM> [/code] the error message "bad entry" never writes to the page (only my other error msg writes, when entering a field value not in the login script), and if the login script has a value using an unnallowed character, it still allows it to login.
  7. I have a form on page1.php which submits to itself: [code]<FORM ACTION="page1.php" METHOD="POST"> enter: <INPUT TYPE="PASSWORD" NAME="field" MAXLENGTH="17" /><BR /> <INPUT TYPE="submit" /> </FORM> [/code] the second part of page1.php checks that the entry is correct, and starts the session if the entry is correct. The entry is checked by a script: [code] <?php          if ($field == 'mylogin') { $var1 = "value1"; } elseif ($field == 'yourlogin') { $var1 = "value2"; else echo "error message"; ?>[/code] The problem is that I want to allow only upper and lower case letters, and numbers for "field". This is how I am doing it: [code]extract($_POST); function check_field($field) //allowed chars { if (!preg_match("/[^a-zA-Z0-9]+$/s",$field)) return TRUE; else echo "bad entry" }[/code] I either cannot tell if it is working or it just isn't working, because the script throws its error message if an incorrect value is entered for $field. I have tried my preg_match script in several places (before the submit statement, before the session starts, inside the script. Do I have something wrong with my preg_match script? Do I need it in a certain place, to get it to check an entry before the other script checks it? How do I check to see if preg_match is working? (If I add an entry to the variable script that includes a character other than big and small letters or numbers for $field, such as "#%7gE>", the script returns the value of $var1 just like it does not contain any unnallowed characters. If I enter a field value that includes unnallowed characters, but is not a match for $field, it goes to the error for the variable script. I do have different error messages for each script. Everything works fine if I do not try to check for unnallowed characters. Thanks
  8. OK, your code works, as does mine. At least, clicking on the logout link keeps the visitor out unless they login again, so which is better? Your logout code [code]<?php session_start (); $_SESSION = array (); session_destroy (); ?>[/code] my code [code]<?php session_start(); session_unset(permission); session_unset(uac); session_destroy(); ?>[/code] (works with code from http://www.tutorialized.com/tutorial/Learning-session-with-examples/13443 )
  9. For anyone searching: check out http://www.tutorialized.com/tutorial/Learning-session-with-examples/13443 the only thing I didn't get from the above url is logout, use: [code]<?php session_start(); session_unset(uac); session_destroy(); ?>[/code]
  10. printf, The code came from http://www.phpfreaks.com/forums/index.php/topic,103383.0.html Reply #4 Here's the files. I was outa town for a while then my post was going 500. Hope its up now. Steve Well, preview is not working, just comes back to here (better than 500 server error) So here goes... [attachment deleted by admin]
  11. Hi, I have six files all in the same directory. The first file contains a function. file1.php, in its entirety: [code]<?php        if ($uac == 'tony') { $dom = "jedsweb"; $new = "more"; $new_2 = "yes"; } elseif ($uac == 'bob'){ $dom = "cvag"; $new = "less"; $new_2 = "no"; } else echo "<!DOCTYPE HTML PUBLIC '-//IETF//DTD HTML 2.0//EN'><HTML><HEAD><TITLE>403 Forbidden</TITLE></HEAD><BODY><H1>Forbidden</H1>\nYou don't have permission to access this file.</BODY></HTML>"; ?> [/code] All the other pages are html, and include the file with the function, except the login and logout files ([code]<?php include("file1.php"); ?>[/code]) login file contains: [code]<FORM ACTION="file2.php" METHOD="POST"> Authorization Code: <INPUT TYPE="PASSWORD" NAME="uac" /><BR /> <INPUT TYPE="submit" /> </FORM>[/code] This works as I can echo the 3 variables on file2.php, but I need to use sessions to access the variables on the other files (and file2.php when going back to it) I have googled and browsed, including this board and still it does not work. Here is where I am at: At the very top of the login page: [code]<?php $_SESSION['uac'] = $uac; ?>[/code] On the top of the other files, except logout: [code]<?php session_start(); echo $_SESSION['uac']; ?>[/code] And on the logout file: [code]<?php header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past session_destroy('uac'); session_write_close('uac'); ?> [/code] As a matter of disclosure, the logout code is not tested, I'm still trying to get the session to work. Right now, the 2nd page past logging in gives my error message in file1.php, meaning that the visitor is no longer passing the test. Thanks in advance Steve
  12. jeds

    Parse error

    Thanks, Aaron, it works great. So now I can use it to define variables: [code] <?php if ($_SERVER['SERVER_ADDR'] == "216.40.250.54") { $var = 'Bob'; $var_2 = 'Sam'; } else { $var = 'Ralph'; $var_2 = 'Joe'; } ?> <?php echo "$var, $var_2"; ?> [/code] Works too :)
  13. I think its a script, nomenclature overwhelms me: [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--] <?php if ($_SERVER['SERVER_ADDR'] = 216.40.250.54) { ?> <strong>BLUE</strong> <?php } else { ?> <strong>YELLOW</strong> <?php } ?> [/quote] I just get the Parse error Thx
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.