treilad
-
Posts
58 -
Joined
-
Last visited
Never
Everything posted by treilad
-
I've been working /forever/ just trying to get the login system to work. (I know I just made a topic similar to this. Sorry?) I'm trying to condense what could be several topics into one, if this seems long. :) I want certain pages to not be visible if users are not logged in. Akitchin gave me this seemingly wonderful script to do just that: Login2.php [code]<?php include ('db.php'); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if (!isset($_COOKIE['ID_my_site'])) { header('./logout.php'); } } } else { header('./loginpage.php'); } ?>[/code] Except it doesn't seem to work. I include that at the top of all the pages I don't want to be visible to non-logged in people, yet when I log out, I can still see it and it doesn't seem to execute this code. What can I do to make this code execute EVERY time this page is visited. EVEN if I logout and hit the back button, I want it to run the code. (Perhaps a forced refresh?) Here is my login.php code. I have it included in a table in loginpage.php. I want this code to not load if somebody is already logged in. If they're logged in, I'd like it to redirect them to a page that echos something along the lines of "You're already logged in, (display user here). I'm not sure how to write the code for that page, particularly the (display user) part, but I can't imagine it's that hard so it's not my main concern at the moment. (But for those of you to whom this seems simple and non-time consuming, which will not be the case for me, feel free to jot down a semantic writeup. ^^) I know I'll be using that often, the echoing of info from databases. But there are tutorials for that, so don't hurt yourself. :) [code]<?php include ('db.php'); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: index.php"); } } } if (isset($_POST['submit'])) { // if form has been submitted if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); header("Location: index.php"); } } } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?>[/code] There's nothing wrong with that code, other than I'd like to add the redirect if they're already logged in, as I mentioned, I'm just posting it for reference, if someone needs to see it. Uh... my registration code. Again, I don't want the page this is included in to be visible to someone who has logged in. Where I am at the moment, people can still register while they're logged in. That's not good. So I want it to do essentially the same as the login redirect. Just display a page that echos "You don't need to register. O.o You're already logged in, (display username). I imagine the solution is the same as the login redirect problem, so don't worry about it. Posting it for reference purposes only: [code]<?php include ('db.php'); if (isset($_POST['submit'])) { if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. '); } $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert) or die(mysql_error()); ?> <h1>Registered</h1> <p>Thank you, you have registered - you may now login</a>.</p> <?php } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0"> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="60"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="10"> </td></tr> <tr><td>Confirm Password:</td><td> <input type="password" name="pass2" maxlength="10"> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table> </form> <?php } ?>[/code] Other than these, the only problem I'm having, (more of a worry, really), is security. I haven't put this on the web yet, but when I do, I have no idea of the common PHP security issues and what precautions I should take. Tell me if you need more code to diagnose me and I'll gladly edit them in. :) I'm not asking anybody to read over all this garbage and fix every little thing, but I'll leave this up here for a day and bump every three hours or so and see what help I can get. Thanks in advance, -Matt
-
It didn't like yours, redarrow. :( But I got it to work with wildteens tip. Also, the code cleared up. No more errors. But I can still visit the page when I'm logged out. I have include('index3.php'); which is the code I just fixed at the top of index.php. Before I make another topic, I'll just put it here and see if there's a simple answer. I need the code to ensure that the page is not visible if the user's credentials do not match up. For some reason it doesn't header me anywhere even when I'm not logged in, as it should. Again, here's my "corrected" code: [code]<?php include ('db.php'); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if (!isset($_COOKIE['ID_my_site'])) { header('./logout.php'); } } } else { header('./loginpage.php'); } ?>[/code]
-
I meant to header, because this is just a script to check the credentials of the user. Each page loads it automatically (ideally, anyway. working on that.) to check their credentials, and if they check out, they can view the page. EDIT: I said that wrong. I have this at the top of each page. It checks their credentials and if they check out, it does nothing. If the credentials don't match, it removes the cookie because they have a cookie set but their credentials don't match, so they don't keep the cookie. If there isn't a cookie, it boots them from the page to the login page. Also, now I'm getting this error: [quote] Parse error: parse error, unexpected $end in C:\Server\wamp\www\project\index.php on line 204[/quote] 204 is the end. Nothing there, so I assume I'm missing something.
-
Thanks a bunch. :)
-
Not sure I should go into detail if it's just a syntax error, but I will if needed. The error is: [quote] Parse error: parse error, unexpected T_ELSE in C:\Server\wamp\www\project\index.php on line 17[/quote] Code: [code]<?php if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )){ if (!isset($_COOKIE['ID_my_site'])) { header('./logout.php') else { header('./loginpage.php') } ?>[/code] It doesn't like the 'else', but I don't know why. :-/
-
I filled in the code the best I could, but there might be errors. It looks like it will run alright. [code]<?php // check if the user's credentials check out if(isset($_COOKIE['ID_my_site'])) // grab the credentials (hint: when the query is only grabbing one row, you don't need a while() loop) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )){ if (!isset($_COOKIE['ID_my_site'])) { header('./logout.php') } } else { header('./loginpage.php') } ?>[/code] Now that we've got past the looping issue you brought up, I'd like to know how to make that script run everytime the page is refreshed. Force refresh possibly? I dunno. Ya'll have been a big help tonight so thanks a ton. I've been working on this for over 15 hours straight, so I'm gonna get some shut-eye. I'll wake up in a few hours and check what you post so the board doesn't disappear on me. Thanks again and you probably haven't seen the last of me... :D
-
[quote]What error are you getting? Or are you just wanting for us to look at it and see if it's right?[/quote] Disregard it. I like your logic for checking if it's not there. Seems it would cause less trouble. Will try...
-
I tried pixy's and I tried to try akitchin's. Only been using PHP for a week or so so I don't have all the syntax down. Can somebody point out my mistake(s) here? [code]<?php include ('db.php'); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { header("Location: loginpage.php"); } else { header("Location: index.php"); exit; } } } ?>[/code] Is there an "if" statement ya'll can think of that would make sure that the page runs a script everytime? I realize I'd have to fix the script so it didn't cause the looping problem that akitchin mentioned, but that shouldn't be hard.
-
[quote]if ((isset($_COOKIE['user']) && (!strpos("$_SERVER['php_self']", "logout.php") { echo 'You wanna log out?'; } else { echo 'You wanna log in?'; }[/quote] [quote]my fix: setcookie('k',$k+1,1); echo $k;[/quote] Both look promising. I'll try the simpler of the two first.
-
[quote]When you go back to the index after logging out, refresh the page and see if it kicks you off. Then, the worst that can happen is they see the main page after logging out--but if they click something it will load that page and kick them off anyways.[/quote] That's what I thought. I said in my first post that that didn't work. :P
-
Can do. Will edit them into this post... index.php [code]<?psp include ('index2.php'); ?> <html> <head> <title="Untitled"> </head> <body> <center> <table border="0" cellspacing="0" cellpadding="0" width="752"> <tr> <td width="752" height="150" colspan="8" background="http://www.geocities.com/runelodge/header.jpg"></td> </tr> <tr> <td width="94" height="15"> <a href="./index2.php"><img src="http://www.geocities.com/runelodge/button1.jpg" border="0"></a> </td> <td width="94" height="15"> <a href="./about.php"><img src="http://www.geocities.com/runelodge/button2.jpg" border="0"></a> </td> <td width="94" height="15"> <a href="./forum2.php"><img src="http://www.geocities.com/runelodge/button3.jpg" border="0"></a> </td> <td width="94" height="15"> <a href="./clans2.php"><img src="http://www.geocities.com/runelodge/button4.jpg" border="0"></a> </td> <td width="94" height="15"> <a href="./members2.php"><img src="http://www.geocities.com/runelodge/button5.jpg" border="0"></a> </td> <td width="94" height="15"> <a href="./links2.php"><img src="http://www.geocities.com/runelodge/button6.jpg" border="0"></a> </td> <td width="94" height="15"> <a href="./register.php"><img src="http://www.geocities.com/runelodge/button7.jpg" border="0"></a> </td> <td width="94" height="15"> <a href="./loginpage.php"><img src="http://www.geocities.com/runelodge/button8.jpg" border="0"></a> </td> </tr> </table> <table border="0" width="752" cellspacing="0" cellpadding="20"> <tr> <td width="752" style="border: 1px solid grey;"> Testing, Testing, 1 - 2 - 3. </td> </tr> </table> </center> </body> </html>[/code] Index2.php [code]<?php include ('db.php'); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { header("Location: loginpage.php"); } else { echo ('<meta http-equiv="refresh" content="1;url=./index.php">'); } } } else { header("Location: loginpage.php"); } ?>[/code] Logout.php [code]<?php $past = time() - 100; setcookie(ID_my_site, gone, $past); setcookie(Key_my_site, gone, $past); header("Location: login.php"); ?>[/code] Thar they be.
-
That would make sense. :-[ But if I coded it to refresh each time, it would be cached with that code so it wouldn't be a problem. Right?
-
It already is a PHP page, but yes, that worked. I echoed it and it works fine now. Thanks. :)
-
Index2.php is a script I wrote that checks for a cookie. If the cookie is present, it sends them to the page they wanted, but if not, it redirects them to the login page. Index.php is my webpage. When I logout, it logs out, but when I click 'back', I can still see index.php. That shouldn't happen (so I thought) because I put: [quote]<?php include ('index2.php'); ?>[/quote] at the top of index.php, so that it would run the script and redirect to login if they weren't logged in. It still let's me see index.php. I thought it was because I had to refresh for it to load, but it still didn't. Perhaps an "if" would do it? Also, I'm quite sure I'll have to code it to auto-refresh every time the page is visited, so that once the script is working it will run and keep people not logged in from seeing it, so in addition I need to know how to do that. Keep things in one topic.
-
Also a good idea... ^^ BTW, http://www.phpfreaks.com/forums/index.php/topic,100631.0.html. I could use some help.
-
Simple question with a simple answer, I'm sure. This is my code: [code]<?php include ('db.php'); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { header("Location: loginpage.php"); } else { header("Location: links.php"); } } } else { header("Location: loginpage.php"); } ?>[/code] This: [quote]header("Location: links.php");[/quote] I would like to change to have the effect of this: [quote]<meta http-equiv="refresh" content="5;url=http://stuff.com/stuff">[/quote] I just simply don't know how to embed the HTML within the PHP.
-
Hehe. I was going to say to CTRL + F '<<'... If that didn't work, try counting all the chicken lips in your HTML code. Pair them up as you go. If it's in the HTML code, you'll find it that way.
-
Rofl... EDIT: Post the whole code and it might be easier.
-
Perfect! Much more reader-friendly. Makes sense to me now, and you included other things that I'm glad you did. Such as the <meta>/header difference. Thanks so much. :D *runs to fix code*
-
[quote]i hope that eventually you realize why the errors are occurring, and how to avoid the headache in the future without using output buffering (which, used in more complex scripts, is a can of worms all on its own). generally speaking, one should operate any server-side procedures before outputting anything to the browser. validate the form, do whatever you want to with the info, and set some content into variables. THEN go about sending out the typical static stuff plus any feedback from your procedures (success, errors, a form if there were errors, etc.). structuring your scripts this way just makes debugging, reading, and editing a crapload easier in the end. in short, solving a problem like this at the root means less time pulling out your hair, yelling at the monitor and asking in the forums. it also means more time getting on with your work.[/quote] Duly noted. :) Thanks for all the tips and while I don't like resorting to temporary fixes, I'm not learned enough in PHP to be able to fix things without assistance. I'm not running a complicated script so this will be fine for now. Once I get to the point where I can honestly say I know what I'm doing, I'll make it neat. Thanks again.
-
:) The post about headers by akitchen said that that was a bandaid. I've been working on this for long enough that I don't care. Bandaid's fine. Thanks, BillyBob.
-
That's what I needed to know. Thanks. :)
-
I did, asking a somewhat different question. I deleted it and rephrased the question because I wasn't getting the answer I needed. They told me I needed to set the cookie or session at the beginning, which I'm trying to do. I just don't understand how to make the script work with that.
-
I have a login script that sets a cookie when they login. I get the 'headers cannot be sent' error because I am trying to send headers /after/ info has already been sent to the browser. The login script is included() within a webpage, so I'm told to put the setcookie at the top of the page. But now I don't understand why I'd set a cookie on the login page before they've logged in. This is obviously very common script because it's used on so many websites. I'm just missing something. Could someone please explain it to me, perhaps a little more step-by-step than you would with a normal question? I'm somewhat new to PHP so obvious things aren't quite so obvious with me. ;) Here is my login script: [code]<?php include ('db.php'); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: index.php"); } } } if (isset($_POST['submit'])) { // if form has been submitted if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); header("Location: index.php"); } } } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?>[/code] It is included in a table on another webpage. Thanks in advance. :)
-
Think he meant that's what he is trying to accomplish.
