willc

When I inserted the code above, I got the same error messages as before.... I think the problem is on index.php. I have included the code in the previous post that is likely causing the problem.

here are lines 33-39 on index.php where the problems now seem to be occurring: 33 include($phpbb_root_path . 'extension.inc'); 34 include($phpbb_root_path . 'common.'.$phpEx); 35 36 // 37 // Start session management 38 // 39 $userdata = session_pagestart($user_ip, PAGE_INDEX); Have the file paths been screwed up? Thank you!

Hello, No matter what I do with the php's include function, I am getting errors on my page. My code in my php page is this: include("http://www.mydomain.org/forum/"); when I do that, I get these error messages: Warning: include(http://www.mydomain.org/forum/) [function.include]: failed to open stream: Redirection limit reached, aborting in /home/usr/public_html/members/forum.php on line 397 Warning: include() [function.include]: Failed opening 'http://www.mydomain.org/forum/' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/usr/public_html/members/forum.php on line 397 I've even checked the php.ini file and it allows urls. Alternatively, when I use the relative path instead like this: include("/home/usr/public_html/forum/index.php"); I get these warning messages: Warning: include(./extension.inc) [function.include]: failed to open stream: No such file or directory in /home/usr/public_html/forum/index.php on line 33 Warning: include() [function.include]: Failed opening './extension.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/usr/public_html/forum/index.php on line 33 Warning: include(./common.) [function.include]: failed to open stream: No such file or directory in /home/usr/public_html/forum/index.php on line 34 Warning: include() [function.include]: Failed opening './common.' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/usr/public_html/forum/index.php on line 34 Fatal error: Call to undefined function session_pagestart() in /home/usr/public_html/forum/index.php on line 39 Anybody know what to do about this? There must be something simple I'm missing. Are .php files supposed to go in specific, "pre-designated" directories? Thank you!

thanks for the username stuff, i will implement that. on the php include, i just thought that's how it was done if i wanted to "embed" the /forum/index.php page into the members/forum.php page. But you are suggesting that I put the header redirect in instead? The php include is now in the middle of the page, in some html code. When I implement your suggestion, I get this error: Warning: Cannot modify header information - headers already sent by (output started at members/forum.php:20) in members/forum.php on line 397. Line 397 has this on it: ("location: http://www.mydomain.org/forum/"); Thanks again for all your help with this. Also, I will look into just using the path with include.

Hi, First, thanks for your help. I really do appreciate it. Second, please laugh at me loudly. Seriously. It's comical that I'm even trying to tackle this stuff. My brain cannot handle this code. I really don't know how you guys do it. In any case, to answer your question: $sql="SELECT * FROM $tbl_name WHERE UPPER(lastname) LIKE '%$myusername%' and membernum='$mypassword'"; I was just trying to choose the username from the table regardless of whether they entered a lower case last name or an uppercase one. I didn't want there to be any difference between "Jones" and "jones." I thought that's how it was done. But I will implement your solution. All of your help on the log-in seems to be working (thank you) but I'm not quite there yet. I get this error now: Warning: include(http://www.mydomain.org/forum/) [function.include]: failed to open stream: Redirection limit reached, aborting in /forum.php on line 397 Warning: include() [function.include]: Failed opening 'http://www.mydomain.org/forum/' for inclusion forum.php on line 397 Those errors occur on the forum.php page so it seems that once that is fixed, we will be in business!

thank you, i will give that a go! I hope it works.

Hello, I am having some difficulty. I have a page that I am trying to limit access to: www.mydomain.com/forum/index.php I only want members to be able to get to that page after a successful log in and from a link within a members only page: www.mydomain.com/members/members_page.php On members_page.php, the link will take us to another page (www.mydomain.com/members/forum.php). On forum.php, the www.mydomain.com/forum/index.php page is "embedded" using phpinclude. The sessions don't seem to be working. I know I'm missing something because I am an idiot with this stuff. So, here's how the progression goes and the essential code for each page: 1. Deny access to www.mydomain.com/forum/index.php directly unless they have logged in: <?php session_start(); if ($_SESSION['access'] !== true) { header("location:http://www.mydomain.com/members/main_login.php"); } ?> HTML and php of the forum index page falls below the code above. 2. If they have not logged in, they have been directed to main_login.php. Here is the code on that page: <? session_start(); if ($_SESSION['access'] == true) { header("location:http://www.mydomain.com/members/members_page.php"); //let them in if successful log-in } ?> Form HTML falls below the code above. 3. After they have entered their log-in information, they are sent to checklogin.php to see if the username and password match. Here is the code for that: <?php session_start(); $host="xxxxx"; $username="xxxxx"; $password="xxxxx"; $db_name="xxxxx"; $tbl_name="xxxxxx"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $myusername=strtoupper($_POST['myusername']); $mypassword=$_POST['mypassword']; $sql="SELECT * FROM $tbl_name WHERE UPPER(lastname) LIKE '%$myusername%' and membernum='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ $_SESSION['access'] = true; header("Location: http://www.mydomain.com/members/members_page.php"); } else { echo "Wrong Username or Password"; } ?> 4. If they have logged in successfully, they are sent to the members_page.php. Here is the php code for that page: <?php session_start(); if ($_SESSION['access'] !== true) { header("location:http://www.mydomain.com/members/main_login.php"); } 5. On members_page.php, there is a link to another page (www.mydomain.com/members/forum.php) which has the forum index page (www.mydomain.com/forum/index.php) embedded in it using phpinclude. So when they load www.mydomain.com/members/forum.php, they are actually partly seeing www.mydomain.com/forum/index.php within it. Here is the code for www.mydomain.com/members/forum.php <?php session_start(); if ($_SESSION['access'] !== true) { header("location:http://www.mydomain.com/members/main_login.php"); } ?> HTML of website with php code is down below the code above. The link to the actual forum (www.mydomain.com/forum/index.php) is done using phpinclude so it happens automatically. So phpinclude brings the forum page (forum/index.php) into the members' forum page (members/forum.php). Here is that code in the middle of the HTML of the forum.php page: <?php session_start(); $_SESSION['access'] = true; include("http://www.mydomain.com/forum/"); ?> My problem is that I can't get into the forum. I am just sent endlessly in a loop from the member log in page to the members only page, around and around. I suspect that something is happening where the session is not being carried over from the link on the members_only page to the forum.php page. The access=true is not working on the embedded forum because it keeps asking me to log-in. Should I not be using phpinclude or do you see something that I don't that is not allowing me to get into the forum? I think I am probably using sessions incorrectly. Any help in any area greatly appreciated. Thank you, Will

Thank you my friend. I will look into that. Really appreciate the help.

Blue, Thank you, that worked! Any suggestions on how I can tighten up the security and other issues re: discomatt's points above? Much obliged.

by which I mean you attempt to assign the value of true to $_SESSION['access'], but instead you use the comparison operator. should be: $_SESSION['access'] = true; Thank you, I will try that. Actually, shouldn't I assign true using "==" if the username and password are correct? And then I use "=" on the other pages?

I'm such a noob and am afraid I don't know how to do that. What do you recommend? Any links to tutorials that you know are good? Again, I'm pretty new at this and really don't know the best way to make this secure. I'm just trying to get the username to match what's in the database. I will check that out. Thanks and sorry for the questions.

Sorry yes, the browser keeps kicking me back to the log-in page so there is something going on with $_Session. But I'm unsure of how to fix it. Any ideas?

Hello, I am trying to create simple log in script using sessions. The browser is not cooperating so I'm clearly doing something wrong. I keep getting kicked back to the log-in page. Thanks for your help! Will Here is my code for the main login page: <? session_start(); if ($_SESSION['access'] == true) { header("location:URL to members only page"); } ?> HTML for log-in form.... <form name="form1" method="post" action="checklogin2.php"> Here is the code for the checking of the log-in (checklogin2.php): <?php session_start(); $host=xxxxx"; $username="xxxxx"; $password="xxxxx"; $db_name="xxxxx"; $tbl_name="xxxxx"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $myusername=strtoupper($_POST['myusername']); $mypassword=$_POST['mypassword']; $sql="SELECT * FROM $tbl_name WHERE UPPER(lastname) LIKE '%$myusername%' and membernum='$mypassword'"; $count=mysql_num_rows($result); if($count==1){ $_SESSION['access'] == true; header("Location: url to members only page"); } else { echo "Wrong Username or Password"; } ?> Finally, here is the code for the members only page: <?php session_start(); if ($_SESSION['access'] !== true) { header("location:back to main login page"); } ?> HTML of members only page

Thank you both for your suggestions. The forum is normally accessed through the index.php file - that is correct. I guess what I don't want to happen is for people to access it by "getting smart," by typing in other pages in the forum, like www.mydomain.com/forum/search.php. Because it seemed if they did that, they would be able to bypass this "security" I guess I'm trying to implement. Any thoughts on that? Really what is happening is that I have embedded this forum into a members-only area and I only want members (after they have signed in) to view that forum. So, they would only be able to view www.mydomain.com/forum/index through www.mydomain.com/members/forum/. The forum is phpBB by the way. Thanks again! I appreciate the effort.

Okay, thank you very much. I will give that a try. One important thing I forgot to mention is that there are many pages within this area of the website that I don't want to people to access directly. All of the pages (there are about 20) are in a folder called forum that I don't want people to access directly. Is there a way to provide that kind of solution to the folder (and therefore all of the pages within it) easily or do I need to go into each individual php page and apply that code? Thanks again!