DeanWhitehouse
-
Posts
2,527 -
Joined
-
Last visited
Everything posted by DeanWhitehouse
-
<?php require_once '../includes/main.inc.php'; require_once '../includes/db_connect.php'; require_once '../includes/config_table.inc.php'; session_start(); // Only include the header and footers if you have to print errors function print_error($err_message) { require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; echo $err_message; exit; } $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $salt = substr($user_password, 0, 2); $userPswd = crypt($user_password, $salt); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); header("Location:".$_SERVER[REQUEST_URI]); $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; } } else{ print_error( 'Login failed. Username and Password did not match database entries.'); } } else { print_error( "Form was not completed. Please go back and make sure that the form was fully completed."); } mysql_close(); ?> this code is meant to when the admin(user level 1) logs in, redirect them to another page, but it resends the form when it gets there and says "Form was not completed. Please go back and make sure that the form was fully completed." but it does create the session and log them in, but doesn't redirect properly,any ideas?
-
then if they come from an external site, have it echo a link to index.php on your site??
-
does anyone no??
-
i use sql database and .inc.php file(this is simpiler and requires less work)
-
erm, well, using this code i get the error, not all fields field in, but the session is created for the admin so it has logged in, but resent so thats why the error is showing. to see for your self, http://deanwhitehouse.awardspace.co.uk/admin/admin_centre.php Username: Blade280891 Password: Natasha case sensitive. The error appears at the top left, and refresh to see the admin centre <?php require_once '../includes/main.inc.php'; require_once '../includes/db_connect.php'; require_once '../includes/config_table.inc.php'; session_start(); // Only include the header and footers if you have to print errors function print_error($err_message) { require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; echo $err_message; exit; } $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $salt = substr($user_password, 0, 2); $userPswd = crypt($user_password, $salt); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); header("Location:".$_SERVER[REQUEST_URI]); $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; } } else{ print_error( 'Login failed. Username and Password did not match database entries.'); } } else { print_error( "Form was not completed. Please go back and make sure that the form was fully completed."); } mysql_close(); ?>
-
yer because it is resending the data. is there anyway to stop it doing this, as i don't think/no if i can add a header instead of the meta refresh
-
Another problem, this code if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=$_SERVER[REQUEST_URI]'>"; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; } } how can i stop it reposting the data, as it does store the session, but when it takes you back to the page it reposts the data(which is blank)
-
fixed, i just added session_start(); to the top of the login script, as all my other pages contain the session_start(); part in the header.php file
-
heres a much as i will say. the value $construction needs to be saved somewhere then called form that location. simple if you no how to do it
-
Ok, i don't have a clue about what you just said,lol, soz, shall i just add the session start to the top of everypage??
-
huh? u kinda lost me, is that not waht i already have
-
erm no, but because they are only included if there is an error, they won't run. How can i get around this, without having to recode alot of it?
-
could this code be a problem, <?php session_start(); echo ("<title>$site_title</title>"); echo ("<link rel='stylesheet' type='text/css' href='../Themes/style.css' />"); echo ("<table class='title'><tr><td align='center'><h1>$custom_header</h1></td></tr></table>"); ?> this is header footer <?php echo "<p class='disclaimer'>$site_disclaimer</p>"; ?> and nav bar <?php if ($_SESSION['is_valid'] == true){ if ($_SESSION['user_level'] == 2){ echo "<table class='nav_bar'><tr><td> <a class='nav_bar' href='$home_page/$main_page'>$home</a> </td></tr><tr><td>Logged In</td></tr></table>"; } if ($_SESSION['user_level'] == 1){ echo "<table class='nav_bar'><tr><td> <a class='nav_bar' href='$home_page/$main_page'>$home</a> </td></tr><tr><td> <a class='nav_bar' href='/admin/admin_centre.php'>Admin Centre</a> </td></tr></table>"; } } else { echo " <table class='nav_bar'><tr><td> <a class='nav_bar' href='$home_page/$main_page'>$home</a> </td></tr></table>"; } ?> and home.php <html> <table id="time"><tr><td><?php echo gmdate('l jS \of F Y');?><br><?php echo gmdate('h:i:s A');?></td></tr></table> </html> <?php require_once 'includes/main.inc.php'; require_once 'includes/db_connect.php'; require_once 'includes/config_table.inc.php'; require_once 'includes/header.php'; require_once 'includes/footer.php'; require_once 'nav_bar.php'; ?> <?php if (is_dir(install)) { echo "<p class='exists'><br>Please remove the install folder</p>"; } else { echo "Please go to the admin centre to cutomise the site"; } echo "$intro"; ?> is it because the session_start(); is in the header?
-
Can u have a look at this code and see why it doesn't work <?php require_once '../includes/main.inc.php'; require_once '../includes/db_connect.php'; require_once '../includes/config_table.inc.php'; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; // Only include the header and footers if you have to print errors function print_error($err_message) { require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; echo $err_message; exit; } $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $salt = substr($user_password, 0, 2); $userPswd = crypt($user_password, $salt); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>"; } } else{ print_error( 'Login failed. Username and Password did not match database entries.'); } } else { print_error( "Form was not completed. Please go back and make sure that the form was fully completed."); } mysql_close(); ?> admin centre code <?php require_once '../includes/main.inc.php'; require_once '../includes/db_connect.php'; require_once '../includes/config_table.inc.php'; require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; if ($_SESSION['is_valid'] == true){ if ($_SESSION['user_level'] == 2){ echo "incorrect permissions"; } if ($_SESSION['user_level'] == 1){ echo "<table class='admin'><form method='post' action='writ_pref.php'> <tr><td> Home Page:</td><td> <input type='text' name='main_page' value='$main_page'><br></td></tr> <tr><td> Site Name:</td><td> <input type='text' name='site_title' value='$site_title'><br></td></tr> <tr><td> Disclaimer: </td><td> <input type='text' name='site_disclaimer' value='$site_disclaimer'><br></td></tr> <tr><td> Intro:</td><td> <input type='text' name='intro' value='$intro'><br></td></tr> <tr><td></td><td><input type='submit' value='Continue' name='check'> </td></tr></form> </table>"; } } else { echo "login"; } //table where user enters the sites details ?> Any ideas i have worked out that the login form doesn't work now. the form requries all the files mentioned, so when u added this function print_error($err_message) { require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; echo $err_message; exit; } it stopped the code working.
-
ok then, write it yourself
-
er im not sure, all my code is in PHP not html but i think i no what to change. Also is there a way of redirecting back to the page the user was on. E.g they login on home.php and they get redirected to home.php not to the a set page. Would i use $_server
-
Please PM me and i can write the code for you. For $10
-
I didn't write the cookie code so i do not no what to change in it etc. this is the whole login code, without the form <?php require_once '../includes/main.inc.php'; require_once '../includes/db_connect.php'; require_once '../includes/config_table.inc.php'; require_once '../includes/header.php'; require_once '../includes/footer.php'; require_once '../nav_bar.php'; $_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files $_SESSION['username'] = $row['user_name']; $_SESSION['user_level'] = $row['userlevel']; $user_name = $_POST["user_name"]; $user_password = $_POST["user_password"]; $verify_username = strlen($user_name); $verify_pass = strlen($user_password); if ($verify_pass > 0 && $verify_username > 0) { $salt = substr($user_password, 0, 2); $userPswd = crypt($user_password, $salt); $sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); $user_level = $row['userlevel']; if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>"; } } else{ echo 'Login failed. Username and Password did not match database entries.'; } } else { echo "Form was not completed. Please go back and make sure that the form was fully completed."; } mysql_close(); ?>
-
ok, when i tried this code, i get a cannot modify header error for a split second then it works. if ($user_level == 1) { $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../index.php'>"; } elseif ($user_level == 2){ $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>"; } }
-
erm because i have already sent a header on the first page, therefore won't i recieve an error. here is some of the code if this helps in the login code if ($user_level == 1) { echo "<meta http-equiv='refresh' content='2; url=../includes/setcookie.php?u=$username&p=$user_password'>"; } elseif ($user_level == 2){ echo "<meta http-equiv='refresh' content='2; url=../includes/setcookie.php?u=$username&p=$user_password'>"; } } else{ echo 'Login failed. Username and Password did not match database entries.'; } cookie code <?php $login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'")); $userright = array($login_check['user_name'], $login_check['userlevel']); $s_userpass = serialize($userpass); setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" ); echo "<meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>"; ?>
-
erm, i can do, but at the moment i am using <meta http-equiv='refresh' content='0; url=../admin/admin_centre.php'>
-
Erm, i kinda understand, can i show you what happens, http://deanwhitehouse.awardspace.co.uk/login.php the admin username is: Blade280891 and password: Natasha the non-admin username is: Bob and password: BOB How would i create the cookies in the same page, do i put my create cookie code into the if, instead of the redirection code??
-
So to not take up room on the forum, i will post my question here. I have a login page, when the user has logged in the page redirects to the create cookie page then this page redirects to the "next page", my problem is that there is a gap when redirecting where you can see the login page once logged in, how can i make it so that when you log in you go straight to the "next page" and the cookie is created.
-
O rite, i didn't think cookies would work that way, i thought they just store the data i didn't no you can keep users logged in with it.
-
If i am right cookies are used for remeber me functions, but i think sites now use sessions to keep people logged in as the remeber me function, and cookies to remeber there username and/or password. Is this right?
