paddyhaig

Thank you andrewgauger, all though I am not altogether sure what you are saying, that's probably more my fault than yours. Are you saying that I should put ob_start() at the top of every page? Just ob_start()? You must excuse me as I really am new to this.

This is the code of just one of the pages that you should log into after the correct authentication details are entered into the initial login form. This is the index.php from the admin folder. The are three other folders that can be logged into depending on the details entered into the initial authentication form. // I believe the should be added something here. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Concierge Admin Index</title> <link href="../includes/primary_layout.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <div id="large-blue-box"> <div id="form1"> <!-- <?php include("../includes/footer.inc"); ?> I would like to make all the below code an include --> <p><img src="../graphics/general/ai_banner.gif" alt="" width="180" height="28" /></p> <p><a href="concierge-setup.php"><img src="../graphics/general/concierge-setup_button.gif" width="180" height="28" /></a></p> <p><a href="accommodation.php"><img src="../graphics/general/accomodate_button.gif" width="180" height="28" /></a></p> <p><a href="general-log.php"><img src="../graphics/general/gen-log_button.gif" width="180" height="28" /></a></p> <p><a href="../index.php"><img src="../graphics/general/lo_button.gif" alt="" width="180" height="28" /></a></p> </div> <div id="form2"> <p><img src="../graphics/general/man_index_banner.gif" width="180" height="28" /></p> <p><a href="staff_management.php"><img src="../graphics/general/sm_button.gif" width="180" height="28" /></a></p> <p><a href="bed_management.php"><img src="../graphics/general/bm_button.gif" width="180" height="28" /></a></p> <p><a href="audit_system.php"><img src="../graphics/general/as_button.gif" width="180" height="28" /></a></p> <p><a href="shift_summary.php"><img src="../graphics/general/shift-summary_button.gif" width="180" height="28" /></a></p> </div> <div id="form3"> <p><img src="../graphics/general/recep_banner.gif" width="180" height="28" /></p> <p><a href="check-in-out_index.php"><img src="../graphics/general/check-inout_button.gif" width="180" height="28" /></a></p> <p><a href="delinquent_payments.php"><img src="../graphics/general/delinquent-payments_button.gif" width="180" height="28" /></a></p> <p><a href="reservations.php"><img src="../graphics/general/reservations_button.gif" width="180" height="28" /></a></p> <p><a href="misc_index.php"><img src="../graphics/general/miscellaneous_button.gif" width="180" height="28" /></a></p> </div> </div> <?php include("../includes/footer.inc"); ?> </div> </body> </html>

Could you possibly be a little more specific? calmchess. Are you suggesting that I put this bit of code at the top of my pages. What do you mean by wrap exactly? No: onload()

Please can someone help my create a way of securing the pages on my web site with a session cookie. At present you can wander users directorys simply by manipulating the URL. Here's a copy of my present authentication form: index.php <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Login</title> <link href="includes/primary_layout.css" rel="stylesheet" type="text/css" /> <!--[if IE]><style type="text/css">body { text-align: center; } #small-blue-box { text-align: left; }</style><![endif]--> <link href="../includes/primary_layout.css" rel="stylesheet" type="text/css" /> </head> <body onLoad="document.getElementById('account').focus()"> <div id="text"> <div id="wrapper"> <div id="small-blue-box"> <div id="form0"> <form action="scripts/authenticate/auth.php" method="POST"> <div> <div align="center"><img src="graphics/general/concierge_banner.gif" width="180" height="28">Account: <input name="account" type="text" id="account" value="info@example.com" size="20"> </div> </div> <div> <div align="center">Username: <input name="username" type="text" id="username" size="20"> </div> </div> <div> <label for="password"> <div align="center">Password: <input name="password" type="password" id="password" size="20"> </div> </div> <p align="center"> <input type="image" src="graphics/general/login_button.jpg" onClick="document.submit();> <p> <img src="graphics/general/login_button.jpg" width="150" height="28" alt="login"></p></form> </div> </div> <?php include("includes/footer.inc"); ?> </div> </body> </html> Here's a copy of the auth.php script: Which is called by the above. <?php if (isset($_POST['username']) && isset($_POST['password'])) { $db = mysql_connect('localhost', 'example', 'example') or die("Couldn't connect to the database<br>" . mysql_error()); mysql_select_db('example', $db) or die("Couldn't select<br>" . mysql_error()); $login = mysql_real_escape_string($_POST['username'], $db); $password = mysql_real_escape_string($_POST['password'], $db); $query = "SELECT privilage FROM auth WHERE login = '$login' AND password = '$password'"; $result = mysql_query($query, $db) or die("Problem with the query: $query<br>" . mysql_error()); if (0 === mysql_num_rows($result)) { header('Location: ../../index.php'); exit(0); } $row = mysql_fetch_assoc($result); $privilage = $row['privilage']; session_start(); $_SESSION['username'] = $login; $_SESSION['privilage'] = $privilage; if ('receptionist' === $privilage) { header('Location: ../../receptionists/index.php'); exit(0); } if ('manager' === $privilage) { header('Location: ../../managers/index.php'); exit(0); } if ('administrator' === $privilage) { header('Location: ../../admin/index.php'); exit(0); } } ?> This is my present cookie information: Name PHPSESSID Value p2r4il0jeadghdoa7h4hb7uku5 Host www.example.com Path / Secure No Expires At End Of Session This is one of many pages I would like to secure: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Concierge Admin Index</title> <link href="../includes/primary_layout.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <div id="large-blue-box"> <div id="form1"> <!-- <?php include("../includes/footer.inc"); ?> I would like to make all the below code an include --> <p><img src="../graphics/general/ai_banner.gif" alt="" width="180" height="28" /></p> <p><a href="concierge-setup.php"><img src="../graphics/general/concierge-setup_button.gif" width="180" height="28" /></a></p> <p><a href="accommodation.php"><img src="../graphics/general/accomodate_button.gif" width="180" height="28" /></a></p> <p><a href="general-log.php"><img src="../graphics/general/gen-log_button.gif" width="180" height="28" /></a></p> <p><a href="../index.php"><img src="../graphics/general/lo_button.gif" alt="" width="180" height="28" /></a></p> </div> <div id="form2"> <p><img src="../graphics/general/man_index_banner.gif" width="180" height="28" /></p> <p><a href="staff_management.php"><img src="../graphics/general/sm_button.gif" width="180" height="28" /></a></p> <p><a href="bed_management.php"><img src="../graphics/general/bm_button.gif" width="180" height="28" /></a></p> <p><a href="audit_system.php"><img src="../graphics/general/as_button.gif" width="180" height="28" /></a></p> <p><a href="shift_summary.php"><img src="../graphics/general/shift-summary_button.gif" width="180" height="28" /></a></p> </div> <div id="form3"> <p><img src="../graphics/general/recep_banner.gif" width="180" height="28" /></p> <p><a href="check-in-out_index.php"><img src="../graphics/general/check-inout_button.gif" width="180" height="28" /></a></p> <p><a href="delinquent_payments.php"><img src="../graphics/general/delinquent-payments_button.gif" width="180" height="28" /></a></p> <p><a href="reservations.php"><img src="../graphics/general/reservations_button.gif" width="180" height="28" /></a></p> <p><a href="misc_index.php"><img src="../graphics/general/miscellaneous_button.gif" width="180" height="28" /></a></p> </div> </div> <?php include("../includes/footer.inc"); ?> </div> </body> </html>

Please can someone help my create a way of securing the pages with a session cookie. At present you can wander directorys simply by manipulating the URL. Here's a copy of my present authentication form: index.php <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Login</title> <link href="includes/primary_layout.css" rel="stylesheet" type="text/css" /> <!--[if IE]><style type="text/css">body { text-align: center; } #small-blue-box { text-align: left; }</style><![endif]--> <link href="../includes/primary_layout.css" rel="stylesheet" type="text/css" /> </head> <body onLoad="document.getElementById('account').focus()"> <div id="text"> <div id="wrapper"> <div id="small-blue-box"> <div id="form0"> <form action="scripts/authenticate/auth.php" method="POST"> <div> <div align="center"><img src="graphics/general/concierge_banner.gif" width="180" height="28">Account: <input name="account" type="text" id="account" value="info@example.com" size="20"> </div> </div> <div> <div align="center">Username: <input name="username" type="text" id="username" size="20"> </div> </div> <div> <label for="password"> <div align="center">Password: <input name="password" type="password" id="password" size="20"> </div> </div> <p align="center"> <input type="image" src="graphics/general/login_button.jpg" onClick="document.submit();> <p> <img src="graphics/general/login_button.jpg" width="150" height="28" alt="login"></p></form> </div> </div> <?php include("includes/footer.inc"); ?> </div> </body> </html> Here's a copy of the auth.php script: Which is called by the above. <?php if (isset($_POST['username']) && isset($_POST['password'])) { $db = mysql_connect('localhost', 'example', 'example') or die("Couldn't connect to the database<br>" . mysql_error()); mysql_select_db('example', $db) or die("Couldn't select<br>" . mysql_error()); $login = mysql_real_escape_string($_POST['username'], $db); $password = mysql_real_escape_string($_POST['password'], $db); $query = "SELECT privilage FROM auth WHERE login = '$login' AND password = '$password'"; $result = mysql_query($query, $db) or die("Problem with the query: $query<br>" . mysql_error()); if (0 === mysql_num_rows($result)) { header('Location: ../../index.php'); exit(0); } $row = mysql_fetch_assoc($result); $privilage = $row['privilage']; session_start(); $_SESSION['username'] = $login; $_SESSION['privilage'] = $privilage; if ('receptionist' === $privilage) { header('Location: ../../receptionists/index.php'); exit(0); } if ('manager' === $privilage) { header('Location: ../../managers/index.php'); exit(0); } if ('administrator' === $privilage) { header('Location: ../../admin/index.php'); exit(0); } } ?> This is my present cookie information: Name PHPSESSID Value p2r4il0jeadghdoa7h4hb7uku5 Host www.example.com Path / Secure No Expires At End Of Session This is one of many pages I would like to secure: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Concierge Admin Index</title> <link href="../includes/primary_layout.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <div id="large-blue-box"> <div id="form1"> <!-- <?php include("../includes/footer.inc"); ?> I would like to make all the below code an include --> <p><img src="../graphics/general/ai_banner.gif" alt="" width="180" height="28" /></p> <p><a href="concierge-setup.php"><img src="../graphics/general/concierge-setup_button.gif" width="180" height="28" /></a></p> <p><a href="accommodation.php"><img src="../graphics/general/accomodate_button.gif" width="180" height="28" /></a></p> <p><a href="general-log.php"><img src="../graphics/general/gen-log_button.gif" width="180" height="28" /></a></p> <p><a href="../index.php"><img src="../graphics/general/lo_button.gif" alt="" width="180" height="28" /></a></p> </div> <div id="form2"> <p><img src="../graphics/general/man_index_banner.gif" width="180" height="28" /></p> <p><a href="staff_management.php"><img src="../graphics/general/sm_button.gif" width="180" height="28" /></a></p> <p><a href="bed_management.php"><img src="../graphics/general/bm_button.gif" width="180" height="28" /></a></p> <p><a href="audit_system.php"><img src="../graphics/general/as_button.gif" width="180" height="28" /></a></p> <p><a href="shift_summary.php"><img src="../graphics/general/shift-summary_button.gif" width="180" height="28" /></a></p> </div> <div id="form3"> <p><img src="../graphics/general/recep_banner.gif" width="180" height="28" /></p> <p><a href="check-in-out_index.php"><img src="../graphics/general/check-inout_button.gif" width="180" height="28" /></a></p> <p><a href="delinquent_payments.php"><img src="../graphics/general/delinquent-payments_button.gif" width="180" height="28" /></a></p> <p><a href="reservations.php"><img src="../graphics/general/reservations_button.gif" width="180" height="28" /></a></p> <p><a href="misc_index.php"><img src="../graphics/general/miscellaneous_button.gif" width="180" height="28" /></a></p> </div> </div> <?php include("../includes/footer.inc"); ?> </div> </body> </html>

Here's a copy of my present authentication form: index.php <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Login</title> <link href="includes/primary_layout.css" rel="stylesheet" type="text/css" /> <!--[if IE]><style type="text/css">body { text-align: center; } #small-blue-box { text-align: left; }</style><![endif]--> <link href="../includes/primary_layout.css" rel="stylesheet" type="text/css" /> </head> <body onLoad="document.getElementById('account').focus()"> <div id="text"> <div id="wrapper"> <div id="small-blue-box"> <div id="form0"> <form action="scripts/authenticate/auth.php" method="POST"> <!-- This is the beggining of the authentication addition --> <!-- This is the end of the authentication addition --> <div> <div align="center"><img src="graphics/general/concierge_banner.gif" width="180" height="28">Account: <input name="account" type="text" id="account" value="info@example.com" size="20"> </div> </div> <div> <div align="center">Username: <input name="username" type="text" id="username" size="20"> </div> </div> <div> <label for="password"> <div align="center">Password: <input name="password" type="password" id="password" size="20"> </div> </div> <p align="center"> <input type="image" src="graphics/general/login_button.jpg" onClick="document.submit();> <p> <img src="graphics/general/login_button.jpg" width="150" height="28" alt="login"></p></form> </div> </div> <?php include("includes/footer.inc"); ?> </div> </body> </html> Here's a copy of the auth.php script: Which is called by the above. <?php if (isset($_POST['username']) && isset($_POST['password'])) { $db = mysql_connect('localhost', 'example', 'example') or die("Couldn't connect to the database<br>" . mysql_error()); mysql_select_db('example', $db) or die("Couldn't select<br>" . mysql_error()); $login = mysql_real_escape_string($_POST['username'], $db); $password = mysql_real_escape_string($_POST['password'], $db); $query = "SELECT privilage FROM auth WHERE login = '$login' AND password = '$password'"; $result = mysql_query($query, $db) or die("Problem with the query: $query<br>" . mysql_error()); if (0 === mysql_num_rows($result)) { header('Location: ../../index.php'); exit(0); } $row = mysql_fetch_assoc($result); $privilage = $row['privilage']; session_start(); $_SESSION['username'] = $login; $_SESSION['privilage'] = $privilage; if ('receptionist' === $privilage) { header('Location: ../../receptionists/index.php'); exit(0); } if ('manager' === $privilage) { header('Location: ../../managers/index.php'); exit(0); } if ('administrator' === $privilage) { header('Location: ../../admin/index.php'); exit(0); } } ?> It seems that now I am getting an error in my browser saying: The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete. * This problem can sometimes be caused by disabling or refusing to accept cookies. This is my present cookie information: * about:neterror?e=redirectLoop&u=http%3A//localhost/concierge/admin/index.php&c=UTF-8&d=Firefox%20has%20detected%20that%20the%20server%20is%20redirecting%20the%20request%20for%20this%20address%20in%20a%20way%20that%20will%20never%20complete. 1 cookie Name PHPSESSID Value p2r4il0jeadghdoa7h4hb7uku5 Host www.example.com Path / Secure No Expires At End Of Session Yes it looks like it is looping. I have tried everything I can regarding making changes to the path's to no avail. Here is also a pic of my mySQL db schema. See attached: schema.jpg [attachment deleted by admin]

What I have, and what I am trying to achieve. I have a web app that I created and seemed to work about 7 years ago. However I rebuilt the app using css, as it had been using html tables prior. And now it seems that I have some kind of problem locking an authenticated user into his own account. If you manually alter the URL you can now get into the other account folders. (This I obviously don't want) I have a regular 'index.php' form. Here is the relevant code in that form. form action="scripts/authenticate/auth.php" method="POST"> Account: <input name="account" type="text" id="account" value="info@example.com" Username: <input name="username" type="text" id="username" size="20"> Password: <input name="password" type="password" id="password" size="20"> Here is the auth.php script <?php if (isset($_POST['username']) && isset($_POST['password'])) { $db = mysql_connect('localhost', 'example', 'example') or die("Couldn't connect to the database<br>" . mysql_error()); mysql_select_db('example', $db) or die("Couldn't select<br>" . mysql_error()); $login = mysql_real_escape_string($_POST['username'], $db); $password = mysql_real_escape_string($_POST['password'], $db); $query = "SELECT privilage FROM auth WHERE login = '$login' AND password = '$password'"; $result = mysql_query($query, $db) or die("Problem with the query: $query<br>" . mysql_error()); if (0 === mysql_num_rows($result)) { header('Location: ../../index.php'); exit(0); } $row = mysql_fetch_assoc($result); $privilage = $row['privilage']; session_start(); $_SESSION['username'] = $login; $_SESSION['privilage'] = $privilage; if ('receptionist' === $privilage) { header('Location: ../../receptionists/index.php'); exit(0); } if ('manager' === $privilage) { header('Location: ../../managers/index.php'); exit(0); } if ('administrator' === $privilage) { header('Location: ../../admin/index.php'); exit(0); } } ?> This seems to create a cookie in my browser, here are the cookie details. Name PHPSESSID Value p2r4il0jeadghdoa7h4hb7uku5 Host www.example.com Path / Secure No Expires At End Of Session The really is nothing else in the pages, I do believe I should have something starting with: session_start(); at the top of every page, so's to check the cookie? I have also included a graphic of my mySQL db schema. Please see atached. schema.jpg The have been a number of suggestions that I have tried that do not seem to work. Please anyone with a good knowledge of this area please help me. I am almost at my wits end. Thank you. Also if your going to reply please keep it easy as this is just a part time hobby to me. [attachment deleted by admin]

It's kinda working, the URL of the page I want to go to is coming up in the address bar. But the page is not coming up. (The same page I am trying to get to via the authentication dialog I have embedded the included php code into the head of) This is all getting rather convoluted. Is the an easy way to embed a little code in each page that I want a registered user to be able to visit. Those who did not log in with the correct credentials cannot see these pages. I am trying to create a hierarchical login/authentication system that uses mySQL on the backend for user/password approval. Certain users with certain privileges can only see certain documents. The system I had, did work at some point many years ago, however it is now broken. <?php session_start(); if (! isset($_SESSION['privilage'])) { // User not logged in header('Location: ../index.php'); exit(0); } $privilage = $_SESSION['privilage']; if ($privilage != 'receptionist') { // or what ever directory this page is in if ('receptionist' === $privilage) { header('Location: ../receptionists/index.php'); exit(0); } if ('manager' === $privilage) { header('Location: ../managers/index.php'); exit(0); } if ('administrator' === $privilage) { header('Location: ../admin/index.php'); exit(0); } } ?>

Thank you for you help however I changed // This Line if (! isset$_SESSION['privilage'])) { // User not logged in // Should actually be if (! isset$_SESSION['privilage']) { // User not logged in and still seem to get an error PHP Parse error: parse error, expecting `'('' in The document is a php document 'index.php' And I tried wrapping the code in php tags and without php tags as an experiment <?php session_start(); if (! isset$_SESSION['privilage']) { // User not logged in header('Location: ../index.php'); exit(0); } $privilage = $_SESSION['privilage']; if ($privilage != 'receptionist') { // or what ever directory this page is in if ('receptionist' === $privilage) { header('Location: ../receptionists/index.php'); exit(0); } if ('manager' === $privilage) { header('Location: ../managers/index.php'); exit(0); } if ('administrator' === $privilage) { header('Location: ../admin/index.php'); exit(0); } } ?>

I tried both pieces of code just about everywhere, above the <html> above the <head> above the <body> in the <head> in the <body> always the same thing: Parse error: parse error, expecting `'('' in .... Path to do web doc

Mmmm. what do you mean <at the top of each page>? At the very top? You mean line 1. above the <html><head> Also, how could I change the names of the folders? I am happy to do this if it makes things easier. Also I tried to put my code in tag's and it didn't seem to work. How do you do this exactly? Sorry for my ignorance I am pretty new to this. I just figured out in the last couple of day's how to use css div tags for placement. Thanks in advance for any help offered.

I have a php mySQL authentication script setup, that should allow different users to go into different directory's. The problem is users just by manipulating the URL can hop directory's. I want to be able to lock users into their respective directory. I believe this can be done with session cookies, however I am a bit lost. Any help greatly appreciated. Here's a copy of my authentication script: <php> <?php if (isset($_POST['username']) && isset($_POST['password'])) { $db = mysql_connect('localhost', 'example', 'example') or die("Couldn't connect to the database<br>" . mysql_error()); mysql_select_db('example', $db) or die("Couldn't select<br>" . mysql_error()); $login = mysql_real_escape_string($_POST['username'], $db); $password = mysql_real_escape_string($_POST['password'], $db); $query = "SELECT privilage FROM auth WHERE login = '$login' AND password = '$password'"; $result = mysql_query($query, $db) or die("Problem with the query: $query<br>" . mysql_error()); if (0 === mysql_num_rows($result)) { header('Location: ../../index.php'); exit(0); } $row = mysql_fetch_assoc($result); $privilage = $row['privilage']; session_start(); $_SESSION['username'] = $login; $_SESSION['privilage'] = $privilage; if ('receptionist' === $privilage) { header('Location: ../../receptionists/index.php'); exit(0); } if ('manager' === $privilage) { header('Location: ../../managers/index.php'); exit(0); } if ('administrator' === $privilage) { header('Location: ../../admin/index.php'); exit(0); } } ?>

I seem to be a bit stuck with the below code. I am not sure where I should put it in the run of things. I ended up putting it in a separate auth_check.inc. Then tried to include it in some of my pages. <?php include("../includes/auth_check.inc"); ?> But it doesn't seem to work. if (empty($_SESSION['login']) || empty($_SESSION['privilage'])) { header('Location: ../../index.php');//this path may be incorrect, please correct exit(0); }

Is it possible to use an entire div layer as an active link?

I am so sorry ignace, the thing is, I don't remember touching the auth.php script at all. I figured that was fine and working ok. The only changes I remember making where to the index.php form layout. Weird! Thanks again, I am such a duffus! Maybe you can help me with this, how do you enter code in those little scrolling windows on the phpfreaks site?

1, I have somehow messed up my auth page/script again. I changed the default login button for a custom graphic/button that could be used on a touch screen. (I think this is ok) I also added an additional input field (I think this is where the problem is). I don't really need the field to work at the moment, but I will be introducing it at some point and would like it at least to be a visual representation of a future feature. 2, How do I add script's and code to PHPfreaks in that little scrollable window as Posted by: ignace. earlier. Here is my authentication dialog page. <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Onina Concierge Login</title> <style type="text/css"> #blue-box { position: relative; width: 384px; height: 357px; margin: 0 auto; background-image: url(graphics/small_backdrop.jpg); color: #FFF; font-family: Helvetica, Arial, Verdana, sans-serif; } form { position: absolute; top: 143px; left: 182px; margin-top: -55px; margin-left: -65px; width: 145px; height: 149px; } form label { font-weight: bold; } </style> <!--[if IE]><style type="text/css">body { text-align: center; } #blue-box { text-align: left; }</style><![endif]--> </head> <body onLoad="document.getElementById('account').focus()"><div id="blue-box"> <form action="scripts/authenticate/auth.php" method="POST"> <div> <label for="username">Account:</label> <input type="text" id="account" name="account"> </div> <div> <label for="username">Username:</label> <input type="text" id="username" name="username"> </div> <div> <label for="password">Password:</label> <input type="password" id="password" name="password"> </div> <p> <input type="image" src="graphics/general/login_button.jpg" onClick="document.submit();> <p><img src="graphics/general/login_button.jpg" width="150" height="28" alt="login"> </p> </p></form> </div> <div style="text-align:center">Concierge system powered by <a href="http://www.onina.net/onina/public_html2/">Onina</a><a href="#"></a></div> </body> </html> Here is my auth.php script. <?php if (isset($_POST['submit'])) { $db = mysql_connect('localhost', 'example', 'example') or die("Couldn't connect to the database<br>" . mysql_error()); mysql_select_db('concierge', $db) or die("Couldn't select<br>" . mysql_error()); $login = mysql_real_escape_string($_POST['username'], $db); $password = mysql_real_escape_string($_POST['password'], $db); $query = "SELECT privilage FROM auth WHERE login = '$login' AND password = '$password'"; $result = mysql_query($query, $db) or die("Problem with the query: $query<br>" . mysql_error()); if (0 === mysql_num_rows($result)) { header('Location: ../../index.php'); exit(0); } $row = mysql_fetch_assoc($result); $privilage = $row['privilage']; session_start(); $_SESSION['username'] = $login; $_SESSION['privilage'] = $privilage; if ('receptionist' === $privilage) { header('Location: ../../employees/receptionist/index2.htm'); exit(0); } if ('manager' === $privilage) { header('Location: ../../employees/managers/index1.htm'); exit(0); } if ('administrator' === $privilage) { header('Location: ../../admin/index.php'); exit(0); } } ?>

I done it again, I wanted to use a graphic instead of a normal form submit button, and I also wanted to add an additional 'Account' field to the form. The Account field is not actually being processed on the back end as of yet. Is it possible to get this script working and logging in despite the additional field? <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Concierge Login</title> <style type="text/css"> #blue-box { position: relative; width: 384px; height: 357px; margin: 0 auto; background-image: url(graphics/small_backdrop.jpg); color: #FFF; font-family: Helvetica, Arial, Verdana, sans-serif; } form { position: absolute; top: 143px; left: 182px; margin-top: -55px; margin-left: -65px; width: 145px; height: 149px; } form label { font-weight: bold; } </style> <!--[if IE]><style type="text/css">body { text-align: center; } #blue-box { text-align: left; }</style><![endif]--> </head> <body onLoad="document.getElementById('account').focus()"><div id="blue-box"> <form action="scripts/authenticate/auth.php" method="POST"> <div> <label for="username">Account:</label> <input type="text" id="account" name="account"> </div> <div> <label for="username">Username:</label> <input type="text" id="username" name="username"> </div> <div> <label for="password">Password:</label> <input type="password" id="password" name="password"> </div> <p> <input type="image" src="graphics/general/login_button.jpg" onClick="document.submit();> <p><img src="graphics/general/login_button.jpg" width="150" height="28" alt="login"> </p> </p></form> </div> <div style="text-align:center">Concierge system powered by <a href="http://www.">Oninka</a><a href="#"></a></div> </body> </html>

Just out of interest, does anyone use an IDE for css and php and if so which one?

Wowser! Well the Flemish have my vote. I totally love the Askmen webmag, I was just reading it the other day. London was number 5, New York number 1. Both I have lived in and didn't really like. I didn't see Brussels, Liverpool or New Orleans. Oh well! I was trying to think of a different way to represent the buttons on the Concierge project. If you log in, you will see a rather goofy looking table with some button graphics. I want buttons that will be easy to press with a finger on a touch screen. I was wondering if I used the same graphic with no text on it for the buttons and overlay the text with css. Therefor the page would load faster as the graphic would be cached and the text would be super fast. I would use the same backdrop as the authentication screen.

I guess your not a Walloon! I just quickly researched Walloons, you would be Flemish, I never could quite figure it out. Just like PHP and CSS. LOL I remember a lot of Graffiti in Brussels whilst I was there referring to the different sides to the Belgian cultures. In the UK, I guess we just have football teams that hate one another. Lol, never really my thing. Again I really do appreciate all the help you have given me.

Please excuse me if I am wrong, but you would be a Walloon? Whatever you are you have been very kind and very helpful, thank you so very much! Did you log into the site? I think I am starting to get a grasp of css. Although I am cheating a little as I am also using Dreamweaver.

That's all we get here. See graphic... I am originally from just outside of Liverpool in the UK, but now live in New Orleans, USA. I did once live in Bruxelles about 20 years ago. I do love Belgium. [attachment deleted by admin]

Sory n000bie, I didn't answer your question. I made the site a long time ago before I became aware of css. Using a bunch of small graphics surrounding a table just seemed like the best way to go at the time.

Mmmm, we don't seem to get that feature here on the U.S version of Google. But I do see what you are saying in regards to a Java keyboard. I looked all over for the code but don't seem to of done so well so far. I like it though! Thanks for the heads up

Last thing is first: A Java keyboard. You say I can create one using JS, just take a look at google.com click the little keyboard in the search bar. I don't seem to have a little keyboard in my search bar. Actually which search bar are you talking about. I have a Google search bar built into my Firefox browser or the search input box when I pull up the Google web site?