SalientAnimal

I have cleared browser history twice now, closed everything. And reopened the files, made sure the correct ones were edited etc. I even viewed the source code and the correct source code is showing. But like I say, with it directing to the incorrect page, I don't even know if the page is being processed correctly, and if the code is correct or not.

I removed the redirect from my code but I still get the same error. IE does not return any error, it just hangs in a continuous looping saying 'Waiting for localhost' In Firefox, I immediately go to a page that says " The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete." What I'm not sure about though, is if my page might be using the old outdate "post" page because when I hit submit I have the incorrect post page appearing in my address bar. To try fix this, I have tried restarting the server, clearing my browser cache, as well as restarting, apache, and MySQL. But it still runs the incorrect post page.

And just to be correct on this, for the function to work, you need to call? The I ask is because I do have one srtlen function, but this is for the token generation I want to implement later.

This might be a really silly question, but what function will count the number of characters in a string? Cause that's basically what it is doing. It's not a major concern for me right now and I can learn to live with it, but it would be a nice fix.

This is the output file: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <!-- HEADER CONTENT OF PAGE - THIS CONTAINS ALL SCRIPT, CSS, AND META TAG RELATED INFORMATION FOR THE WEBPAGE --> <?php printf("%d Records have been added, please wait to be re-directed.\n", $insert_stmt->affected_rows); include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; include_once 'includes/session_management.php'; ?> <!-- INCLUDE THE HEADER INFORMATION. AN EXTERNAL SHEET HAS BEEN CREATED TO STORE ALL THE FORMATTING --> <head> <title>Altech Autopage - Premier Viewer</title> <script language="javascript"> setTimeout(function () { window.location.href = "http://localhost/walkin_form.php" }, 3000); </script> <meta http-equiv="refresh" content="5;url=http://localhost/walkin_form.php"> </head> </html>

Thanks for this, I am going to take a look at your tutorial. I'm always looking to learn more where I can. Seems my site's menus are giving me loads of problems.

Hi there, can anyone tell me why this query would not run? <?php include_once '../includes/db_connect.php'; include_once '../includes/functions.php'; include_once '../includes/session_management.php'; $error_msg = ""; // create string of queries separated by ; $query = "UPDATE members SET level = $level WHERE user_id = ?"; var_dump($_POST);exit; $query .= "INSERT INTO members_info ( id , fname , known_as , lname , gender , race , start_date , department , level , msisdn , dob , details , emergency_contact , emergency_msisdn ) VALUES ( '$user_id' , '$fname' , '$known_as' , '$lname' , '$gender' , '$race' , '$start_date' , '$department' , '$level' , '$msisdn' , '$dob' , '$details' , '$emergency_contact' , '$emergency_msisdn' );"; // execute query - $result is false if the first query failed $result = mysqli_multi_query($mysqli, $query); if ($result) { do { // grab the result of the next query if (($result = mysqli_store_result($mysqli)) === false && mysqli_error($mysqli) != '') { echo "Query failed: " . mysqli_error($mysqli); } } while (mysqli_more_results($mysqli) && mysqli_next_result($mysqli)); // while there are more results { //var_dump($_POST);exit; header('Location: ../error.php?err=Registration failure: INSERT'); exit; } include "../success.html"; exit; } else { echo "Update Query Failed..." . mysqli_error($mysqli); } In IE it just seems to keep running and in Firefox I get a message saying "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

What information do you have in your include_once '../includes/db_connect.php'; because it appears as if you are duplicating your connection to your database.

Hi All, I have a bit of a problem with the site I have been working on. Originally I built it on my laptop, to later transfer over onto the "Intranet" server. On my laptop, everything was working perfectly and as intended. I then transferred it onto the server and when testing on the server it works perfectly as well. I then access the server using the web address and on Firefox it works perfectly, however on IE my slide down panel does not work. The slide down panel is where a user would login / register, so with that not working they aren't even able to register / login Here is the code of my index page, as I am not sure what other code to provide you with, maybe you can request any other info you would like to see? <!-- INCLUDING REQUIRED AUTHENTICATION FILES, DATABASE CONNECTIONS, FUNCTIONS. --> <?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; include_once 'includes/register.inc.php'; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <!-- HEADER CONTENT OF PAGE - THIS CONTAINS ALL SCRIPT, CSS, AND META TAG RELATED INFORMATION FOR THE WEBPAGE --> <head> <title>TechDesignLab - Tracking Utility</title> <?php include 'includes/formatting.php'; ?> </head> <!-- BODY CONTENT OF THE WEBPAGE - THIS IS HOW THE PAGE WILL BE DISPLAYED TO THE USER --> <body> <!-- LOGIN / DROP DOWN PANEL START --> <?php if (login_check($mysqli) == true) : ?> <!-- LEFT SECTION OF THE LOGIN PANEL IS DEFINED HERE. THE SECTION BELOW IS WHAT WILL BE SEEN BY USERS WHO ARE LOGGED IN--> <div id="toppanel"> <div id="panel"> <div class="content clearfix"> <div class="left"> <h1>TechDesignLab Tracker Utility</h1> <h2>Welcome <?php echo htmlentities($_SESSION['username']); ?></h2> <!--<h2>You are currently logged <?php echo $logged?>.</h2><br> --> <p class="grey">You can put anything you want in this sliding panel: videos, audio, images, forms... The only limit is your imagination!</p> <h2>TechDesignLab Website</h2> <p class="grey">Click the link <a href="http://www.TechDesignLab.co.za" title="TechDesignLab Website">to visit the TechDesignLab Website »</a></p> </div> <div class="left"> <?php if (isset($_GET['error'])) { echo '<p class="error">Error Logging In! Please verify that you are using the correct username and password combination.</p>'; } ?> <!-- MIDDLE SECTION OF THE SLIDING PANEL - CONTROLS THE LOGIN OF A USER --> <form class="clearfix" action="includes/logout.php" method="post" name="logout_form"> <h1>Agent Logout</h1> <p class="grey">Click on the button to logout.</p> <div class="clear"></div> <input type="button" value="Logout" class="bt_login" onclick="form.submit()"/> </form> </div> <!-- RIGHT SECTION OF THE SLIDING PANEL - CONTROLS THE REGISTRATION OF A USER --> <div class="left"> <?php if (isset($_GET['error'])) { echo '<p class="error">Error Logging In! Please verify that you are using the correct username and password combination.</p>'; } ?> <!-- FAR RIGHT PANNEL - LOGS USERS OUT OF THE SYSTEM. --> <form class="clearfix" action="includes/logout.php" method="post" name="logout_form"> <h1>Agent Logout</h1> <p class="grey">Will add some nice information over here.</p> </form> </div> </div> </div> <!-- LOGIN AND REGISTRATION END --> <!-- DETAILS TO CONFIGURE THE LOGIN TAB --> <div class="tab"> <ul class="login"> <li class="left"> </li> <li>Nice to see you again</li> <li class="sep">|</li> <li id="toggle"> <a id="open" class="open" href="#"><?php echo htmlentities($_SESSION['username']);?>!</a> <a id="close" style="display: none;" class="close" href="#">Close Panel</a> </li> <li class="right"> </li> </ul> </div> <!-- / top --> </div> <!--panel --> <!-- LEFT SECTION OF THE LOGIN PANEL IS DEFINED HERE. THE SECTION BELOW IS WHAT WILL BE SEEN BY USERS WHO ARE NOT LOGGED IN--> <?php else : ?> <div id="toppanel"> <div id="panel"> <div class="content clearfix"> <!-- LEFT SECTION OF THE LOGIN PANEL IS DEFINED HERE. --> <div class="left"> <h1>TechDesignLab Tracker Utility</h1> <h2>You need to be logged in to view this content</h2> <p class="grey">You can put anything you want in this sliding panel: videos, audio, images, forms... The only limit is your imagination!</p> <h2>TechDesignLab Website</h2> <p class="grey">Click the link <a href="http://www.TechDesignLab.co.za" title="TechDesignLab Website">to visit the TechDesignLab Website »</a></p> </div> <div class="left"> <?php if (isset($_GET['error'])) { echo '<p class="error">Error Logging In! Please verify that you are using the correct username and password combination.</p>'; } ?> <!-- MIDDLE SECTION OF THE SLIDING PANEL - CONTROLS THE LOGIN OF A USER --> <form class="clearfix" action="includes/process_login.php" method="post" name="login_form"> <h1>Agent Login</h1> <form action="includes/process_login.php" method="post" name="login_form"> <label class="grey" for="username">Username:</label> <input class="field" type="text" name="username" id="username" value="" size="23"/> <label class="grey" for="password">Password:</label> <input class="field" type="password" name="password" id="password" size="23"/> <div class="clear"></div> <input type="button" value="Login" class="bt_login" onclick="formhash(this.form, this.form.password);"/> <a class="lost-pwd" href="#">Lost your password?</a> </form> </div> <!-- RIGHT SECTION OF THE SLIDING PANEL - CONTROLS THE REGISTRATION OF A USER --> <div class="left right"> <?php if (!empty($error_msg)) { echo $error_msg; } ?> <h1>New Agent Registration</h1> <form action="<?php echo esc_url($_SERVER['PHP_SELF']); ?>" method="post" name="registration_form"> <label class="grey" for="signup">Username:</label> <input class="field" type='text' name='username' id='username' value="" size="23"/> <label class="grey" for="email">Email:</label> <input class="field" type="text" name="email" id="email" size="23"/> <label class="grey" for="password">Password:</label> <input class="field" type="password" name="password" id="password"/><br> <label class="grey" for="password">Confirm Password:</label> <input class="field" type="password" name="confirmpwd" id="confirmpwd"/><br> <input class="bt_register" type="button" value="Register" onclick="return regformhash(this.form, this.form.username, this.form.email, this.form.password, this.form.confirmpwd);"/> </form> </div> </div> </div> <!-- LOGIN AND REGISTRATION END --> <!-- DETAILS TO CONFIGURE THE LOGIN TAB --> <div class="tab"> <ul class="login"> <li class="left"> </li> <li><span class="error">Click here to</span></li> <li class="sep">|</li> <li id="toggle"> <a id="open" class="open" href="#">Log In / Register</a> <a id="close" style="display: none;" class="close" href="#">Close Panel</a> </li> <li class="right"> </li> </ul> </div> <!-- / top --> </div> <!--panel --> <?php endif; ?> <div id="container"> <div id="content" style="margin-top:-45px;"> <img src="images/logo.png" alt="TechDesignLab"></img> <h1>Auxilium</h1> <h2>TechDesignLab - About Us</h2> <p>Company Overview</p> <p class="highlight"></p> <p>Company Profile </p> </div><!-- / content --> </div><!-- / container --> <div id="container"> <div id="footer" style="margin-top:10px;"> <footer style="background:#E5E5E5; height:20px"> <p>Copyright © TechDesignLab 2014 | <a href="mailto:leon.laassen@TechDesignLab.TechDesignLab.co.za">Contact Us</a>.</p> <img src="images/altron-footer-logo.png" alt="Altron Footer Logo" align="left"></img> <img src="images/TechDesignLab_bbbee.png" alt="TechDesignLab Level 2 BBEE" align="left"></img> </footer> </div><!-- / footer --> </div><!-- / container --> </body> </html> FUNCTIONS PAGE <!-- includes/functions.php --> <!-- ERROR CHECKING FUNCTIONS - ADD TO PAGES TO CHECK FOR POSSIBLE ERRORS var_dump(login_check($mysqli)); var_dump($_SESSION); exit; var_dump($_POST);exit; --> <?php include_once 'psl-config.php'; function sec_session_start() { $session_name = 'sec_session_id'; // Set a custom session name $secure = SECURE; // This stops JavaScript being able to access the session id. $httponly = true; // Forces sessions to only use cookies. if (ini_set('session.use_only_cookies', 1) === FALSE) { header("Location: ../error.php?err=Could not initiate a safe session (ini_set)"); exit(); } // Gets current cookies params. $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); // Sets the session name to the one set above. session_name($session_name); session_start(); // Start the PHP session session_regenerate_id(); // regenerated the session, delete the old one. } function login($email, $password, $mysqli) { // Using prepared statements means that SQL injection is not possible. if ($stmt = $mysqli->prepare("SELECT id, username, password, email, level, salt FROM members WHERE username = ? LIMIT 1")) { $stmt->bind_param('s', $email); // Bind "$email" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); // get variables from result. $stmt->bind_result($user_id, $username, $db_password, $email, $level, $salt); $stmt->fetch(); // hash the password with the unique salt. $password = hash('sha512', $password . $salt); if ($stmt->num_rows == 1) { // If the user exists we check if the account is locked // from too many login attempts if (checkbrute($user_id, $mysqli) == true) { // Account is locked // Send an email to user saying their account is locked return false; } else { // Check if the password in the database matches // the password the user submitted. if ($db_password == $password) { // Password is correct! // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; // XSS protection as we might print this value $user_id = preg_replace("/[^0-9]+/", "", $user_id); $_SESSION['user_id'] = $user_id; // XSS protection as we might print this value $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $password . $user_browser); $_SESSION['email'] = $email; $_SESSION['level'] = $level; $_SESSION['session_status'] = $session_status; $mysqli->query("SELECT * FROM login_success WHERE user_id = '$user_id'"); if (mysql_num_rows($mysqli) > 0) { $mysqli->query("UPDATE login_success SET time = NOW() WHERE user_id = '$user_id'"); } else { $mysqli->query("INSERT INTO login_success(user_id, time) VALUES ('$user_id', now()"); } //UPDATE login_success SET time = now() where user_id = '$user_id'"); // Login successful. return true; } else { // Password is not correct // We record this attempt in the database //$now = time(); $mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id', now())"); return false; } } } else { // No user exists. return false; } } } function checkbrute($user_id, $mysqli) { // Get timestamp of current time $now = time(); // All login attempts are counted from the past 2 hours. $valid_attempts = $now - (2 * 60 * 60); if ($stmt = $mysqli->prepare("SELECT time FROM login_attempts <code><pre> WHERE user_id = ? AND time > '$valid_attempts'")) { $stmt->bind_param('i', $user_id); // Execute the prepared query. $stmt->execute(); $stmt->store_result(); // If there have been more than 5 failed logins if ($stmt->num_rows > 5) { return true; } else { return false; } } } function login_check($mysqli) { // Check if all session variables are set if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'], $_SESSION['email'], $_SESSION['level'] //$_SESSION['session_status'] )) { $user_id = $_SESSION['user_id']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; $email = $_SESSION['email']; $level = $_SESSION['level']; //$status = $_SESSON['session_status']; // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { // Bind "$user_id" to parameter. $stmt->bind_param('i', $user_id); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { // If the user exists get variables from result. $stmt->bind_result($password); $stmt->fetch(); $login_check = hash('sha512', $password . $user_browser); if ($login_check == $login_string) { // Logged In!!!! //echo 'logged in'; return true; } else { // Not logged in echo 1; return false; } } else { // Not logged in echo 2; return false; } } else { // Not logged in echo 3; return false; } } else { // Not logged in //echo 4; return false; } } function esc_url($url) { if ('' == $url) { return $url; } $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); $strip = array('%0d', '%0a', '%0D', '%0A'); $url = (string) $url; $count = 1; while ($count) { $url = str_replace($strip, '', $url, $count); } $url = str_replace(';//', '://', $url); $url = htmlentities($url); $url = str_replace('&', '&', $url); $url = str_replace("'", ''', $url); if ($url[0] !== '/') { // We're only interested in relative links from $_SERVER['PHP_SELF'] return ''; } else { return $url; } } function crypto_rand_secure($min, $max) { $range = $max - $min; if ($range < 0) return $min; // not so random... $log = log($range, 2); $bytes = (int) ($log / + 1; // length in bytes $bits = (int) $log + 1; // length in bits $filter = (int) (1 << $bits) - 1; // set all lower bits to 1 do { $rnd = hexdec(bin2hex(openssl_random_pseudo_bytes($bytes))); $rnd = $rnd & $filter; // discard irrelevant bits } while ($rnd >= $range); return $min + $rnd; } function getToken($length=32){ $token = ""; $codeAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $codeAlphabet.= "abcdefghijklmnopqrstuvwxyz"; $codeAlphabet.= "0123456789"; for($i=0;$i<$length;$i++){ $token .= $codeAlphabet[crypto_rand_secure(0,strlen($codeAlphabet))]; } return $token; } /* RESTRICTED ACCESS LEVEL MANAGEMENT */ function checkLoginLevel() { $allowed = array( '0' => array('register.info.php','index.php','index.html'), /* NEW REGISTRATION ACCESS LEVELS */ '1' => array('register.info.php','index.php','index.html','home.php','walkin_form.php','walkin_delete.php'), /* ACCESS LEVELS FROM RECEPTION */ '2' => array('register.info.php','index.php','index.html','home.php','first-page.php'), '3' => array('register.info.php','index.php','index.html','home.php','first-page.php', 'second-page.php'), '4' => array('register.info.php','index.php','index.html','home.php','premier_form.php', 'second-page.php', 'third-page.php'), /* SUPERVISOR ACCESS LEVELS */ '99' => true, /* ADMINISTRATION ACCESS LEVELS */ ); if(!isset($allowed[$_SESSION['level']])) { echo 'Your access level has not been set. Please return to the Login / Registration Page.'; exit; } if($_SESSION['level'] == 0) { header('Location:register.info.php'); exit; } if(is_array($allowed[$_SESSION['level']])) { $file = $_SERVER["PHP_SELF"]; $file = explode('/', $file); $file = end($file); if(!in_array($file, $allowed[$_SESSION['level']])) { echo 'You are not authorised to view this page. Please contact your manager to have your access level adjusted'; exit; } } if(is_bool($allowed[$_SESSION['level']])) { // you're allowed; } } FORMATTING PAGE: <link rel="shortcut icon" href="../favicon.ico?v=2"/> <meta name="description" content="Altech Autopage - Tracker Login Page" /> <meta name="keywords" content="login, register, login page, techdesignlab, tech design lab, computer, components, hardware, software, peripherals" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <!-- REFERNCE TO MAIN CORE OF jQUERY SCRIPT --> <script src="js/jquery-2.0.3.min.js" type="text/javascript"></script> <!-- REFERNCE TO MAIN CORE OF jQUERY SCRIPT OLD jQUERY SCRIPT <script src="js/jquery-1.3.2.min.js" type="text/javascript"></script> --> <!-- FORM FUNCTIONS - ACCORDION MENU jQUERY --> <script src="js/accordion.js" type="text/javascript"></script> <!-- MENU SLIDE EFFFECT --> <script src="js/slide.js" type="text/javascript"></script> <!-- SHA512 PASSWORD ENCRIPTION ALGORYTHM --> <script src="js/sha512.js" type="text/javascript"></script> <!-- FORM FUNCTIONS --> <script src="js/forms.js" type="text/javascript"></script> <!-- EXTERNAL SOURCE FOR jQUERY --> <!-- <script src="http://code.jquery.com/jquery-1.10.1.min.js"></script> <script src="http://code.jquery.com/jquery-migrate-1.2.1.min.js"></script> --> <!-- CALENDAR SETTINGS --> <!-- <link rel="stylesheet" href="datepicker/css/reset.css" type="text/css"> --> <link rel="stylesheet" href="datepicker/css/metallic.css" type="text/css"> <link rel="stylesheet" href="datepicker/css/style.css" type="text/css"> <link type="text/css" rel="stylesheet" href="datepicker/css/shCoreDefault.css"> <script type="text/javascript" src="datepicker/javascript/XRegExp.js"></script> <script type="text/javascript" src="datepicker/javascript/shCore.js"></script> <script type="text/javascript" src="datepicker/javascript/shLegacy.js"></script> <script type="text/javascript" src="datepicker/javascript/shBrushJScript.js"></script> <script type="text/javascript" src="datepicker/javascript/shBrushXML.js"></script> <script type="text/javascript" src="datepicker/javascript/zebra_datepicker.js"></script> <script type="text/javascript" src="datepicker/javascript/core.js"></script> <script type="text/javascript"> SyntaxHighlighter.defaults['toolbar'] = false; SyntaxHighlighter.all(); </script> <!-- REFERENCING FOR ALL STYLE SHEETS --> <link rel="stylesheet" href="css/style.css" type="text/css" media="screen"/> <link rel="stylesheet" href="css/slide.css" type="text/css" media="screen"/> <link rel="stylesheet" href="menu2/menu.css" type="text/css" media="screen"/> <link rel="stylesheet" href="css/form_template.css" type="text/css" media="screen"/> <link rel="stylesheet" href="css/result.css" type="text/css" media="screen"/> <!--<link rel="stylesheet" href="css/accordian2.css" type="text/css" media="screen"/> --> Here is the CSS code for the slide down panel. /***** clearfix *****/ .clear { clear: both; height: 0; line-height: 0; } .clearfix:after { content: "."; display: block; height: 0; clear: both; visibility: hidden; } .clearfix { display: inline-block; } /* Hides from IE-mac \*/ * html .clearfix { height: 1%; } .clearfix { display: block; } /* End hide from IE-mac */ .clearfix { height: 1%; } .clearfix { display: block; } /* Panel Tab/button */ .tab { background: url(../images/tab_b.png) repeat-x 0 0; height: 42px; position: relative; top: 0; z-index: 999; } .tab ul.login { display: block; position: relative; float: right; clear: right; height: 42px; width: auto; font-weight: bold; line-height: 42px; margin: 0; right: 150px; color: white; font-size: 80%; text-align: center; } .tab ul.login li.left { background: url(../images/tab_l.png) no-repeat left 0; height: 42px; width: 30px; padding: 0; margin: 0; display: block; float: left; } .tab ul.login li.right { background: url(../images/tab_r.png) no-repeat left 0; height: 42px; width: 30px; padding: 0; margin: 0; display: block; float: left; } .tab ul.login li { text-align: left; padding: 0 6px; display: block; float: left; height: 42px; background: url(../images/tab_m.png) repeat-x 0 0; } .tab ul.login li a { color: #ED1C24; } .tab ul.login li a:hover { color: #FFFFFF; } .tab .sep {color:#001B54} .tab a.open, .tab a.close { height: 20px; line-height: 20px !important; padding-left: 30px !important; cursor: pointer; display: block; width: 100px; position: relative; top: 11px; } .tab a.open {background: url(../images/bt_open.png) no-repeat left 0;} .tab a.close {background: url(../images/bt_close.png) no-repeat left 0;} .tab a:hover.open {background: url(../images/bt_open.png) no-repeat left -19px;} .tab a:hover.close {background: url(../images/bt_close.png) no-repeat left -19px;} /* DEFINE THE PROPERTIES OF THE SLIDE DOWN PANNEL FOR A USER WHO IS LOGGED IN*/ /* sliding panel */ #toppanel { /*position: absolute; /*Panel will overlap content */ position: relative; /*Panel will "push" the content down */ top: 0; width: 100%; z-index: 999; text-align: center; margin-left: auto; margin-right: auto; } #panel { width: 100%; height: 300px; color: #FFFFFF; background: #001B54; overflow: hidden; position: relative; z-index: 3; display: none; } #panel h1 { font-size: 1.6em; padding: 5px 0 10px; margin: 0; color: white; } #panel h2{ font-size: 1.2em; padding: 10px 0 5px; margin: 0; color: white; } #panel p { margin: 5px 0; padding: 0; } #panel a { text-decoration: none; color: #ED1C24; font-weight: bold; } #panel a:hover { color: white; } #panel a-lost-pwd { display: block; float: left; } #panel .content { width: 960px; margin: 0 auto; padding-top: 15px; text-align: left; font-size: 0.85em; } #panel .content .left { width: 280px; float: left; padding: 0 15px; border-left: 1px solid grey; } #panel .content .right { border-right: 1px solid grey; } #panel .content form { margin: 0 0 10px 0; } #panel .content label { float: left; padding-top: 8px; clear: both; width: 280px; display: block; } #panel .content input.field { border: 1px #1A1A1A solid; background: #FFFFFF; margin-right: 5px; margin-top: 0px; width: 200px; color: black; height: 20px; } #panel .content input:focus.field { background: #C9C9C9; color: #ED1C24; } /* BUTTONS */ /* Login and Register buttons */ #panel .content input.bt_login, #panel .content input.bt_register { display: block; float: left; clear: left; height: 25px; text-align: center; cursor: pointer; border: none; font-weight: bold; margin: 10px 0; } #panel .content input.bt_login { width: 74px; background: transparent url(../images/bt_login.png) no-repeat 0 0; } #panel .content input.bt_register { width: 94px; color: white; background: transparent url(../images/bt_register.png) no-repeat 0 0; } #panel .lost-pwd { display: block; float:left; clear: right; padding: 15px 5px 0; font-size: 0.95em; text-decoration: underline; } And the sliding panel javascript: $(document).ready(function() { // Expand Panel $("#open").click(function(){ $("div#panel").slideDown("slow"); }); // Collapse Panel $("#close").click(function(){ $("div#panel").slideUp("slow"); }); // Switch buttons from "Log In | Register" to "Close Panel" on click $("#toggle a").click(function () { $("#toggle a").toggle(); }); }); Please let me know if there is any additional information that you may require.

Thanks so much for the help, this is now working really nicely. If anyone want to see the solution code, I will be happy to post it, its just a lot of code that I don't won't to post if it isn't needed. Thanks again.

That looks like what I'm looking for, going to give it a try. Would I call the function at the same time as I call the login_check function? so i.e. the opening line of my page would be: checkLoginLevel(); sec_session_start(); Do I add all the pages the user is allowed to access to each array? Oh, and level 0 I want to re-direct to the info.php page. All other users just get the message saying that they are not authorized / or get allowed in (depending on their access level) to view the page.

What additional page code would you like to see? I don't want to over swamp you with unnecessary code.

I took a different route to solving this problem. I changed the way that my page looks at the session, and rather than coding different pages I'm just routing the users who are not logged in back to the login page. <?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); if (login_check($mysqli) == true) { $logged = 'in'; } else { $logged = 'out'; header('location:index.php'); echo 'You are required to login'; exit; } ?> What I do want to ask now though, is how do I use this session to control access levels, i.e. UserAccess = 0, 1, 2, 3. User level 0 has access to only 1 page on the site and will always be redirected to this page. User level 1,2 has access to certain pages. Different for both users, sometimes user 2 will be able to access user 1 pages but not always. User level 3 has access to ALL pages.

I removed $_SESSION['session_status'] from my login_check script because I wanted to use this the determine if a user is logged in or not to check the number of online users. When I removed it, it is now not echoing any of the values, but the wrong pages are still being displayed.

It's returning 4

Apologies, I used var_dump($_SESSION); exit; and not var_dump(login_check($mysqli)); I had the login check confused with the session check. If the Session check returned session in formation, why would the login_check return false? In my case it is returning false.

Here is the login function: function login_check($mysqli) { // Check if all session variables are set if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'], $_SESSION['email'], $_SESSION['level'], $_SESSION['session_status'])) { $user_id = $_SESSION['user_id']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; $email = $_SESSION['email']; $level = $_SESSION['level']; $status = $_SESSON['session_status'] ; // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { // Bind "$user_id" to parameter. $stmt->bind_param('i', $user_id); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { // If the user exists get variables from result. $stmt->bind_result($password); $stmt->fetch(); $login_check = hash('sha512', $password . $user_browser); if ($login_check == $login_string) { // Logged In!!!! return true; } else { // Not logged in return false; } } else { // Not logged in return false; } } else { // Not logged in return false; } } else { // Not logged in return false; } } I did use var_dump(login_check($mysqli)); and did get the session information returned.

Sorry this was at the top of my page, I did not include it in the original section: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <!-- INCLUDING REQUIRED AUTHENTICATION FILES, DATABASE CONNECTIONS, FUNCTIONS. --> <?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); if (login_check($mysqli) == true) ?> Formatting.html looks like this: <link rel="shortcut icon" href="../test/favicon.ico?v=2"/> <meta name="description" content="Login Page" /> <meta name="keywords" content="login, register, login page, techdesignlab, tech design lab, computer, components, hardware, software, peripherals" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <!-- REFERENCING FOR ALL STYLE SHEETS --> <link rel="stylesheet" href="css/style.css" type="text/css" media="screen"/> <link rel="stylesheet" href="css/slide.css" type="text/css" media="screen"/> <link rel="stylesheet" href="menu2/menu.css" type="text/css" media="screen"/> <link rel="stylesheet" href="css/form_template.css" type="text/css" media="screen"/> <!-- REFERNCE TO MAIN CORE OF jQUERY SCRIPT --> <script src="js/jquery-2.0.3.min.js" type="text/javascript"></script> <!-- MENU SLIDE EFFFECT --> <script src="js/slide.js" type="text/javascript"></script> <!-- SHA512 PASSWORD ENCRIPTION ALGORYTHM --> <script src="js/sha512.js" type="text/javascript"></script> <!-- FORM FUNCTIONS --> <script src="js/forms.js" type="text/javascript"></script> -->

I'm currently working on restricting access to pages for users who are logged into my site. However, I keen getting the wrong result. I have two senarios: Logged in users must see the logged in page This is then further restricted by access level (0 = None, 1 = General User, 2 = Team User, etc.) 2 must have access to all pages, 1 to some page, and 0 only have access to the home page Users who are not logged in must see a different page all together (Contains registration info) Here is what I have been tryign, but it is not working: <head> <title>Test Page</title> <?php include 'formatting.html' ?> </head> <body> <?php if (login_check($mysqli) == true) : include 'panelin.php'; include '../menu2/menu.html'; ?> <?php else : include 'panelout.php'; ?> <?php endif; ?> This was mainly focusing for the logged in vs. logged out users at the moment. I am able to see the session info, however I keep getting the panelout.php page instead of the panelin.php

Found the solution... Just changed the px height to 100%. However, now the animated slide effect of the menu is not working. And that was the only change I made.

Hi All, I have just finished putting together an accordion style menu and I have having a problem getting my sub-menu to display properly. The problem is that the height of each sub-menu differs based on the amount of sub menu items, but the code I am currently using uses a fixed height statement. How can I get the height to auto adjust based on the number of sub-menu items. My current setting is: .accordion li:target > .sub-menu { height: 132px; }

Its wierd, because I looked everywhere and can't figure out why it would count the number of characters in the text that I am echoing. I've never seen that happen.

Awesome thanks, it works perfectly... The last issue now is when printing the number of rows inserted is will count the number of characters at the end of the string. i.e. 1 record has been successfully added. Please wait to be redirected.67 This is what is being "echoed" on my success page. and the 67 at the end should not be there.

Ok, finally I got the script to actually submit to my table. The problem however is that I am being taken to the error page: header('Location: ../error.php?err=Registration failure: INSERT'); exit; and not to: header('Location: ../success.html'); exit; What needs to be done to fix this? Thanks guys, your help thus far has really added value and I am learning every step of the way. Here's what my code looks like: <?php include_once '../includes/db_connect.php'; include_once '../includes/functions.php'; ?> <?php sec_session_start(); if (login_check($mysqli) == true) { $logged = 'in'; } else { $logged = 'out'; } $error_msg = ""; $username = $_SESSION['username']; /* USED FOR ERROR CHECKING */ /* var_dump($_SESSION); exit; var_dump($_POST);exit; */ if (isset($_POST['username'], $_POST['fname'], $_POST['lname'], $_POST['msisdn'], $_POST['email'], $_POST['query1'])) { // SANITIZE AND VALIDATE THE DATA BEING PROCESSED BY THE FORM $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $fname = filter_input(INPUT_POST, 'fname', FILTER_SANITIZE_STRING); $lname = filter_input(INPUT_POST, 'lname', FILTER_SANITIZE_STRING); $msisdn = filter_input(INPUT_POST, 'msisdn', FILTER_SANITIZE_STRING); $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); $query1 = filter_input(INPUT_POST, 'query1', FILTER_SANITIZE_STRING); $creation_time = filter_input(INPUT_POST, 'creation_time', FILTER_SANITIZE_STRING); $email = filter_var($email, FILTER_VALIDATE_EMAIL); if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } if (empty($error_msg)) { // INSERT THE NEW FOR INFORMATION INTO THE DATABASE TABLE if ($insert_stmt = $mysqli->prepare("INSERT INTO walkin (username, fname, lname, msisdn, email, query1, creation_time) VALUES (?, ?, ?, ?, ?, ?, ?)")) { $insert_stmt->bind_param('sssisss', $username, ucfirst($fname), ucfirst($lname), $msisdn, $email, $query1, $creation_time); // EXECUTE THE PREPARED QUERY if (! $insert_stmt->execute()); //PRINT THE NUMBERS OF ROWS THAT HAVE BEEN AFFECTED printf("%d Row inserted.\n", $insert_stmt->affected_rows); { header('Location: ../error.php?err=Registration failure: INSERT'); exit; } } header('Location: ../success.html'); exit; /* CLOSE THE STATEMENT */ $stmt->close(); /* CLOSE THE CONNECTION */ $mysqli->close(); } }

Thanks guys, took that line out shortly after posting the reply. I am however still getting this error: Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in C:\Development_Tracker\htdocs\process\submit_walkin.php on line 58 array(6) { ["username"]=> string(13) "Salientanimal" ["fname"]=> string(0) "" ["lname"]=> string(0) "" ["msisdn"]=> string(0) "" ["email"]=> string(0) "" ["query1"]=> string(0) "" } I left the fields blank just to return the message, there is currently no check in place to ensure that all fields are infact filled in. I will do this later. i have also tried submitting it with data captured, but recieve the same error. Do I need to update this section as follows including my id field, even though it is auto incremented? if (empty($error_msg)) { // INSERT THE NEW FOR INFORMATION INTO THE DATABASE TABLE if ($insert_stmt = $mysqli->prepare("INSERT INTO walkin (ADD_ID_FIELD?, username, fname, lname, msisdn, email, query1, creation_time) VALUES (?, ?, ?, ?, ?, ?, now())")) { $insert_stmt->bind_param(ADD_ID_FIELD?, $username, ucfirst($fname), ucfirst($lname), $msisdn, $email, $query1, $creation_time); // EXECUTE THE PREPARED QUERY if (! $insert_stmt->execute()) var_dump($_POST);exit; { header('Location: ../error.php?err=Registration failure: INSERT'); exit; When adding the id field to the first if ($insert_stmt = $mysqli->prepare, the forms seems to process all the way through, however the data isn't written to my database table. Here is a MySQL dump showig my table structure: -- phpMyAdmin SQL Dump -- version 4.0.9 -- http://www.phpmyadmin.net -- -- Host: 127.0.0.1 -- Generation Time: Jan 22, 2014 at 08:42 AM -- Server version: 5.6.14 -- PHP Version: 5.5.6 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; SET time_zone = "+00:00"; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; -- -- Database: `techdesinglab_tracker` -- -- -------------------------------------------------------- -- -- Table structure for table `walkin` -- CREATE TABLE IF NOT EXISTS `walkin` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(100) NOT NULL, `fname` varchar(100) NOT NULL, `lname` varchar(100) NOT NULL, `msisdn` bigint(10) NOT NULL, `email` varchar(100) NOT NULL, `query1` varchar(100) NOT NULL, `creation_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;