Pavlos1316 Posted May 28, 2008 Share Posted May 28, 2008 Hi This code is for authendicate user. It works fine when I put it in members.index. But if I paste it in my other restricted pages when i log in and try to access them... i get the unauthorized msg <?php //members pagesession_start(); if (!isset ($_SESSION['Username']) OR empty ($_SESSION['Username'])){ //Unauthorized page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <center><h1>Unauthorized Access!</h1></center> <center><h1>Please Register... It is TOTALLY Free!!!</h1></center> </body> </html> <?php exit; } ?> Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 are you adding session_start to the top of the page? Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 Ah yes is added here too but I acciddentaly left it in the first line..!!! Sorry. Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 proper code would be <?php //members pagesession_start(); if (!isset ($_SESSION['Username']) || !isset(($_SESSION['Username'])){ //Unauthorized page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <center><h1>Unauthorized Access!</h1></center> <center><h1>Please Register... It is TOTALLY Free!!!</h1></center> </body> </html> <?php exit; } ?> Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 but if you count you are oppening 4( and closing only 3 Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 got trigger happy with the ( (accidentally put one too many in when re-working the code) <?php //members pagesession_start(); if (!isset ($_SESSION['Username']) || !isset($_SESSION['Username'])){ //Unauthorized page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <center><h1>Unauthorized Access!</h1></center> <center><h1>Please Register... It is TOTALLY Free!!!</h1></center> </body> </html> <?php exit; } ?> Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 Nope I am still getting the unauthorized msg for other links when I am logged in. It is like my page doesn't stores the login details when somebody is logged in. Am i missing anything from another code? Something I should have write? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 are you sure you are setting $_SESSION['Username'] ? dumb question, but if you are setting a different session for admins, or moderators, and you check the wrong one..... Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 Is not dub cause I am quite new at this. I don't know If I should add a code lets say in login.php to remember that you are logged in If you are talking about my login.php here it is mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname)or die(mysql_error());session_start(); $Username=$_POST['Username']; $Password=$_POST['Password']; $query="SELECT * FROM Register WHERE Username='$Username' and Password='$Password'"; $result=mysql_query($query); if(mysql_num_rows($result)!=1){ $error="Invalid Login"; include ("main.html"); echo "<center><font color=#FF0000>Invalid Login</font></center>"; }else{ $_SESSION['Username']="$Username"; include ("members.html"); } ?> Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 cleaned up the code (adding security if you want it) <?php mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname)or die(mysql_error());session_start(); $Username=mysql_real_escape_string($_POST['Username']); $Password=mysql_real_escape_string($_POST['Password']); $query="SELECT * FROM Register WHERE Username='$Username' and Password='$Password'"; $result=mysql_query($query); if(mysql_num_rows($result)!=1){ $error="Invalid Login"; include ("main.html"); echo "<center><font color=#FF0000>Invalid Login</font></center>"; }else{ $_SESSION['Username']=$Username; include ("members.html"); } ?> ok, so, can we see the code for the pages that aren't keeping track of if the user is logged in? Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 it is welcome Is quite long code.. 90 lines. But if you need it I will post it. Just to know is plain html code plus my authentication script you just modified paste at the begining. Just like my members page that is working. You need it? Oh and did you remove " " from $Username from the 4th line from the end of my code or was accidentaly? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 my main concern is that I have yet to see session_start in any file. Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 I always have <?php session_start(); exept in login.php that it is starting after the connection string as you see above. Oh and did you remove " " from $Username from the 4th line from the end of my code or was accidentaly? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 I removed the quotes, because they are not needed. Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 starting off from square one, so there isn't any misunderstanding, this is a basic example on how I would do it: login.php <?php session_start(); mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname)or die(mysql_error()); $Username=mysql_real_escape_string($_POST['Username']); $Password=mysql_real_escape_string($_POST['Password']); $query="SELECT * FROM Register WHERE Username='$Username' and Password='$Password'"; $result=mysql_query($query); if(mysql_num_rows($result)!=1){ $error="Invalid Login"; include ("main.html"); echo "<center><font color=#FF0000>Invalid Login</font></center>"; }else{ $_SESSION['Username']=$Username; include ("members.html"); } ?> secure page <?php session_start(); //members pagesession_start(); if (!isset ($_SESSION['Username'])){ //Unauthorized page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <center><h1>Unauthorized Access!</h1></center> <center><h1>Please Register... It is TOTALLY Free!!!</h1></center> </body> </html> <?php exit; } ?> holy cow. does your members.html contain your php? if so, there's your problem. php is only executed server-side if your server knows to execute it as such. If it's in an html file, the server won't consider to parse through it for php (unless your server is set up to read HTML files as PHP) Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 Still doesn't work for the rest protected pages. (I am stuck here 20 days now!!!) How do I fix that???? members.html: <?php session_start(); //members page if (!isset ($_SESSION['Username'])){ //Unauthorized page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <center><h1>Unauthorized Access!</h1></center> <center><h1>Please Register... It is TOTALLY Free!!!</h1></center> </body> </html> <?php exit; } ?> html code here login.php <?php session_start(); //Database Information $dbhost="localhost"; $dbname="data"; $dbuser="username"; $dbpass="password"; //Connect to database mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname)or die(mysql_error()); $Username=mysql_real_escape_string($_POST['Username']); $Password=mysql_real_escape_string($_POST['Password']); $query="SELECT * FROM Register WHERE Username='$Username' and Password='$Password'";$result=mysql_query($query); if(mysql_num_rows($result)!=1){ $error="Invalid Login"; include ("main.html"); echo "<center><font color=#FF0000>Invalid Login</font></center>"; }else{ $_SESSION['Username']=$Username; include ("members.html"); } ?> Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 change members.html to members.php Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 Do I have to rename frames too? top.html to top.php and all prodected pages? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 or you can change your httpd.conf file so that it handles HTML as PHP Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 this sounds easyer if you tell me what to do cause the other way round screwed up everythiiiiiiiiing!! Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 if it's your server, just edit /etc/httpd.conf (the location changes from distro to distro). If it's not your server, someone here will need to tell you how to do it. I'm drawing blanks right now. Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 not my server!!!! but with the last codes I posted if I make that change will it work? Quote Link to comment Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 I've been told it can't be done. So I have to rename EVERY protected page .php instead of .html WITH NO other change? Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 that should fix things. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 28, 2008 Share Posted May 28, 2008 to parse .html as .php, add this to .htaccess: AddType application/x-httpd-php .html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.