Pavlos1316 Posted May 28, 2008 Share Posted May 28, 2008 Hi This code is for authendicate user. It works fine when I put it in members.index. But if I paste it in my other restricted pages when i log in and try to access them... i get the unauthorized msg <?php //members pagesession_start(); if (!isset ($_SESSION['Username']) OR empty ($_SESSION['Username'])){ //Unauthorized page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <center><h1>Unauthorized Access!</h1></center> <center><h1>Please Register... It is TOTALLY Free!!!</h1></center> </body> </html> <?php exit; } ?> Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/ Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 are you adding session_start to the top of the page? Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551906 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 Ah yes is added here too but I acciddentaly left it in the first line..!!! Sorry. Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551909 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 proper code would be <?php //members pagesession_start(); if (!isset ($_SESSION['Username']) || !isset(($_SESSION['Username'])){ //Unauthorized page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <center><h1>Unauthorized Access!</h1></center> <center><h1>Please Register... It is TOTALLY Free!!!</h1></center> </body> </html> <?php exit; } ?> Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551913 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 but if you count you are oppening 4( and closing only 3 Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551930 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 got trigger happy with the ( (accidentally put one too many in when re-working the code) <?php //members pagesession_start(); if (!isset ($_SESSION['Username']) || !isset($_SESSION['Username'])){ //Unauthorized page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <center><h1>Unauthorized Access!</h1></center> <center><h1>Please Register... It is TOTALLY Free!!!</h1></center> </body> </html> <?php exit; } ?> Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551935 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 Nope I am still getting the unauthorized msg for other links when I am logged in. It is like my page doesn't stores the login details when somebody is logged in. Am i missing anything from another code? Something I should have write? Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551943 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 are you sure you are setting $_SESSION['Username'] ? dumb question, but if you are setting a different session for admins, or moderators, and you check the wrong one..... Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551946 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 Is not dub cause I am quite new at this. I don't know If I should add a code lets say in login.php to remember that you are logged in If you are talking about my login.php here it is mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname)or die(mysql_error());session_start(); $Username=$_POST['Username']; $Password=$_POST['Password']; $query="SELECT * FROM Register WHERE Username='$Username' and Password='$Password'"; $result=mysql_query($query); if(mysql_num_rows($result)!=1){ $error="Invalid Login"; include ("main.html"); echo "<center><font color=#FF0000>Invalid Login</font></center>"; }else{ $_SESSION['Username']="$Username"; include ("members.html"); } ?> Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551954 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 cleaned up the code (adding security if you want it) <?php mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname)or die(mysql_error());session_start(); $Username=mysql_real_escape_string($_POST['Username']); $Password=mysql_real_escape_string($_POST['Password']); $query="SELECT * FROM Register WHERE Username='$Username' and Password='$Password'"; $result=mysql_query($query); if(mysql_num_rows($result)!=1){ $error="Invalid Login"; include ("main.html"); echo "<center><font color=#FF0000>Invalid Login</font></center>"; }else{ $_SESSION['Username']=$Username; include ("members.html"); } ?> ok, so, can we see the code for the pages that aren't keeping track of if the user is logged in? Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551961 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 it is welcome Is quite long code.. 90 lines. But if you need it I will post it. Just to know is plain html code plus my authentication script you just modified paste at the begining. Just like my members page that is working. You need it? Oh and did you remove " " from $Username from the 4th line from the end of my code or was accidentaly? Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551973 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 my main concern is that I have yet to see session_start in any file. Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551981 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 I always have <?php session_start(); exept in login.php that it is starting after the connection string as you see above. Oh and did you remove " " from $Username from the 4th line from the end of my code or was accidentaly? Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551985 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 I removed the quotes, because they are not needed. Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551988 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 starting off from square one, so there isn't any misunderstanding, this is a basic example on how I would do it: login.php <?php session_start(); mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname)or die(mysql_error()); $Username=mysql_real_escape_string($_POST['Username']); $Password=mysql_real_escape_string($_POST['Password']); $query="SELECT * FROM Register WHERE Username='$Username' and Password='$Password'"; $result=mysql_query($query); if(mysql_num_rows($result)!=1){ $error="Invalid Login"; include ("main.html"); echo "<center><font color=#FF0000>Invalid Login</font></center>"; }else{ $_SESSION['Username']=$Username; include ("members.html"); } ?> secure page <?php session_start(); //members pagesession_start(); if (!isset ($_SESSION['Username'])){ //Unauthorized page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <center><h1>Unauthorized Access!</h1></center> <center><h1>Please Register... It is TOTALLY Free!!!</h1></center> </body> </html> <?php exit; } ?> holy cow. does your members.html contain your php? if so, there's your problem. php is only executed server-side if your server knows to execute it as such. If it's in an html file, the server won't consider to parse through it for php (unless your server is set up to read HTML files as PHP) Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-551991 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 Still doesn't work for the rest protected pages. (I am stuck here 20 days now!!!) How do I fix that???? members.html: <?php session_start(); //members page if (!isset ($_SESSION['Username'])){ //Unauthorized page ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="refresh" content="2;url=/"> </head> <body> <center><h1>Unauthorized Access!</h1></center> <center><h1>Please Register... It is TOTALLY Free!!!</h1></center> </body> </html> <?php exit; } ?> html code here login.php <?php session_start(); //Database Information $dbhost="localhost"; $dbname="data"; $dbuser="username"; $dbpass="password"; //Connect to database mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname)or die(mysql_error()); $Username=mysql_real_escape_string($_POST['Username']); $Password=mysql_real_escape_string($_POST['Password']); $query="SELECT * FROM Register WHERE Username='$Username' and Password='$Password'";$result=mysql_query($query); if(mysql_num_rows($result)!=1){ $error="Invalid Login"; include ("main.html"); echo "<center><font color=#FF0000>Invalid Login</font></center>"; }else{ $_SESSION['Username']=$Username; include ("members.html"); } ?> Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-552003 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 change members.html to members.php Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-552020 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 Do I have to rename frames too? top.html to top.php and all prodected pages? Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-552043 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 or you can change your httpd.conf file so that it handles HTML as PHP Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-552046 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 this sounds easyer if you tell me what to do cause the other way round screwed up everythiiiiiiiiing!! Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-552048 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 if it's your server, just edit /etc/httpd.conf (the location changes from distro to distro). If it's not your server, someone here will need to tell you how to do it. I'm drawing blanks right now. Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-552051 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 not my server!!!! but with the last codes I posted if I make that change will it work? Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-552057 Share on other sites More sharing options...
Pavlos1316 Posted May 28, 2008 Author Share Posted May 28, 2008 I've been told it can't be done. So I have to rename EVERY protected page .php instead of .html WITH NO other change? Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-552075 Share on other sites More sharing options...
jonsjava Posted May 28, 2008 Share Posted May 28, 2008 that should fix things. Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-552076 Share on other sites More sharing options...
BlueSkyIS Posted May 28, 2008 Share Posted May 28, 2008 to parse .html as .php, add this to .htaccess: AddType application/x-httpd-php .html Link to comment https://forums.phpfreaks.com/topic/107668-can-anyone-help-please/#findComment-552086 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.