ambo Posted September 16, 2008 Share Posted September 16, 2008 Hey Everyone i have a question i have a bit of code <? $userid=mysql_real_escape_string($userid); $password=mysql_real_escape_string($password); if($rec=mysql_fetch_array(mysql_query("SELECT * FROM plus_signup WHERE userid='$userid' AND password = '$password'"))){ if(($rec['userid']==$userid)&&($rec['password']==$password)){ include "include/newsession.php"; echo "<p class=data> <center>Successfully,Logged in<br><br><a href='logout.php'> Log OUT </a><br><br><a href=home.php>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>"; print "<script>"; print " self.location='Home.php';"; // Comment this line if you don't want to redirect print "</script>"; } } else { session_unset(); echo "<font face='Verdana' size='2' color=red>Wrong Login. Use your correct Userid and Password and Try <br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>"; } ?> So it works fine and i posts to home.php But i need a function that i can put in Home.php to make sure there logged in so people cant navigate to home.php in there browser! ??? Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 16, 2008 Share Posted September 16, 2008 if(isset($_SESSION['Sessionname'])) { echo "<script type=\"text/javascript\"> document.location = \"different_page.php\"; </script>"; exit(); } Sessionname is what session you use to store whatever when logged in but is unset when logged out, different_page.php is what you use to send them to if they are logged in Quote Link to comment Share on other sites More sharing options...
ambo Posted September 16, 2008 Author Share Posted September 16, 2008 different_page.php is what you use to send them to if they are logged in i need it for the page there viewing so if there not logged in they cant view it it sends them to login.php could i maybe change isset to unset? Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 16, 2008 Share Posted September 16, 2008 No, change isset to !isset Quote Link to comment Share on other sites More sharing options...
ambo Posted September 16, 2008 Author Share Posted September 16, 2008 ok so if(!isset($_SESSION['Sessionname'])) { echo "<script type=\"text/javascript\"> document.location = \"index.php\"; </script>"; exit(); } will send them to home page if there not logged in thanks ive been punching myself in the head lol Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 16, 2008 Share Posted September 16, 2008 Exactly. Just remember to change Sessionname to the actual name of the session Quote Link to comment Share on other sites More sharing options...
ambo Posted September 16, 2008 Author Share Posted September 16, 2008 It Keeps sending my right to index.php even if im logged in heres the Code for home.php if they arnt logged in then index.html could it be a "if session isset then display page else {index.php}" <? //*************************************** // This is downloaded from www.plus2net.com // /// You can distribute this code with the link to www.plus2net.com /// // Please don't remove the link to www.plus2net.com /// // This is for your learning only not for commercial use. /////// //The author is not responsible for any type of loss or problem or damage on using this script.// /// You can use it at your own risk. ///// //***************************************** include "include/session.php"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <style type="text/css"> <!-- body { background-color: #FFFFFF; } .style1 {color: #FF0000} .style2 {font-family: "Times New Roman", Times, serif} --> </style></head> <body topmargin="0" leftmargin="0"> <div class="pagehead"></div> <div class="pagelinks"> <div align="center"><a href="index.html">Home</a> <img src="graphics/links/divide.gif" align="absmiddle" /><a href="index.html"> Profile</a> <img src="graphics/links/divide.gif" align="absmiddle" /><a href="index.html"> Calendar</a> <img src="graphics/links/divide.gif" align="absmiddle" /><a href="index.html"> Galleries</a> <img src="graphics/links/divide.gif" align="absmiddle" /><a href="index.html"> Messages</a> <img src="graphics/links/divide.gif" align="absmiddle" /><a href="index.html"> Blog </a> <img src="graphics/links/divide.gif" align="absmiddle" /><a href="index.html"> Forum </a><img src="graphics/links/divide.gif" align="absmiddle" /><a href="logout.php"> Log Out</a></div> </div> <div class="cont"> <div class="contcalhead style1"> <div align="center" class="style2">Calendar</div> </div> <div class="contcal"></div> <div class="contfrihead style1"> <div align="center">Friends</div> </div> <div class="contfri"></div> <div class="contgalhead style1"> <div align="center">Galleries</div> </div> <div class="contgal"></div> </div> <div class="pro"> <div class="proheader style1"> <div align="center">Profile</div> </div> <div class="procont"><? if(!isset($_SESSION['Session'])) { echo "<script type=\"text/javascript\"> document.location = \"index.php\"; </script>"; exit(); } echo "<center><font face='Verdana' size='2' >Welcome userid=$session[userid]<br><br>You must see your userid here (above) <br><br><br>Click <a href=logout.php>here to logout</a><br></center></font>"; ?> </div> <div class="procomhead style1"> <div align="center">Comments</div> </div> <div class="procomcont"></div> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 16, 2008 Share Posted September 16, 2008 if(isset($_SESSION['Session'])) { } else { //Code to redirect here } Are you sure you have the right session name? Quote Link to comment Share on other sites More sharing options...
gnawz Posted September 16, 2008 Share Posted September 16, 2008 I think this is what ambo is missing... I your login code, set your session name to a variable in the database that is UNIQUE or PRIMARY. Example here: function Your_Login() { $userName = $_POST['txtUserName']; $password = $_POST['txtPassword']; $sql = "SELECT your_unique_field FROM your_user_tableWHERE UserName = '$userName' AND Password = PASSWORD('$password')"; $result = dbQuery($sql); if (dbNumRows($result) == 1) { $row = dbFetchAssoc($result); $_SESSION['your_session'] = $row['your_unique_field']; else { redirect user to login page using PHP or Java Script like you did } } else { Wrong Login } } Set your session to a unique field as above...$_SESSION['your_session'] = $row['your_unique_field']; Remember to change session names, variable names and table name to yours. Your SQL can be select * as well if you like Get back if you run into problems Quote Link to comment Share on other sites More sharing options...
Garethp Posted September 16, 2008 Share Posted September 16, 2008 Why would you need that? His logout code unsets the sessions, so any session he sets in login would be good enough Quote Link to comment Share on other sites More sharing options...
ambo Posted September 16, 2008 Author Share Posted September 16, 2008 a check login function would be nice as it is going to be for a social network and the user when logs in it will go to home.php which will be there profile. Thanks guys youve been helpful im at work right now but ill try this later tonight when i get out of class ill let you know how it works from there thanks -ambo Quote Link to comment Share on other sites More sharing options...
gnawz Posted September 16, 2008 Share Posted September 16, 2008 Gareth, He needs to connect his session to a unique field in the the database to check for users logged in... That's why. He might unset sessions on logout but once the session is not mapped to the database ie $ _SESSION['session_name'] = $row['unique_field']; then there is still a risk of a security breach. Quote Link to comment Share on other sites More sharing options...
ambo Posted September 17, 2008 Author Share Posted September 17, 2008 Ok So none of this is working so im gonna show you the 3 scripts with the include session.php file the login form posts to Submit.php <?php include "include/session.php"; ?> <? $userid=mysql_real_escape_string($userid); $password=mysql_real_escape_string($password); if($rec=mysql_fetch_array(mysql_query("SELECT * FROM de_user WHERE userid='$userid' AND password = '$password'"))){ if(($rec['userid']==$userid)&&($rec['password']==$password)){ include "include/newsession.php"; echo "<p class=data> <center>Successfully,Logged in<br><br><a href='logout.php'> Log OUT </a><br><br><a href=home.php>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>"; print "<script>"; print " self.location='home.php';"; // Comment this line if you don't want to redirect print "</script>"; } } else { session_unset(); echo "<font face='Verdana' size='2' color=red>Wrong Login. Use your correct Username and Password and Try Again <br><center><a herf='index.php'>Here</a>"; }?> Then Submit goes to Home.php i want a function like the one i highlighted to work in home.php <? include "include/session.php"; ?> <? echo "<center><font face='Verdana' size='2' >Welcome userid=$session[userid]<br><br>You must see your userid here (above) <br><br><br>Click <a href=logout.php>here to logout</a><br></center></font>"; ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.