Jump to content

Archived

This topic is now archived and is closed to further replies.

miligraf

Login problem

Recommended Posts

firs of all, whats the best way to protect a folder? only PHP or PHP and MySQL or is there a better way? (ive tried htaccess but it doesnt protect the entire folder, just a file).

now, with the problem...ive been trying to make this code to work, its from [a href=\"http://zulumonkey.org/?id=tutorials&page=comment&oid=228\" target=\"_blank\"]http://zulumonkey.org/?id=tutorials&page=comment&oid=228[/a] :

i get these warnings: Warning: session_start(): Cannot send session cookie - headers already sent by...Warning: session_start(): Cannot send session cache limiter - headers already sent...

also, if you know the URL of the file i want to protect...you can access it.

login.php
[code]<table width="315" height="199" border="0">
<tr>
<td><form name="form1" method="post" action="check.php">
<table width="407" border="0">
<tr>
<td width="105">Username:</td>
<td width="194"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
</table>
<br>
<input type="submit" name="Submit" value="Login">
</form>
</td>
</tr>
</table>[/code]

check.php
[code]<?php
$a_username = ""; // Admin username
$a_password = ""; //Admin password

if($username == $a_username && $password == $a_password){
session_start();
echo "Congratulations " . $_POST['username'] . "<br>You may now proceed to the <a href="admin.php">admin area</a>!";
}

else {
echo "Username " . $_POST['username'] . " or password " . $_POST['password'] . " is incorrect, please try again"; }
?>[/code]

admin.php
[code]<?php
if(session_start()){ ?>
This is the admin area
Add content in this section
<?php
}
elseif(!session_start()){
echo "Not logged in, please log in";
}
?>[/code]

thx!!!

Share this post


Link to post
Share on other sites
[!--quoteo(post=387956:date=Jun 26 2006, 08:34 AM:name=miligraf)--][div class=\'quotetop\']QUOTE(miligraf @ Jun 26 2006, 08:34 AM) [snapback]387956[/snapback][/div][div class=\'quotemain\'][!--quotec--]
firs of all, whats the best way to protect a folder? only PHP or PHP and MySQL or is there a better way? (ive tried htaccess but it doesnt protect the entire folder, just a file).

now, with the problem...ive been trying to make this code to work, its from [a href=\"http://zulumonkey.org/?id=tutorials&page=comment&oid=228\" target=\"_blank\"]http://zulumonkey.org/?id=tutorials&page=comment&oid=228[/a] :

i get these warnings: Warning: session_start(): Cannot send session cookie - headers already sent by...Warning: session_start(): Cannot send session cache limiter - headers already sent...

also, if you know the URL of the file i want to protect...you can access it.

login.php
[code]<table width="315" height="199" border="0">
<tr>
<td><form name="form1" method="post" action="check.php">
<table width="407" border="0">
<tr>
<td width="105">Username:</td>
<td width="194"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
</table>
<br>
<input type="submit" name="Submit" value="Login">
</form>
</td>
</tr>
</table>[/code]

check.php
[code]<?php
$a_username = ""; // Admin username
$a_password = ""; //Admin password

if($username == $a_username && $password == $a_password){
session_start();
echo "Congratulations " . $_POST['username'] . "<br>You may now proceed to the <a href="admin.php">admin area</a>!";
}

else {
echo "Username " . $_POST['username'] . " or password " . $_POST['password'] . " is incorrect, please try again"; }
?>[/code]

admin.php
[code]<?php
if(session_start()){ ?>
This is the admin area
Add content in this section
<?php
}
elseif(!session_start()){
echo "Not logged in, please log in";
}
?>[/code]

thx!!!
[/quote]


Hi,

Your session_start() must be the first thing sent in you php code otherwise you get the error that you stated.
This has to appear at the top of every php page wanting to use one of your session vars.

[code]
<?php
session_start();

// Rest of your code.

?>
[/code]

Share this post


Link to post
Share on other sites
thanks, it works now. but if i know the exact URL where the admin.php is located, i can access it...its supposed to say: Not logged in, please log in. ive deleted cookies for this but i still can do it.

Share this post


Link to post
Share on other sites
[!--quoteo(post=388148:date=Jun 26 2006, 12:57 PM:name=miligraf)--][div class=\'quotetop\']QUOTE(miligraf @ Jun 26 2006, 12:57 PM) [snapback]388148[/snapback][/div][div class=\'quotemain\'][!--quotec--]
thanks, it works now. but if i know the exact URL where the admin.php is located, i can access it...its supposed to say: Not logged in, please log in. ive deleted cookies for this but i still can do it.
[/quote]
[code]$var=$_SESSION['var'];
if($var != ''){

//rest of code
}else{

echo "Please Reloging";
}[/code]

Share this post


Link to post
Share on other sites
I have a similiar script and I solved that problem a different way.

In my login function I added this to the successful login part:

session_register('$logged_in');
$_SESSION['logged_in'] = 1;

Then on my admin.php page I added this:

if(!isset($_SESSION['logged_in'])) {
echo "Sorry Please Login";
}
else {
echo "Success";
}

Share this post


Link to post
Share on other sites
its half workin lol, i cant access the admin section if i know the URL but even if i login i cant access it.

is htaccess better than PHP to protect files?

Share this post


Link to post
Share on other sites
[!--quoteo(post=388175:date=Jun 26 2006, 03:17 PM:name=miligraf)--][div class=\'quotetop\']QUOTE(miligraf @ Jun 26 2006, 03:17 PM) [snapback]388175[/snapback][/div][div class=\'quotemain\'][!--quotec--]
its half workin lol, i cant access the admin section if i know the URL but even if i login i cant access it.

is htaccess better than PHP to protect files?
[/quote]

The best way I have found to protect files is mysql. If a file has an offball name such as 1423563467.php and only sql has an id number for it, sql can get to it way quicker than any bored "hacker". Also fill you files with if/else statements. Such as the ones legohead6 and adamwhiles provided.

The reason that you admin page isnt working depends on your validation method. I have just started getting into these script ideas myself. Are you using MySQL, txt file or cookie, something like that?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.