Jump to content


Photo

Login problem


  • Please log in to reply
6 replies to this topic

#1 miligraf

miligraf
  • Members
  • PipPipPip
  • Advanced Member
  • 74 posts

Posted 26 June 2006 - 07:34 AM

firs of all, whats the best way to protect a folder? only PHP or PHP and MySQL or is there a better way? (ive tried htaccess but it doesnt protect the entire folder, just a file).

now, with the problem...ive been trying to make this code to work, its from [a href=\"http://zulumonkey.org/?id=tutorials&page=comment&oid=228\" target=\"_blank\"]http://zulumonkey.org/?id=tutorials&page=comment&oid=228[/a] :

i get these warnings: Warning: session_start(): Cannot send session cookie - headers already sent by...Warning: session_start(): Cannot send session cache limiter - headers already sent...

also, if you know the URL of the file i want to protect...you can access it.

login.php
<table width="315" height="199" border="0">
<tr>
<td><form name="form1" method="post" action="check.php">
<table width="407" border="0">
<tr>
<td width="105">Username:</td>
<td width="194"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
</table>
<br>
<input type="submit" name="Submit" value="Login">
</form>
</td>
</tr>
</table>

check.php
<?php
$a_username = ""; // Admin username
$a_password = ""; //Admin password

if($username == $a_username && $password == $a_password){
session_start();
echo "Congratulations " . $_POST['username'] . "<br>You may now proceed to the <a href="admin.php">admin area</a>!";
}

else {
echo "Username " . $_POST['username'] . " or password " . $_POST['password'] . " is incorrect, please try again"; }
?>

admin.php
<?php
if(session_start()){ ?>
This is the admin area
Add content in this section
<?php
}
elseif(!session_start()){
echo "Not logged in, please log in";
}
?>

thx!!!

#2 d_barszczak

d_barszczak
  • Members
  • PipPipPip
  • Advanced Member
  • 188 posts
  • LocationBradford - UK

Posted 26 June 2006 - 08:34 AM

[!--quoteo(post=387956:date=Jun 26 2006, 08:34 AM:name=miligraf)--][div class=\'quotetop\']QUOTE(miligraf @ Jun 26 2006, 08:34 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
firs of all, whats the best way to protect a folder? only PHP or PHP and MySQL or is there a better way? (ive tried htaccess but it doesnt protect the entire folder, just a file).

now, with the problem...ive been trying to make this code to work, its from [a href=\"http://zulumonkey.org/?id=tutorials&page=comment&oid=228\" target=\"_blank\"]http://zulumonkey.org/?id=tutorials&page=comment&oid=228[/a] :

i get these warnings: Warning: session_start(): Cannot send session cookie - headers already sent by...Warning: session_start(): Cannot send session cache limiter - headers already sent...

also, if you know the URL of the file i want to protect...you can access it.

login.php
<table width="315" height="199" border="0">
<tr>
<td><form name="form1" method="post" action="check.php">
<table width="407" border="0">
<tr>
<td width="105">Username:</td>
<td width="194"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
</table>
<br>
<input type="submit" name="Submit" value="Login">
</form>
</td>
</tr>
</table>

check.php
<?php
$a_username = ""; // Admin username
$a_password = ""; //Admin password

if($username == $a_username && $password == $a_password){
session_start();
echo "Congratulations " . $_POST['username'] . "<br>You may now proceed to the <a href="admin.php">admin area</a>!";
}

else {
echo "Username " . $_POST['username'] . " or password " . $_POST['password'] . " is incorrect, please try again"; }
?>

admin.php
<?php
if(session_start()){ ?>
This is the admin area
Add content in this section
<?php
}
elseif(!session_start()){
echo "Not logged in, please log in";
}
?>

thx!!!
[/quote]


Hi,

Your session_start() must be the first thing sent in you php code otherwise you get the error that you stated.
This has to appear at the top of every php page wanting to use one of your session vars.

<?php
session_start();

// Rest of your code.

?>

When all else fails - Try reading the manual.

Integrated IT Systems Ltd


#3 miligraf

miligraf
  • Members
  • PipPipPip
  • Advanced Member
  • 74 posts

Posted 26 June 2006 - 05:57 PM

thanks, it works now. but if i know the exact URL where the admin.php is located, i can access it...its supposed to say: Not logged in, please log in. ive deleted cookies for this but i still can do it.

#4 legohead6

legohead6
  • Members
  • PipPipPip
  • Advanced Member
  • 434 posts

Posted 26 June 2006 - 06:31 PM

[!--quoteo(post=388148:date=Jun 26 2006, 12:57 PM:name=miligraf)--][div class=\'quotetop\']QUOTE(miligraf @ Jun 26 2006, 12:57 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
thanks, it works now. but if i know the exact URL where the admin.php is located, i can access it...its supposed to say: Not logged in, please log in. ive deleted cookies for this but i still can do it.
[/quote]
$var=$_SESSION['var'];
if($var != ''){

//rest of code
}else{

echo "Please Reloging";
}

"Syntax error" .. WHERE THE **** IS IT?!

#5 adamwhiles

adamwhiles
  • Members
  • PipPipPip
  • Advanced Member
  • 54 posts

Posted 26 June 2006 - 06:42 PM

I have a similiar script and I solved that problem a different way.

In my login function I added this to the successful login part:

session_register('$logged_in');
$_SESSION['logged_in'] = 1;

Then on my admin.php page I added this:

if(!isset($_SESSION['logged_in'])) {
echo "Sorry Please Login";
}
else {
echo "Success";
}

#6 miligraf

miligraf
  • Members
  • PipPipPip
  • Advanced Member
  • 74 posts

Posted 26 June 2006 - 07:17 PM

its half workin lol, i cant access the admin section if i know the URL but even if i login i cant access it.

is htaccess better than PHP to protect files?

#7 foreverhex

foreverhex
  • Members
  • PipPipPip
  • Advanced Member
  • 91 posts

Posted 26 June 2006 - 08:14 PM

[!--quoteo(post=388175:date=Jun 26 2006, 03:17 PM:name=miligraf)--][div class=\'quotetop\']QUOTE(miligraf @ Jun 26 2006, 03:17 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
its half workin lol, i cant access the admin section if i know the URL but even if i login i cant access it.

is htaccess better than PHP to protect files?
[/quote]

The best way I have found to protect files is mysql. If a file has an offball name such as 1423563467.php and only sql has an id number for it, sql can get to it way quicker than any bored "hacker". Also fill you files with if/else statements. Such as the ones legohead6 and adamwhiles provided.

The reason that you admin page isnt working depends on your validation method. I have just started getting into these script ideas myself. Are you using MySQL, txt file or cookie, something like that?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users