Jump to content

PHP sign in troubles

sandbudd

By sandbudd
in PHP Coding Help

Recommended Posts

sandbudd Regular Member

sandbudd

Posted
Posted

Hey guys I have a log in script that does populate the database correctly but after log in it is supposed to take you to the members page but defaults back to the log in page.  I checked the db and it does show me as administrator?  Any help would be great.  I will post both the log in and the members page.

 

log in page

<?php
error_reporting(E_ALL);

require_once ( 'settings.php' );

if ( array_key_exists ( '_submit_check', $_POST ) )
{
	if ( $_POST['username'] != '' && $_POST['password'] != '' )
	{
		$query = 'SELECT ID, Username, Active, Password FROM ' . DBPREFIX . 'users WHERE Username = ' . $db->qstr ( $_POST['username'] ) . ' AND Password = ' . $db->qstr ( md5 ( $_POST['password'] ) );

		if ( $db->RecordCount ( $query ) == 1 )
		{
			$row = $db->getRow ( $query );
			if ( $row->Active == 1 )
			{
				set_login_sessions ( $row->ID, $row->Password, ( $_POST['remember'] ) ? TRUE : FALSE );
				header ( "Location: " . REDIRECT_AFTER_LOGIN );
			}
			elseif ( $row->Active == 0 ) {
				$error = 'Your membership was not activated. Please open the email that we sent and click on the activation link.';
			}
			elseif ( $row->Active == 2 ) {
				$error = 'You are suspended!';
			}
		}
		else {		
			$error = 'Login failed!';		
		}
	}
	else {
		$error = 'Please use both your username and password to access your account';
	}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<link href="css/styles.css" rel="stylesheet" type="text/css" />

</head>

<body>

<div id="log">
<?php if ( isset( $error ) ) { echo '			<p class="error">' . $error . '</p>' . "\n";}?>
</div>
<div id="container" style="width:230px;">

	<form class="form" action="<?=$_SERVER['PHP_SELF']?>" method="post">

		<input type="hidden" name="_submit_check" value="1"/> 

		<div style="margin-top:12px; margin-bottom:10px">
			<img src="images/username.gif" alt="username" border="0" />
			<input class="input" type="text" name="username" id="username" size="25" maxlength="40" value="" />
		</div>
		<div style="margin-bottom:6px">
			<img src="images/password.gif" alt="password" border="0" />
			<input class="input" type="password" name="password" id="password" size="25" maxlength="32" />
		</div>
		<?php if ( ALLOW_REMEMBER_ME ):?>
		<div style="margin-bottom:6px">
			<input type="checkbox" name="remember" id="remember" />
			<label for="remember">Remember me</label>
		</div>
		<?php endif;?>
		<input type="image" name="Login" value="Login"  class="submit-btn" src="images/btn.gif" alt="submit" title="submit" />
		<br class="clear" />
		<a href="register.php">Register</a> / <a href="forgot_password.php">Password recovery?</a>

	</form>


</div>

</body>

</html>

 

members.php

 

<?php 
require_once('settings.php');
checkLogin('1 2');

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<link href="css/styles.css" rel="stylesheet" type="text/css" />
</head>

<body>

<div id="container" style="text-align:center;width:230px;">

<?php
echo 'Hello <em><b><u>' . get_username ( $_SESSION['user_id'] ) . '</u></b></em>!<br />You are now logged in.<br /><br /><a href="update_profile.php" title="update your profile">Click here</a> to update your profile.';

/* we show the manage users link only if the logged in member has admin rights */
if ( isadmin ( $_SESSION['user_id'] ) ):
?>
<br /><br />
It seems that you're an admin. You may <a href="manage_users.php" title="manage users">manage users</a> or <a href="admin_settings.php" title="edit site settings">edit site settings</a>.
<?php
endif;
?>
<br /><br />

<a href="logout.php">logout</a>

</div>

</body>

</html>

Link to comment
https://forums.phpfreaks.com/topic/132702-php-sign-in-troubles/
Share on other sites
sandbudd Regular Member

sandbudd

Posted
  • Author
Posted

settings.php

<?php
require ( 'lib/connection.php' );			
require ( 'functions.php' );				
define ( "HOSTNAME", "" );			
define ( "DATABASE", "" );				
define ( "DBUSER", "" );			
define ( "DBPASS", "" );			
define ( "DBPREFIX", "" );				
define ( "APPLICATION_URL", "http://www.sandbudd.com/login/" );
define ( "APPLICATION_FOLDER", "login" );		
define ( "REDIRECT_TO_LOGIN", "login.php" );		
define ( "REDIRECT_AFTER_LOGIN", "members.php" );	
define ( "REDIRECT_ON_LOGOUT", "login.php" );		
define ( "ADMIN_EMAIL", "[email protected]" );
define ( "KEEP_LOGGED_IN_FOR", 60*60*24*100 );		
define ( "COOKIE_PATH", "/" );				
define ( "DOMAIN_NAME", "www.sandbudd.com" );		
define ( "RUN_ON_DEVELOPMENT", TRUE );			
define ( "REDIRECT_AFTER_CONFIRMATION", TRUE );		
define ( "ALLOW_USERNAME_CHANGE", FALSE );		
define ( "ALLOW_REMEMBER_ME", TRUE );			



define ( "USE_SMTP", FALSE );				
define ( "SMTP_PORT", "" );				
define ( "SMTP_HOST", "" );		
define ( "SMTP_USER", "" );		
define ( "SMTP_PASS", "" );		
define ( "MAIL_IS_HTML", FALSE );			


if ( function_exists ( 'realpath' ) AND @realpath ( dirname (__FILE__) ) !== FALSE )
{
define ( "BASE_PATH", str_replace ( "\\", "/", realpath ( dirname(__FILE__) ) ) . '/' );
}


//how do we handle errors
error_reporting ( ( RUN_ON_DEVELOPMENT ) ? E_ALL : E_WARNING );
if ( file_exists ( BASE_PATH . 'install.php' ) )
{
die ( "Please delete install.php from your server before continuing!" );
}


$db = new db ( DBUSER, DBPASS, DATABASE, HOSTNAME );	
?>

Link to comment
https://forums.phpfreaks.com/topic/132702-php-sign-in-troubles/#findComment-690126
Share on other sites
sandbudd Regular Member

sandbudd

Posted
  • Author
Posted

functions.php

<?php

function checkLogin ( $levels )
{
	session_start ();
	global $db;
	$kt = split ( ' ', $levels );

	if ( ! $_SESSION['logged_in'] ) {

		$access = FALSE;

		if ( isset ( $_COOKIE['cookie_id'] ) ) {

			$query =  'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] );

			if ( $db->RecordCount ( $query ) == 1 ) {
				$row = $db->getRow ( $query );


				if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) {

					$_SESSION['user_id'] = $row->ID;				
					$_SESSION['logged_in'] = TRUE;


					if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {

						$access = TRUE;
					}
				}
			}
		}
	}
	else {			
		$access = FALSE;

		if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
			$access = TRUE;
		}
	}

	if ( $access == FALSE ) {
		header ( "Location: " . REDIRECT_TO_LOGIN );
	}		
}



function get_level_access ( $user_id )
{
	global $db;
	$row = $db->getRow ( 'SELECT Level_access FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $user_id ) );
	return $row->Level_access;
}



function logout ()
{

	session_start ();


	if ( $_SESSION['logged_in'] == TRUE )
	{	

		unset ( $_SESSION ); 

		session_destroy (); 
	}


	if ( isset ( $_COOKIE['cookie_id'] ) && isset ( $_COOKIE['authenticate'] ) ) {

		setcookie ( "cookie_id", '', time() - KEEP_LOGGED_IN_FOR, COOKIE_PATH );
		setcookie ( "authenticate", '', time() - KEEP_LOGGED_IN_FOR, COOKIE_PATH );
	}


	header ( "Location: " . REDIRECT_ON_LOGOUT );
}



function clear_cookies ()
{

	if ( isset( $_SERVER['HTTP_COOKIE'] ) ) {
		$cookies = explode ( ';', $_SERVER['HTTP_COOKIE'] );

		foreach ( $cookies as $cookie ) {
			$parts = explode ( '=', $cookie );
			$name = trim ( $parts [ 0 ] );
			setcookie ( $name, '', time() - KEEP_LOGGED_IN_FOR );
			setcookie ( $name, '', time() - KEEP_LOGGED_IN_FOR, '/' );
		}
	}
}


function set_login_sessions ( $user_id, $password, $remember )
{

	session_start();


	$_SESSION['user_id'] = $user_id;
	$_SESSION['logged_in'] = TRUE;


	if ( $remember ) {
		setcookie ( "cookie_id", $user_id, time() + KEEP_LOGGED_IN_FOR, COOKIE_PATH );
		setcookie ( "authenticate", md5 ( getIP () . $password . $_SERVER['USER_AGENT'] ), time() + KEEP_LOGGED_IN_FOR, COOKIE_PATH );
	}
}


function valid_email ( $str )
{
	return ( ! preg_match ( "/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str ) ) ? FALSE : TRUE;
}


function checkUnique ( $field, $compared )
{
	global $db;

	$query = $db->getRow ( "SELECT COUNT(*) as total FROM `" . DBPREFIX . "users` WHERE " . $field . " = " . $db->qstr ( $compared ) );

	if ( $query->total == 0 ) {
		return TRUE;
	}
	else {
		return FALSE;
	}
}


function numeric ( $str )
{
	return ( ! ereg ( "^[0-9\.]+$", $str ) ) ? FALSE : TRUE;
}


function alpha_numeric ( $str )
{
	return ( ! preg_match ( "/^([-a-z0-9])+$/i", $str ) ) ? FALSE : TRUE;
}


function random_string ( $type = 'alnum', $len = 8 )
{					
	switch ( $type )
	{
		case 'alnum'	:
		case 'numeric'	:
		case 'nozero'	:

				switch ($type)
				{
					case 'alnum'	:	$pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
						break;
					case 'numeric'	:	$pool = '0123456789';
						break;
					case 'nozero'	:	$pool = '123456789';
						break;
				}

				$str = '';
				for ( $i=0; $i < $len; $i++ )
				{
					$str .= substr ( $pool, mt_rand ( 0, strlen ( $pool ) -1 ), 1 );
				}
				return $str;
		break;
		case 'unique' : return md5 ( uniqid ( mt_rand () ) );
		break;
	}
}


function get_username ( $id )
{
	global $db;

	$query = "SELECT `Username` FROM `" . DBPREFIX . "users` WHERE `ID` = " . $db->qstr ( $id );

	if ( $db->RecordCount ( $query ) == 1 )
	{
		$row = $db->getRow ( $query );

		return $row->Username;
	}
	else {
		return FALSE;
	}
}


function isadmin ( $id )
{
	global $db;

	$query = "SELECT `Level_access` FROM `" . DBPREFIX . "users` WHERE `ID` = " . $db->qstr ( $id );

	if ( $db->RecordCount ( $query ) == 1 )
	{
		$row = $db->getRow ( $query );

		if ( $row->Level_access == 1 )
		{
			return TRUE;
		}
		else {
			return FALSE;
		}
	}
	else {
		return FALSE;
	}
}


function html2txt ( $document )
{
	$search = array("'<script[^>]*?>.*?</script>'si",	
			"'<[\/\!]*?[^<>]*?>'si",		
			"'([\r\n])[\s]+'",			
			"'@<![\s\S]*?–[ \t\n\r]*>@'",
			"'&(quot|#34|#034|#x22);'i",	
			"'&(amp|#38|#038|#x26);'i",		
			"'&(lt|#60|#060|#x3c);'i",
			"'&(gt|#62|#062|#x3e);'i",
			"'&(nbsp|#160|#xa0);'i",
			"'&(iexcl|#161);'i",
			"'&(cent|#162);'i",
			"'&(pound|#163);'i",
			"'&(copy|#169);'i",
			"'&(reg|#174);'i",
			"'&(deg|#176);'i",
			"'&(#39|#039|#x27);'",
			"'&(euro|#8364);'i",			
			"'&a(uml|UML);'",			
			"'&o(uml|UML);'",
			"'&u(uml|UML);'",
			"'&A(uml|UML);'",
			"'&O(uml|UML);'",
			"'&U(uml|UML);'",
			"'ß'i",
			);
	$replace = array(	"",
				"",
				" ",
				"\"",
				"&",
				"<",
				">",
				" ",
				chr(161),
				chr(162),
				chr(163),
				chr(169),
				chr(174),
				chr(176),
				chr(39),
				chr(128),
				"ä",
				"ö",
				"ü",
				"Ä",
				"Ö",
				"Ü",
				"ß",
			);

	$text = preg_replace($search,$replace,$document);

	return trim ( $text );
}


function send_email ( $subject, $to, $body )
{
	require ( BASE_PATH . "/lib/phpmailer/class.phpmailer.php" );

	$mail = new PHPMailer();


	if ( USE_SMTP ) {
		$mail->IsSMTP();
		$mail->SMTPAuth = true;
		$mail->Host = SMTP_HOST;
		$mail->Port = SMTP_PORT;
		$mail->Password = SMTP_PASS;
		$mail->Username = SMTP_USER;
	}

	$mail->From = ADMIN_EMAIL;
	$mail->FromName = DOMAIN_NAME;
	$mail->AddAddress( $to );
	$mail->AddReplyTo ( ADMIN_EMAIL, DOMAIN_NAME );
	$mail->Subject = $subject;
	$mail->Body = $body;
	$mail->WordWrap = 100;
	$mail->IsHTML ( MAIL_IS_HTML );
	$mail->AltBody  =  html2txt ( $body );

	if ( ! $mail->Send() ) {
		if ( RUN_ON_DEVELOPMENT ) {
			echo $mail->ErrorInfo;
		}
		return FALSE;
	}
	else {
		return TRUE;
	}
}


function ip_first ( $ips ) 
{
	if ( ( $pos = strpos ( $ips, ',' ) ) != false ) {
		return substr ( $ips, 0, $pos );
	} 
	else {
		return $ips;
	}
}



function ip_valid ( $ips )
{
	if ( isset( $ips ) ) {
		$ip    = ip_first ( $ips );
		$ipnum = ip2long ( $ip );
		if ( $ipnum !== -1 && $ipnum !== false && ( long2ip ( $ipnum ) === $ip ) ) {
			if ( ( $ipnum < 167772160   || $ipnum > 184549375 ) && 
			( $ipnum < - 1408237568 || $ipnum > - 1407188993 ) && 
			( $ipnum < - 1062731776 || $ipnum > - 1062666241 ) )   
			return true;
		}
	}
	return false;
}


function getIP () 
{
	$check = array(
			'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR',
			'HTTP_FORWARDED', 'HTTP_VIA', 'HTTP_X_COMING_FROM', 'HTTP_COMING_FROM',
			'HTTP_CLIENT_IP'
			);

	foreach ( $check as $c ) {
		if ( ip_valid ( &$_SERVER [ $c ] ) ) {
			return ip_first ( $_SERVER [ $c ] );
		}
	}

	return $_SERVER['REMOTE_ADDR'];
}



function sanitize ( $var, $santype = 3 )
{
	if ( $santype == 1 ) {
		return strip_tags ( $var );
	}
	if ( $santype == 2 ) {
		return htmlentities ( strip_tags ( $var ), ENT_QUOTES, 'UTF-8' );
	}
	if ( $santype == 3 ) {
		if ( ! get_magic_quotes_gpc () ) {
			return addslashes ( htmlentities ( strip_tags ( $var ), ENT_QUOTES, 'UTF-8' ) );
		}
		else {
		   return htmlentities ( strip_tags ( $var ), ENT_QUOTES, 'UTF-8' );
		}
	}
}
?>

Link to comment
https://forums.phpfreaks.com/topic/132702-php-sign-in-troubles/#findComment-690128
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.