Xtremer360 Posted December 2, 2008 Share Posted December 2, 2008 Okay here's my php script. The first part is the login and what it's supposed to do is check the username with the auth level it has in the DB and then if it's 1 then bring up the admin panel if it's a 2 then bring up user panel all in the same script. Also is there any problems with the script so far. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Backstage V1 Administration Console</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <?php include('backstage.css'); ?> </head> <body> <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); ob_start(); session_start(); $host="?"; // Host name $username="?"; // Mysql username $password="?"; // Mysql password $db_name="?"; // Database name $tbl_name="?"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $encrypted_mypassword=md5($mypassword); //MD5 // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'" or die(mysql_error()); $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $user = mysql_fetch_assoc($result); $_SESSION['user_id'] = $user['id']; header("location:welcome.php"); } else { echo "$sql"; echo "Wrong Username or Password<br><br>Return to <a href=\"login.php\">login</a>"; } ob_end_flush(); ?> <div id="login"> <center> <h1>KOW Backstage</h1><br> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <p>Username:</p> <input type="text" name="username" maxlength="40" size="40"> <br><br> <p>Password:</p> <input type="password" name="pass" maxlength="50" size="40"> <br><br> <input type="submit" name="login" value="Login >>"><br><br> </form> </center> </div> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/ Share on other sites More sharing options...
DeanWhitehouse Posted December 2, 2008 Share Posted December 2, 2008 We are not reading through it checking it, run it if you get a problem ask us how to fix it. Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704248 Share on other sites More sharing options...
Xtremer360 Posted December 2, 2008 Author Share Posted December 2, 2008 Well when I load the script as it is now it shows the actual login screen but with this above it: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 15 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 15 Notice: Undefined index: myusername in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 27 Notice: Undefined index: mypassword in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 28 SELECT * FROM users WHERE username='' and password='d41d8cd98f00b204e9800998ecf8427e'Wrong Username or Password Return to login Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704255 Share on other sites More sharing options...
DeanWhitehouse Posted December 2, 2008 Share Posted December 2, 2008 Put session start before any HTML or whitespace. Your post field names are incorrect. Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704256 Share on other sites More sharing options...
TEENFRONT Posted December 2, 2008 Share Posted December 2, 2008 You need to set your session vars before any echo/print etc is done to the browser. So do all your session setting at the top of your script, before anything else. The textbox names are incorrect...thats the notice errors. Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704257 Share on other sites More sharing options...
DeanWhitehouse Posted December 2, 2008 Share Posted December 2, 2008 I wouldnt worry about the notices, and they can be turned off. Dude shut up, why tell someone to ignore errors/notices, they are important or they wouldn't be shown. Learn to correct all errors and notices to make your code better and to help prevent errors. Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704260 Share on other sites More sharing options...
Xtremer360 Posted December 2, 2008 Author Share Posted December 2, 2008 Okay I went back through and did something different. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Backstage V1 Administration Console</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <?php include('backstage.css'); ?> </head> <?php require ('database.php'); //if the login form is submitted if(isset($_POST['login'])) { // makes sure they filled it in if(!$_POST['username'] || !$_POST['pass']) { die('You did not fill in a required field.'); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database.'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = md5(stripslashes($_POST['pass'])); $info['password'] = stripslashes($info['password']); //$_POST['pass'] = md5($_POST['pass']); THIS IS DONE IN THE ABOVE STATEMENT //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else // if login is ok then we add a cookie and send them to the correct page { $_POST['username'] = stripslashes($_POST['username']); session_start(); $_SESSION['username'] = $_POST['username']; $_SESSION['loggedin'] = time(); // Finds out the user type $query = "SELECT `type` FROM `users` WHERE `username` = '" . $username . "'"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($result); $authLevel = $row['type']; $_SESSION['authlevel'] = $authLevel; // Sends them to correct page after login if($authLevel == "1") { $page = "admin.php"; } else { $page = "backstage.php"; } header("Location: $page"); } } } else { // if they have not submitted the form ?> <body> <div id="login"> <center> <h1>KOW Backstage</h1><br> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <p>Username:</p> <input type="text" name="username" maxlength="40" size="40"> <br><br> <p>Password:</p> <input type="password" name="pass" maxlength="50" size="40"> <br><br> <input type="submit" name="login" value="Login >>"><br><br> </form> </center> </div> </body> </html> With this when I start the script it says: Parse error: syntax error, unexpected $end in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 90 Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704271 Share on other sites More sharing options...
DeanWhitehouse Posted December 2, 2008 Share Posted December 2, 2008 add <?php } ?> at the end of your script. Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704274 Share on other sites More sharing options...
Xtremer360 Posted December 2, 2008 Author Share Posted December 2, 2008 So far so good but when I put in my username and password and it worked right it brought this up in the next window: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 44 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 44 Warning: Cannot modify header information - headers already sent by (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 64 Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704287 Share on other sites More sharing options...
DeanWhitehouse Posted December 2, 2008 Share Posted December 2, 2008 You can't start sessions or send any headers after any HTML or whitespace. Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704293 Share on other sites More sharing options...
Xtremer360 Posted December 2, 2008 Author Share Posted December 2, 2008 I'm sorry can you say more on that? Are you talking about the header that redirects to the proper control panel? Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704299 Share on other sites More sharing options...
DeanWhitehouse Posted December 2, 2008 Share Posted December 2, 2008 Any headers Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704306 Share on other sites More sharing options...
TEENFRONT Posted December 3, 2008 Share Posted December 3, 2008 I wouldnt worry about the notices, and they can be turned off. Dude shut up, why tell someone to ignore errors/notices, they are important or they wouldn't be shown. Learn to correct all errors and notices to make your code better and to help prevent errors. "Dude" - i edited my post almost immediately. Actually before you posted your "Shut up" message. So hows about you check things before you post comments like that. And, they are only notices, not errors. so from a "i need to fix this now" perspective, id look at fixing the errors first and not worry too much about the notices. As per my original advice. Quote Link to comment https://forums.phpfreaks.com/topic/135214-solved-checking-authlevel-of-script/#findComment-704752 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.