php redirect and login

[eracha]

hi guys,

 

I am quite new to php having a problem here which may sound very simple to everyone but has taken me hostage for the past few days.

 

I recently added a login application for my website and then only added a code to all my webpages to redirect all users to the login page.

But then I realised I could not navigate the pages because each time I opened a page I was redirected to the login page without checking if I am logged in or not, and when I logged in, it took me to the very first page and not the one I requested.

 

I will higly appreciate any help on how handle this. I am dummy and finding really had to figure this out.

 

Thanks.

[gaza165]

posting some code would be helpful to give us an idea of the setup.

 

remember to use code tags....

[balistic]

if not logged in

set redirect value as area requested

attempt login

if login has the redirect value go to it,

else go to default location

[eracha]

thanks guys:

 

here is the redirect code I have at the top of all my pages which just directs all request to the login in page:

 

<?php

  header("Location: myloginpage.php");

?>

 

Now I googled around and found this code below which looks quite promising to replace the one above and resolve my problem, but the point is I do not know how or where in my login application to add the function which takes care of this, and so I can't even twick the code to fit my need. I will appreciate any help guys.

 

if ($num_rows > 0) {

session_start();

$_SESSION['login'] = "1";

header ("Location: myloginpage.php");

}

else {

$errorMessage = "Invalid Login";

session_start();

$_SESSION['login'] = '';

}

 

 

Thanks

[revraz]

That would go into a login script.

 

If a match is found in your DB to the entered credentials, it starts and sets a session variable and then moves you to another page, which should also check that same session variable to validate that the user is still logged in.

 

You only need 1 session_start though at the top of your code, no need to do two like they have it.

[eracha]

What I read on the page is that this one should be at the top of my webpages:

 

if ($num_rows > 0) {

session_start();

$_SESSION['login'] = "1";

header ("Location: myloginpage.php");

}

else {

$errorMessage = "Invalid Login";

session_start();

$_SESSION['login'] = '';

}

 

 

 

here is my login script I:

 

---

function run()

  {

 

      $credentials = array();

 

 

      // Get the user supplied credentials

      $credentials[LOGIN_ID_FIELD]  = getUserField('loginid');

      $credentials['password']      = getUserField('password');

 

      $referer = getUserField('referer');

     

      if($referer == 'home_client_login' ||

      $referer == 'home_client_post_jobs' ||

      $referer == 'home_client_search_resume')

      {

        // Create a new Client object with the credentials

        $thisUser = new Client($credentials);

      }

      else  if($referer == 'home_candidate_login')

      {

     

      $thisUser = new Candidate($credentials);

      }

      else

      {

        // Create a new user object with the credentials

        $thisUser = new User($credentials);

      }

      // Authenticate the user

      $ok = $thisUser->authenticate();

 

      // If successful (i.e. user supplied valid credentials)

      // show user home

     

      if ($ok)

      {

         

          $thisUser->goHome();

      }

      // User supplied invalid credentials so show login form

      // again

      else

      {

           

          //echo '<script>alert(2)</script>';

          $data = array();

          $data = array_merge($_REQUEST, $data);

          $data['referer'] = $referer;

          echo createPage(LOGIN_TEMPLATE, $data);

      }

 

      return true;

  }

} // End class

 

---

 

What exactly should I  change or add  to it so as to match the one above which is meant for the web pages since I guess the $num_rows and login should be declared some where?

 

Thanks

[revraz]

That's not quite correct.  This is meant to go after you do your DB Query to validate a user.

 

What I read on the page is that this one should be at the top of my webpages:

 

if ($num_rows > 0) {

session_start();

$_SESSION['login'] = "1";

header ("Location: myloginpage.php");

}

else {

$errorMessage = "Invalid Login";

session_start();

$_SESSION['login'] = '';

}

 

 

 

[What exactly should I  change or add  to it so as to match the one above which is meant for the web pages since I guess the $num_rows and login should be declared some where?

 

Thanks

[eracha]

So how then do I solve the problem. Any help please?

[eracha]

hi guys,

I am kind of like stuck with this. I will appreciate any tips on how to move on please help. I posted my login script so you could have a look at it.

 

Thanks

[revraz]

Where is your authenticate function?

[eracha]

hi revraz,

 

that's all and the main script I have in the login file. where is the authentication function suppose to be ?

 

[eracha]

can anyone please tell me what this script does. Thanks

 

     if ($ok)
      		{
            $thisUser->loadFromSession();
            $userName  = getFromSession('user_name');
            
            $filterClause   = " AND user_name like '$userName'";
		      $info['table']  = CANDIDATE_TBL;
          $info['where']  = '1 '.$filterClause;
          $info['debug']  = false;
                   
          $candidateOtherData = select($info);	
          
          $candidateId    	  = $candidateOtherData[0]->resume_id;
		   $fname    	  = $candidateOtherData[0]->fname;
		    $lname    	  = $candidateOtherData[0]->lname;
          $name = $fname; 
		  
		  $data["name"] = $name;
          
          unset($info);
          unset($filterClause);
          
          $filterClause   = "1 AND resume_id = $candidateId";
		          
          
            $data['password']             = getUserField('pword');    			
            
            if($data['password'] == '' or $data['password'] == NULL){
            $data['password']=getFromSession('pass');
          }
          unset($info);
          unset($filterClause);
          
      	    $data['username']=getFromSession('user_name');
      	    
      	 	  $cm = getUserField('cm');

      	  else{  
      	  	$userType = NULL;
         		resetSessionKey('user_type');
         		insertIntoSession('user_type', $userType);
			$msg1 = 's';
      	  $thisUser->goLogin($msg1);
        	}
         }
 	 else if($home != 'yes')
      	 {
      	    if (!$thisUser->isAuthenticated()){
      	    	 $userType = NULL;
         		   resetSessionKey('user_type');
         		  insertIntoSession('user_type', $userType);
      	       $thisUser->goLogin();
      	       
      	      }
            
      	   
      	    $thisUser->loadFromSession();
         }
         else
         {
            $userType = null;
            resetSessionKey('user_type');
            insertIntoSession('user_type', $userType);
         }   
      	 $template = getHomeTemplate($userType);
      	 $data = array();
      	 $contents = null;
         if($home == 'yes') 
         {

 

I want to use it with the script below in allowing users who are logged in to navigate my website or be redirected tot he login page if they are not signed in.

 

   1.  session_start();
   2.  if(isset($_SESSION['$userName'])) {
   3. # //user logged in
   4.  header("Location: thepageIwanttosee.php");
   5.  } else {
   6.  header("Location: myloginpage.php");
   7.  }

 

thanks

[redarrow]

$fname not username m8.

[eracha]

thanks.

I have changed and still didn't work. When I request the intended page, it takes me directly to the login page, and does not return me to the intended page. Does it matter if my login file, session authentication file and my web pages are all in different directories?.

 

Cheers mate

[grandman]

Hello,

 

This seems a little disjointed. Do you have a DB, and do they register, if not what do the log-in with (userName and PassWord, were does that come from?

 

It seems you have part of a sql query, and part of a log-in file and some other code, none of which seems to be linked in anyway.

 

If you've taken this code from a page somewhere go back and check you have it all...

 

DG

[eracha]

hi,

 

you are right! It's a whole complete login application which I have added to my website. Users do register and login, just that there are problems navigating the website. You are being sent tot he login page each time to request a new page, due to this script I added to the pages:

 

1.  session_start();
   2.  if(isset($_SESSION['$userName'])) {
   3. # //user logged in
   4.  header("Location: thepageIwanttosee.php");
   5.  } else {
   6.  header("Location: myloginpage.php");
   7.  }

 

It seems some how not consistent with the application and this is really freaking me out, given my limited php knowledge. I am willing to pay $20 to any one who helps figure this out for me.

 

thanks

[grandman]

hello,

 

I'm like you just starting php, I find the best two ways of learning are:

 

A Book, I use "Sitepoint" Build your Own Database Driven Website.

 

Then Down load scripts and dissect them. I used this as my module for a members area script:

 

http://www.dwalker.co.uk/phpautomembersarea/

 

It lacks a few of the finer points, but should point you (I think) in the right direction.

 

As for your own problem, I don't think you want that on every page, it look like a redirect script, and that means there are only two pages you can go to.

 

that should be called from the login page, then try something like:

 

<?php

if ( $_SESSION['logged_in'] ):

?>

PAGE CONTENT HERE

<?php

endif;

?>

 

The SESSIONS FUNCTION this may ensure that only logged in visitors will see the content on the page. If not exactly this, something like this....

 

DG

[revraz]

I would dump all of that code and just make a very simple login script.

 

[grandman]

hello, this looks good for tuition in creating a login script:

http://www.roscripts.com/PHP_login_script-143.html

 

DG