emediastudios Posted January 5, 2009 Share Posted January 5, 2009 I wanted to have my script amended so that if session admin_id wasnt regitered it would direct them to the login.php file. Just a small "if" statement. <?php include_once('include/include.php'); if(!session_is_registered(admin_id)){ if($_GET[p] == ""){ $content .= "<a href='admin.php?p=upload_image'>Upload Photos</a><br>"; } else{ if(file_exists($_GET[p].'.php')) include($_GET[p].'.php'); } } else $content .= "You Must Be Logged In To Do That."; include('admin_layout.php'); ?> Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/ Share on other sites More sharing options...
btherl Posted January 5, 2009 Share Posted January 5, 2009 Does that code work? If not, what does it do? Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729627 Share on other sites More sharing options...
emediastudios Posted January 5, 2009 Author Share Posted January 5, 2009 I think it maybe working, i just need to make a logout file to destroy the session. Have a better idea then. I close all the windows, but when i access the file again im straight in. Im still a newbe. Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729635 Share on other sites More sharing options...
emediastudios Posted January 5, 2009 Author Share Posted January 5, 2009 I added a logout link <? session_start(); session_destroy(); header ("Location: login.php"); ?> When i run that file shouldnt the session be destroyed?, and be unable to open the admid file? I can still access the admin without logging in Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729639 Share on other sites More sharing options...
emediastudios Posted January 5, 2009 Author Share Posted January 5, 2009 My code is now this. <?php include_once('include/include.php'); if(!session_is_registered(admin_id)){ if($_GET[p] == ""){ $content .= "<a href='admin.php?p=upload_image'>Upload Photos</a><br>"; $content .= "<a href='logout.php?p=logout'>Logout</a><br>"; } else{ if(file_exists($_GET[p].'.php')) include($_GET[p].'.php'); } } else if(session_is_registered(admin_id)){ $content .= "You must be logged in to do that"; } include('admin_layout.php'); ?> But i can still access the file without logging in first after logging out using the above logout script. My login script is this. #Form has been submitted? if((isset($_POST['login'])) AND ($_POST['login'] == 'Login')){ ob_start(); $host="localhost"; // Host name $username="root"; // Mysql username $password="*********"; // Mysql password $db_name="jimmy"; // Database name $tbl_name="admin"; // Table name #Check for blanks and clean data $errors_login = array(); #Initiate error variable if(empty($_POST['username'])) $errors_login[] = 'You must enter a username.'; else $clean['username'] = htmlspecialchars($_POST['username']); if(empty($_POST['password'])) $errors_login[] = 'You must enter a password.'; else $clean['password'] = htmlspecialchars($_POST['password']); //verify password... $get_pass = mysql_query("SELECT * FROM `admin` WHERE password = '".$_POST['password']."'"); $q = ($get_pass); if(!$q) { $errors_login[] = 'Wrong password.'; } //verify user... $get_user = mysql_query("SELECT * FROM `admin` WHERE username = '".$_POST['username']."' "); $q = ($get_user); if(!$q) { $errors_login[] = 'Wrong username.'; } //check that username is only letters or numbers if (! preg_match('/^[a-zA-Z0-9]+$/i', $_POST['username'])){ $errors_login[]= "Your username must be <i><b>ONLY</b></i> letters or numbers."; } //check that password is only letters or numbers if (! preg_match('/^[a-zA-Z0-9]+$/i', $_POST['password'])){ $errors_login[]= "Your password must be <i><b>ONLY</b></i> letters or numbers."; } // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $username and $password $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT admin_id FROM $tbl_name WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file "templates.php" session_register("username"); session_register("password"); session_register("admin_id"); header("Location: admin.php"); } else { ob_end_flush(); } } ?> Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729644 Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 Hey, I like session is registered, but you could also simply use isset to check the $_SESSION. I straightened up the code a bit too. <?php include_once('include/include.php'); if(isset($_SESSION['admin_id'])) // YOU NEED THE SESSION IN ORDER TO PROCEED. { if($_GET[p] == ""){ $content .= "<a href='admin.php?p=upload_image'>Upload Photos</a><br>"; } else { if(file_exists($_GET[p].'.php')) { include($_GET[p].'.php'); } } } else { $content .= "You Must Be Logged In To Do That."; include('admin_layout.php'); } Now the code that sets the $_SESSION. Could you pass that on to the forum? Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729645 Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 On the login page. Add just below "<?php" session_start(); I would register your sessions with $_SESSION = $fieldname; Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729646 Share on other sites More sharing options...
emediastudios Posted January 5, 2009 Author Share Posted January 5, 2009 I dont know what im doing wrong, i used your script but now it just freezes when i login. This is what i have. Login page. <?php require_once('include/include.php'); session_start(); #Form has been submitted? if((isset($_POST['login'])) AND ($_POST['login'] == 'Login')){ ob_start(); $host="localhost"; // Host name $username="root"; // Mysql username $password="5050888202"; // Mysql password $db_name="jimmy"; // Database name $tbl_name="admin"; // Table name #Check for blanks and clean data $errors_login = array(); #Initiate error variable if(empty($_POST['username'])) $errors_login[] = 'You must enter a username.'; else $clean['username'] = htmlspecialchars($_POST['username']); if(empty($_POST['password'])) $errors_login[] = 'You must enter a password.'; else $clean['password'] = htmlspecialchars($_POST['password']); //verify password... $get_pass = mysql_query("SELECT * FROM `admin` WHERE password = '".$_POST['password']."'"); $q = ($get_pass); if(!$q) { $errors_login[] = 'Wrong password.'; } //verify user... $get_user = mysql_query("SELECT * FROM `admin` WHERE username = '".$_POST['username']."' "); $q = ($get_user); if(!$q) { $errors_login[] = 'Wrong username.'; } //check that username is only letters or numbers if (! preg_match('/^[a-zA-Z0-9]+$/i', $_POST['username'])){ $errors_login[]= "Your username must be <i><b>ONLY</b></i> letters or numbers."; } //check that password is only letters or numbers if (! preg_match('/^[a-zA-Z0-9]+$/i', $_POST['password'])){ $errors_login[]= "Your password must be <i><b>ONLY</b></i> letters or numbers."; } // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $username and $password $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT admin_id FROM $tbl_name WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file session_register("username"); session_register("password"); session_register("admin_id"); header("Location: admin.php"); } else { ob_end_flush(); } } ?> Admin Page. <?php include_once('include/include.php'); if(isset($_SESSION['admin_id'])) // YOU NEED THE SESSION IN ORDER TO PROCEED. { if($_GET[p] == ""){ $content .= "<a href='admin.php?p=upload_image'>Upload Photos</a><br>"; $content .= "<a href='logout.php?p=logout'>Logout</a><br>"; } else { if(file_exists($_GET[p].'.php')) { include($_GET[p].'.php'); } } } else { $content .= "You Must Be Logged In To Do That."; include('admin_layout.php'); } ?> Thanks for all your help Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729663 Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 session_start(); should be the first thing after <?php. Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729666 Share on other sites More sharing options...
emediastudios Posted January 5, 2009 Author Share Posted January 5, 2009 If i have this at the top of my login.php session_start(); $_SESSION = $password; Apache crashes what about this code in the file if($count==1){ // Register $username, $password and redirect to file session_register("username"); session_register("password"); session_register("admin_id"); header("Location: admin.php"); Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729669 Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 You said Apache crashes....what is the error on screen? Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729688 Share on other sites More sharing options...
trq Posted January 5, 2009 Share Posted January 5, 2009 session_is_registered and session_register have both long been depricated. If your learning from a book or some other resource Id'e suggest finding something more up to date. Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729690 Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 That's what I thought, I just hadn't bothered to look it up. Change these: session_register("username"); session_register("password"); session_register("admin_id"); to $_SESSION = $_POST['username']; $_SESSION = $_POST['password']; $_SESSION = $_POST['admin_id']; Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729696 Share on other sites More sharing options...
trq Posted January 5, 2009 Share Posted January 5, 2009 That's what I thought, I just hadn't bothered to look it up. Change these: session_register("username"); session_register("password"); session_register("admin_id"); to $_SESSION = $_POST['username']; $_SESSION = $_POST['password']; $_SESSION = $_POST['admin_id']; That should be.... $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; $_SESSION['admin_id'] = $_POST['admin_id']; though I'm not sure you really need to be storing any passwords within the $_SESSION array. Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729701 Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 LOL..omg I am getting tired that I did that. Thanks Thorpe! Link to comment https://forums.phpfreaks.com/topic/139480-solved-simple-if-ession-registered-edit/#findComment-729711 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.