emediastudios Posted January 5, 2009 Share Posted January 5, 2009 I wanted to have my script amended so that if session admin_id wasnt regitered it would direct them to the login.php file. Just a small "if" statement. <?php include_once('include/include.php'); if(!session_is_registered(admin_id)){ if($_GET[p] == ""){ $content .= "<a href='admin.php?p=upload_image'>Upload Photos</a><br>"; } else{ if(file_exists($_GET[p].'.php')) include($_GET[p].'.php'); } } else $content .= "You Must Be Logged In To Do That."; include('admin_layout.php'); ?> Quote Link to comment Share on other sites More sharing options...
btherl Posted January 5, 2009 Share Posted January 5, 2009 Does that code work? If not, what does it do? Quote Link to comment Share on other sites More sharing options...
emediastudios Posted January 5, 2009 Author Share Posted January 5, 2009 I think it maybe working, i just need to make a logout file to destroy the session. Have a better idea then. I close all the windows, but when i access the file again im straight in. Im still a newbe. Quote Link to comment Share on other sites More sharing options...
emediastudios Posted January 5, 2009 Author Share Posted January 5, 2009 I added a logout link <? session_start(); session_destroy(); header ("Location: login.php"); ?> When i run that file shouldnt the session be destroyed?, and be unable to open the admid file? I can still access the admin without logging in Quote Link to comment Share on other sites More sharing options...
emediastudios Posted January 5, 2009 Author Share Posted January 5, 2009 My code is now this. <?php include_once('include/include.php'); if(!session_is_registered(admin_id)){ if($_GET[p] == ""){ $content .= "<a href='admin.php?p=upload_image'>Upload Photos</a><br>"; $content .= "<a href='logout.php?p=logout'>Logout</a><br>"; } else{ if(file_exists($_GET[p].'.php')) include($_GET[p].'.php'); } } else if(session_is_registered(admin_id)){ $content .= "You must be logged in to do that"; } include('admin_layout.php'); ?> But i can still access the file without logging in first after logging out using the above logout script. My login script is this. #Form has been submitted? if((isset($_POST['login'])) AND ($_POST['login'] == 'Login')){ ob_start(); $host="localhost"; // Host name $username="root"; // Mysql username $password="*********"; // Mysql password $db_name="jimmy"; // Database name $tbl_name="admin"; // Table name #Check for blanks and clean data $errors_login = array(); #Initiate error variable if(empty($_POST['username'])) $errors_login[] = 'You must enter a username.'; else $clean['username'] = htmlspecialchars($_POST['username']); if(empty($_POST['password'])) $errors_login[] = 'You must enter a password.'; else $clean['password'] = htmlspecialchars($_POST['password']); //verify password... $get_pass = mysql_query("SELECT * FROM `admin` WHERE password = '".$_POST['password']."'"); $q = ($get_pass); if(!$q) { $errors_login[] = 'Wrong password.'; } //verify user... $get_user = mysql_query("SELECT * FROM `admin` WHERE username = '".$_POST['username']."' "); $q = ($get_user); if(!$q) { $errors_login[] = 'Wrong username.'; } //check that username is only letters or numbers if (! preg_match('/^[a-zA-Z0-9]+$/i', $_POST['username'])){ $errors_login[]= "Your username must be <i><b>ONLY</b></i> letters or numbers."; } //check that password is only letters or numbers if (! preg_match('/^[a-zA-Z0-9]+$/i', $_POST['password'])){ $errors_login[]= "Your password must be <i><b>ONLY</b></i> letters or numbers."; } // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $username and $password $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT admin_id FROM $tbl_name WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file "templates.php" session_register("username"); session_register("password"); session_register("admin_id"); header("Location: admin.php"); } else { ob_end_flush(); } } ?> Quote Link to comment Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 Hey, I like session is registered, but you could also simply use isset to check the $_SESSION. I straightened up the code a bit too. <?php include_once('include/include.php'); if(isset($_SESSION['admin_id'])) // YOU NEED THE SESSION IN ORDER TO PROCEED. { if($_GET[p] == ""){ $content .= "<a href='admin.php?p=upload_image'>Upload Photos</a><br>"; } else { if(file_exists($_GET[p].'.php')) { include($_GET[p].'.php'); } } } else { $content .= "You Must Be Logged In To Do That."; include('admin_layout.php'); } Now the code that sets the $_SESSION. Could you pass that on to the forum? Quote Link to comment Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 On the login page. Add just below "<?php" session_start(); I would register your sessions with $_SESSION = $fieldname; Quote Link to comment Share on other sites More sharing options...
emediastudios Posted January 5, 2009 Author Share Posted January 5, 2009 I dont know what im doing wrong, i used your script but now it just freezes when i login. This is what i have. Login page. <?php require_once('include/include.php'); session_start(); #Form has been submitted? if((isset($_POST['login'])) AND ($_POST['login'] == 'Login')){ ob_start(); $host="localhost"; // Host name $username="root"; // Mysql username $password="5050888202"; // Mysql password $db_name="jimmy"; // Database name $tbl_name="admin"; // Table name #Check for blanks and clean data $errors_login = array(); #Initiate error variable if(empty($_POST['username'])) $errors_login[] = 'You must enter a username.'; else $clean['username'] = htmlspecialchars($_POST['username']); if(empty($_POST['password'])) $errors_login[] = 'You must enter a password.'; else $clean['password'] = htmlspecialchars($_POST['password']); //verify password... $get_pass = mysql_query("SELECT * FROM `admin` WHERE password = '".$_POST['password']."'"); $q = ($get_pass); if(!$q) { $errors_login[] = 'Wrong password.'; } //verify user... $get_user = mysql_query("SELECT * FROM `admin` WHERE username = '".$_POST['username']."' "); $q = ($get_user); if(!$q) { $errors_login[] = 'Wrong username.'; } //check that username is only letters or numbers if (! preg_match('/^[a-zA-Z0-9]+$/i', $_POST['username'])){ $errors_login[]= "Your username must be <i><b>ONLY</b></i> letters or numbers."; } //check that password is only letters or numbers if (! preg_match('/^[a-zA-Z0-9]+$/i', $_POST['password'])){ $errors_login[]= "Your password must be <i><b>ONLY</b></i> letters or numbers."; } // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $username and $password $username=$_POST['username']; $password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT admin_id FROM $tbl_name WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file session_register("username"); session_register("password"); session_register("admin_id"); header("Location: admin.php"); } else { ob_end_flush(); } } ?> Admin Page. <?php include_once('include/include.php'); if(isset($_SESSION['admin_id'])) // YOU NEED THE SESSION IN ORDER TO PROCEED. { if($_GET[p] == ""){ $content .= "<a href='admin.php?p=upload_image'>Upload Photos</a><br>"; $content .= "<a href='logout.php?p=logout'>Logout</a><br>"; } else { if(file_exists($_GET[p].'.php')) { include($_GET[p].'.php'); } } } else { $content .= "You Must Be Logged In To Do That."; include('admin_layout.php'); } ?> Thanks for all your help Quote Link to comment Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 session_start(); should be the first thing after <?php. Quote Link to comment Share on other sites More sharing options...
emediastudios Posted January 5, 2009 Author Share Posted January 5, 2009 If i have this at the top of my login.php session_start(); $_SESSION = $password; Apache crashes what about this code in the file if($count==1){ // Register $username, $password and redirect to file session_register("username"); session_register("password"); session_register("admin_id"); header("Location: admin.php"); Quote Link to comment Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 You said Apache crashes....what is the error on screen? Quote Link to comment Share on other sites More sharing options...
trq Posted January 5, 2009 Share Posted January 5, 2009 session_is_registered and session_register have both long been depricated. If your learning from a book or some other resource Id'e suggest finding something more up to date. Quote Link to comment Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 That's what I thought, I just hadn't bothered to look it up. Change these: session_register("username"); session_register("password"); session_register("admin_id"); to $_SESSION = $_POST['username']; $_SESSION = $_POST['password']; $_SESSION = $_POST['admin_id']; Quote Link to comment Share on other sites More sharing options...
trq Posted January 5, 2009 Share Posted January 5, 2009 That's what I thought, I just hadn't bothered to look it up. Change these: session_register("username"); session_register("password"); session_register("admin_id"); to $_SESSION = $_POST['username']; $_SESSION = $_POST['password']; $_SESSION = $_POST['admin_id']; That should be.... $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; $_SESSION['admin_id'] = $_POST['admin_id']; though I'm not sure you really need to be storing any passwords within the $_SESSION array. Quote Link to comment Share on other sites More sharing options...
bubbasheeko Posted January 5, 2009 Share Posted January 5, 2009 LOL..omg I am getting tired that I did that. Thanks Thorpe! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.