topflight Posted January 8, 2009 Share Posted January 8, 2009 I have made a successful login scrip, everything works really well. My only problem is that my login script is suppose to display on every page. Once the user log in they get user access and the cookie is set. My log in content is on the right hand side of my site. So once the users logs in the log in box expands and the user have special accesses (i.e change profile, logout etc...). Well when I create my other pages I still want to have the all the login privileges their. Which is not working, the cookie is still set but it still ask the user to type the PW again and username. Is their anyway it will not do that unless the user is loged out. Remember this only happens when the user go to a different page. And my log in script is all in one file even the actual login form. So once again I need help trying to set the login scipt to be loged in on every page the cookie is still set but it is not showing the user the user acesses. (i.e the users logs in on index.php page. When the user click contact us it should still show the user options to the right and not the login box). This is my code: <?php if(isset($_POST['user'])) { //Include Config File For DB info.. include 'db.php'; //Connect TO The MySQL Server $connect = mysql_connect($db_host,$db_username,$db_password) or die("MySQL Said:".mysql_error()); $database = mysql_select_db($db_database,$connect) or die("MySQl Said:".mysql_error()); $login = mysql_real_escape_string($_POST['user']); $pwd = mysql_real_escape_string($_POST['pwd']); $link = mysql_query("SELECT * FROM `pilots` where login='$login' and pwd='$pwd'") or die("MySQL Said:".mysql_error()); $count = mysql_num_rows($link); $data = mysql_fetch_assoc($link); $lname = $data["lname"]; $hub = $data["hub"]; $pwd = $data["pwd"]; $fname = $data["fname"]; if($count == 1) { if($data['status'] == 0) { echo '<center>Your Account Is Not Active.</center>'; } else { if($data['status'] == 2) { echo '<center><FONT COLOR =ff001b>Your Account Has Been Suspended.</center></FONT COLOR>';?> <center><a href="logout.php">Log Out</a></br></center> <?php } else { if($data['status'] == 3) { echo '<center>You Are Currently On L.O.A</center>';?> <a href="rfileloa.php?login=<? echo "{$data["login"]}"?>">Return From L.O.A</a></br><?php } else { setcookie("login",$login); setcookie("lname",$lname); setcookie("hub",$hub); setcookie("pwd",$pwd); setcookie("fname",$fname);?> <body link="#0066FF" vlink="#0066FF" alink="#0066FF"> <center> <h7><i><b>Pilots Panel</b></i></h7></br> <a href="filepirep.php?lname=<? echo "{$data["lname"]}"?>">File Pirep</a></br> <a href="fileloa.php?login=<? echo "{$data["login"]}"?>">File LOA</a></br> <a href="sigs.php">Signatures</a></br> <A HREF="profile.php?login=<? echo "{$data["login"]}"?> ">My Profile</a></br> <a href="editp.php?login=<? echo "{$data["login"]}"?>">Edit My Profile</a></br> <a href="#">Events</a></br> <a href="roster.php">VIew Roster</a></br> <a href="#"><font color="#FF0000">Resignation Form</font Color></br> <a href="logout.php">Log Out</a></br> <br> <h7><i><b>Pilots Tools</b></i></h7></br> <a href="http://www.fspassengers.com/"> FS Passengers</a></br> </center> <?php if($data['hm'] == 1) {?> <center> <h7><i><b>Hub Manager Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a></br> <a href="awards.php">Grant Award</a></br> </center> <?php } if($data['fm'] == 1) {?> <center> <h7><i><b>Fleet Manager Panel</b></i></h7></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="manageaircraft.php">Manage Aircraft</a> </center> <?php } if($data['ed'] == 1) {?> <center> <h7><i><b>Events Director Panel</b></i></h7></br> <a href="addevent.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a></br> </center> <?php } if($data['hr'] == 1) { ?> <center> <h7><i><b>Human Rescources Panel</b></i></h7></br> <a href="newpilots.php">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } if($data['bm'] == 1) {?> <center> <h7><i><b>Executive Staff Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a></br> <a href="awards.php">Grant Award</a></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="addstaffmember.php">Grant Staff Acesses</a></br> <a href="revokestaffmember.php">Revoke Staff Acesses</a></br> <a href="manageaircraft.php">Manage Aircraft</a></br> <a href="addevents.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a></br> <a href="pilotrec.php">Pilot Records</a></br> <a href="newpilots.php?staffid=<? echo "{$data["login"]}"?>">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } } } } } else {?> <script>javascript:alert("Log In Failed!")</script> <?php echo '<center><FONT COLOR =ff001b> Your <i>Pilot ID And/Or Password</i> is wrong!</center></FONT COLOR>';?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action="<? $_SERVER['PHP_SELF']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="user" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <? }?> <?php } else {?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action="<? $_SERVER['PHP_SELF']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="user" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <?php } ?> Thanks in advanced! Quote Link to comment Share on other sites More sharing options...
btherl Posted January 8, 2009 Share Posted January 8, 2009 Putting the password in a cookie is not a great idea. But the simplest way to fix all of this is to use sessions. A session contains trusted data (in the sense that only data you put there will be there), meaning you can simply store username and a flag saying the user has logged in, and that's enough. Quote Link to comment Share on other sites More sharing options...
topflight Posted January 8, 2009 Author Share Posted January 8, 2009 I am not really good with sessions may you please tell me how to put that information in sessions? Quote Link to comment Share on other sites More sharing options...
topflight Posted January 8, 2009 Author Share Posted January 8, 2009 Any other suggestions Quote Link to comment Share on other sites More sharing options...
topflight Posted January 8, 2009 Author Share Posted January 8, 2009 So how would use sessions to do this? Quote Link to comment Share on other sites More sharing options...
Rushyo Posted January 8, 2009 Share Posted January 8, 2009 http://uk.php.net/manual/en/session.examples.basic.php A session is like a cookie, but it isn't stored on the user's computer so it is more secure. $_SESSION['loggedin'] = true; //Set logged in to true here if($_SESSION['loggedin'] == true) { //Do logged in stuff here } Quote Link to comment Share on other sites More sharing options...
topflight Posted January 8, 2009 Author Share Posted January 8, 2009 ok where should I put that and how will I make the login true? Like what variables will be for logged in ture? Quote Link to comment Share on other sites More sharing options...
timmah1 Posted January 8, 2009 Share Posted January 8, 2009 from this <?php setcookie("login",$login); setcookie("lname",$lname); setcookie("hub",$hub); setcookie("pwd",$pwd); setcookie("fname",$fname); ?> to this <?php $_SESSION['SESS_LOGGEDIN'] = 1; $_SESSION['SESS_LNAME'] = $lname; $_SESSION['SESS_HUB'] = $hub; $_SESSION['SESS_PWD'] = $pwd; $_SESSION['SESS_FNAME'] = $fname; ?> Quote Link to comment Share on other sites More sharing options...
topflight Posted January 8, 2009 Author Share Posted January 8, 2009 now in order to fox the login problem I am having do I need to rewrite the login script? Quote Link to comment Share on other sites More sharing options...
timmah1 Posted January 8, 2009 Share Posted January 8, 2009 Why would you re-write it? Replace your "cookie" settings with the Session variables above and then like Rushyo showed you if($_SESSION['loggedin'] == true) { //Do logged in stuff here } Quote Link to comment Share on other sites More sharing options...
topflight Posted January 8, 2009 Author Share Posted January 8, 2009 I am confused on where to put it may somebody please look at my code and tell me where it should go for what I am trying to do thanks. Quote Link to comment Share on other sites More sharing options...
timmah1 Posted January 9, 2009 Share Posted January 9, 2009 Your login script <?php session_start(); if(isset($_POST['user'])) { //Include Config File For DB info.. include 'db.php'; //Connect TO The MySQL Server $connect = mysql_connect($db_host,$db_username,$db_password) or die("MySQL Said:".mysql_error()); $database = mysql_select_db($db_database,$connect) or die("MySQl Said:".mysql_error()); $login = mysql_real_escape_string($_POST['user']); $pwd = mysql_real_escape_string($_POST['pwd']); $link = mysql_query("SELECT * FROM `pilots` where login='$login' and pwd='$pwd'") or die("MySQL Said:".mysql_error()); $count = mysql_num_rows($link); $data = mysql_fetch_assoc($link); $lname = $data["lname"]; $hub = $data["hub"]; $pwd = $data["pwd"]; $fname = $data["fname"]; if($count == 1) { if($data['status'] == 0) { echo '<center>Your Account Is Not Active.</center>'; } else { if($data['status'] == 2) { echo '<center><FONT COLOR =ff001b>Your Account Has Been Suspended.</center></FONT COLOR>';?> <center><a href="logout.php">Log Out</a></br></center> <?php } else { if($data['status'] == 3) { echo '<center>You Are Currently On L.O.A</center>';?> <a href="rfileloa.php?login=<? echo "{$data["login"]}"?>">Return From L.O.A</a></br><?php } else { $_SESSION['SESS_LOGGEDIN'] = 1; $_SESSION['SESS_LNAME'] = $lname; $_SESSION['SESS_HUB'] = $hub; $_SESSION['SESS_PWD'] = $pwd; $_SESSION['SESS_FNAME'] = $fname; ?> <body link="#0066FF" vlink="#0066FF" alink="#0066FF"> <center> <h7><i><b>Pilots Panel</b></i></h7></br> <a href="filepirep.php?lname=<? echo "{$data["lname"]}"?>">File Pirep</a></br> <a href="fileloa.php?login=<? echo "{$data["login"]}"?>">File LOA</a></br> <a href="sigs.php">Signatures</a></br> <A HREF="profile.php?login=<? echo "{$data["login"]}"?> ">My Profile</a></br> <a href="editp.php?login=<? echo "{$data["login"]}"?>">Edit My Profile</a></br> <a href="#">Events</a></br> <a href="roster.php">VIew Roster</a></br> <a href="#"><font color="#FF0000">Resignation Form</font Color></br> <a href="logout.php">Log Out</a></br> <br> <h7><i><b>Pilots Tools</b></i></h7></br> <a href="http://www.fspassengers.com/"> FS Passengers</a></br> </center> <?php if($data['hm'] == 1) {?> <center> <h7><i><b>Hub Manager Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a></br> <a href="awards.php">Grant Award</a></br> </center> <?php } if($data['fm'] == 1) {?> <center> <h7><i><b>Fleet Manager Panel</b></i></h7></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="manageaircraft.php">Manage Aircraft</a> </center> <?php } if($data['ed'] == 1) {?> <center> <h7><i><b>Events Director Panel</b></i></h7></br> <a href="addevent.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a></br> </center> <?php } if($data['hr'] == 1) { ?> <center> <h7><i><b>Human Rescources Panel</b></i></h7></br> <a href="newpilots.php">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } if($data['bm'] == 1) {?> <center> <h7><i><b>Executive Staff Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a></br> <a href="awards.php">Grant Award</a></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="addstaffmember.php">Grant Staff Acesses</a></br> <a href="revokestaffmember.php">Revoke Staff Acesses</a></br> <a href="manageaircraft.php">Manage Aircraft</a></br> <a href="addevents.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a></br> <a href="pilotrec.php">Pilot Records</a></br> <a href="newpilots.php?staffid=<? echo "{$data["login"]}"?>">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } } } } } else {?> <script>javascript:alert("Log In Failed!")</script> <?php echo '<center><FONT COLOR =ff001b> Your <i>Pilot ID And/Or Password</i> is wrong!</center></FONT COLOR>';?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action="<? $_SERVER['PHP_SELF']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="user" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <? }?> <?php } else {?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action="<? $_SERVER['PHP_SELF']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="user" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <?php } ?> On any other pages you want them to be able to see, at the very, very, VERY top of the page, put this <?php session_start(); if(isset($_SESSION['SESS_LOGGEDIN']) == FALSE){ echo "You must be logged in"; } else { $user = $_SESSION['SESS_LNAME']; echo "Welcome back $user"; } ?> This checks to make sure their logged in, if not, it forces them to log in If they are logged in, the get a welcome message Quote Link to comment Share on other sites More sharing options...
topflight Posted January 9, 2009 Author Share Posted January 9, 2009 Thanks but the problem that I am having is that when the user clicks another page for some reason it logs them out but the cookie is still registered. I want to have it set up so that no matter what page they go to the login content will still display. Becuase on my site the login content is on the right and if you log in the box expands with user options(i.e chage profile and,signatures and other stuff like that). Well say if the user goes to the contact us page that login options does not show anymore the users then have to re log in I want it to have them stay loged in until they log out. Quote Link to comment Share on other sites More sharing options...
timmah1 Posted January 9, 2009 Share Posted January 9, 2009 With what I gave I you, there is no cookie Make sure you have session_start(); on the very top of every page, that way the session stays set once it's set Quote Link to comment Share on other sites More sharing options...
topflight Posted January 9, 2009 Author Share Posted January 9, 2009 ok I did but it is still not showing the login options when I switch different pages, it should show the log in options also just an FYI I am including my login.php file is that a problem you think? Quote Link to comment Share on other sites More sharing options...
topflight Posted January 9, 2009 Author Share Posted January 9, 2009 Any other suggestions Quote Link to comment Share on other sites More sharing options...
btherl Posted January 9, 2009 Share Posted January 9, 2009 For debugging, add this code just after session_Start() on each page. You can remove it when you've fixed the problem: print "<pre>"; var_dump($_SESSION); print "</pre>"; That will tell you the contents of $_SESSION. If it's empty, then your problem is getting sessions working. If it's not empty, then your problem is that your script is not using the session data. Quote Link to comment Share on other sites More sharing options...
hobeau Posted January 9, 2009 Share Posted January 9, 2009 Just using session_start() and your $_SESSION variable is not enough. There is a huge security hole called Session Fixation (http://en.wikipedia.org/wiki/Session_fixation) that hackers use to take advantage of web applications on literally a daily basis. To help to avoid that you must regenerate your session ID on each page, validate the ip address, the web domain referrer, and the client info such as the operating system and browser information. Here is a class that can help http://www.solutionbot.com/2008/12/27/secure-session-management/. When you verify your user login (aka, check the existence of the username and password in the database) simply do: <?php session::start_secure_session(); ?> This gets all of the initial information from your browser and passes into a session variable to get the users' 'fingerprint'. Next, on each page after, run: <?php if (!session::check()) { session::destroy(); header('Location: login.php'); die(); } ?> This validates the current client fingerprint against the initial fingerprint to make sure nothing has changed. If something has changed, we know that it is highly possible that there is a hacker trying to take advantage of session fixation and we must log the user account out immediately. Also, take note of the fact that the session::destroy() function actually destroys the session. A nuance with PHP is that to completely destroy a session you must set the session to a blank array, unset the session, and then run the session_destroy() function. session_destroy() alone will not destroy a session. There are also other functions such as add_param() and get_param() that have alot of built in functionality so that you don't have to worry about it. Session security is severely overlooked when building web applications and this is very unfortunate as hackers are having a ball getting into other peoples 'secure' accounts very easily. This is very bad for all php developers as php gets a bad reputation because of the lack of awareness. Quote Link to comment Share on other sites More sharing options...
topflight Posted January 9, 2009 Author Share Posted January 9, 2009 thanks but my main question is how to have my log in options displays when a user switch pages. (i.e the user logs in on index.php say the user want to go to about us the use should still be able to see the logged in content(i.e edit profile, signatures and etc...) ) Well when the users switch pages the the username and password box reappears I want to have it set up so that every time you go to another page you will be able to see the log in content and all the options. That is my main concern in order to see the log in content on another page and view the the other page the user has to keep logging in. Is their anyway to fix that so that the login options will always displayed unless you are not logged in> Quote Link to comment Share on other sites More sharing options...
btherl Posted January 9, 2009 Share Posted January 9, 2009 topflight, I suggest you put some time into learning about sessions. They are ideal for your situation. A single session will by default be shared among all pages on the server (considering virtual servers as different servers), allowing you to tell all pages that the user is logged in. For example, if you store data in a session in login.php, that data will be available in index.php, submit.php, and every other php script that calls session_start(). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.