Jump to content


Photo

How to not let the page be visible if not logged in-


  • Please log in to reply
7 replies to this topic

#1 treilad

treilad
  • Members
  • PipPipPip
  • Advanced Member
  • 58 posts

Posted 18 July 2006 - 09:12 PM

I've been working /forever/ just trying to get the login system to work.

(I know I just made a topic similar to this. Sorry?)

I'm trying to condense what could be several topics into one, if this seems long. :)

I want certain pages to not be visible if users are not logged in. Akitchin gave me this seemingly wonderful script to do just that:

Login2.php
<?php

include ('db.php');

if(isset($_COOKIE['ID_my_site']))

{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{


  if (!isset($_COOKIE['ID_my_site']))
  {
    header('./logout.php');
  }
}
}
else
{
  header('./loginpage.php');
}

?>

Except it doesn't seem to work. I include that at the top of all the pages I don't want to be visible to non-logged in people, yet when I log out, I can still see it and it doesn't seem to execute this code. What can I do to make this code execute EVERY time this page is visited. EVEN if I logout and hit the back button, I want it to run the code. (Perhaps a forced refresh?)

Here is my login.php code. I have it included in a table in loginpage.php. I want this code to not load if somebody is already logged in. If they're logged in, I'd like it to redirect them to a page that echos something along the lines of "You're already logged in, (display user here). I'm not sure how to write the code for that page, particularly the (display user) part, but I can't imagine it's that hard so it's not my main concern at the moment. (But for those of you to whom this seems simple and non-time consuming, which will not be the case for me, feel free to jot down a semantic writeup. ^^) I know I'll be using that often, the echoing of info from databases. But there are tutorials for that, so don't hurt yourself. :)

<?php

include ('db.php');

if(isset($_COOKIE['ID_my_site']))

{ 
	$username = $_COOKIE['ID_my_site']; 
	$pass = $_COOKIE['Key_my_site'];
	
	$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

	while($info = mysql_fetch_array( $check )) 	
		{

		if ($pass != $info['password']) 
			{
			
			}

		else
			{
			header("Location: index.php");

			}

		}

}


if (isset($_POST['submit'])) { // if form has been submitted


	if(!$_POST['username'] | !$_POST['pass']) {
		die('You did not fill in a required field.');
	}

	// checks it against the database

	if (!get_magic_quotes_gpc()) {
		$_POST['email'] = addslashes($_POST['email']);
	}

	$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
		die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>');
				}


while($info = mysql_fetch_array( $check )) 	
{

$_POST['pass'] = stripslashes($_POST['pass']);
	$info['password'] = stripslashes($info['password']);
	$_POST['pass'] = md5($_POST['pass']);


	if ($_POST['pass'] != $info['password']) {
		die('Incorrect password, please try again.');
	}

else
{
	
$_POST['username'] = stripslashes($_POST['username']);
	

$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);	

header("Location: index.php");
}

}

} else {	

?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}


?>

There's nothing wrong with that code, other than I'd like to add the redirect if they're already logged in, as I mentioned, I'm just posting it for reference, if someone needs to see it.

Uh... my registration code. Again, I don't want the page this is included in to be visible to someone who has logged in. Where I am at the moment, people can still register while they're logged in. That's not good. So I want it to do essentially the same as the login redirect. Just display a page that echos "You don't need to register. O.o You're already logged in, (display username). I imagine the solution is the same as the login redirect problem, so don't worry about it. Posting it for reference purposes only:

<?php 

include ('db.php');

if (isset($_POST['submit'])) { 

if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}

if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}

if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}

$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

$insert = "INSERT INTO users (username, password)
VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
$add_member = mysql_query($insert) or die(mysql_error());
?>

<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php 
} 
else 
{	
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>

<?php 
} 
?>

Other than these, the only problem I'm having, (more of a worry, really), is security. I haven't put this on the web yet, but when I do, I have no idea of the common PHP security issues and what precautions I should take.

Tell me if you need more code to diagnose me and I'll gladly edit them in. :)

I'm not asking anybody to read over all this garbage and fix every little thing, but I'll leave this up here for a day and bump every three hours or so and see what help I can get. Thanks in advance,

-Matt

#2 countnikon

countnikon
  • Members
  • PipPip
  • Member
  • 19 posts

Posted 18 July 2006 - 09:53 PM

What I always do is this:

<?PHP
if(!isset($_COOKIE['whatever']))
  header( "Location: http://blah.com/index.php" );
?>


#3 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 18 July 2006 - 11:03 PM

if (!isset($_COOKIE['my_site_id'])) {
    echo 'Gotta log in, dude.';
    die();
}

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#4 True`Logic

True`Logic
  • Members
  • PipPipPip
  • Advanced Member
  • 59 posts

Posted 18 July 2006 - 11:29 PM

{	
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>

<?php 
} 


:P try..

{	
echo "
<form action=" . $_SERVER['PHP_SELF'] . " method=\"post\">
<table border=\"0\">
<tr><td>Username:</td><td>
<input type=\"text\" name=\"username\" maxlength=\"60\">
</td></tr>
<tr><td>Password:</td><td>
<input type=\"password\" name=\"pass\" maxlength=\"10\">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type=\"password\" name=\"pass2\" maxlength=\"10\">
</td></tr>
<tr><th colspan=2><input type=\"submit\" name=\"submit\" value=\"Register\"></th></tr> </table>
</form>";
}


#5 treilad

treilad
  • Members
  • PipPipPip
  • Advanced Member
  • 58 posts

Posted 18 July 2006 - 11:58 PM

if (!isset($_COOKIE['my_site_id'])) {
    echo 'Gotta log in, dude.';
    die();
}


;D One problem solved!

EDIT:

Anybody know why this won't work?

<?php
if (!isset($_COOKIE['ID_my_site'])) {
    header('loginpage.php');
    die();
} 
?>

This is at the top of index.php. If the cookie isn't set, I want it to header to loginpage.php. 'Cept it just stays at index and the page is blank because of the die() statement. It won't header.

#6 treilad

treilad
  • Members
  • PipPipPip
  • Advanced Member
  • 58 posts

Posted 19 July 2006 - 12:34 AM

Bump.

#7 hitman6003

hitman6003
  • Members
  • PipPipPip
  • Advanced Member
  • 1,807 posts

Posted 19 July 2006 - 12:42 AM

header('location: loginpage.php');

#8 treilad

treilad
  • Members
  • PipPipPip
  • Advanced Member
  • 58 posts

Posted 19 July 2006 - 12:44 AM

:P Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users