Jump to content

Archived

This topic is now archived and is closed to further replies.

treilad

How to not let the page be visible if not logged in-

Recommended Posts

I've been working /forever/ just trying to get the login system to work.

(I know I just made a topic similar to this. Sorry?)

I'm trying to condense what could be several topics into one, if this seems long. :)

I want certain pages to not be visible if users are not logged in. Akitchin gave me this seemingly wonderful script to do just that:

Login2.php
[code]<?php

include ('db.php');

if(isset($_COOKIE['ID_my_site']))

{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{


  if (!isset($_COOKIE['ID_my_site']))
  {
    header('./logout.php');
  }
}
}
else
{
  header('./loginpage.php');
}

?>[/code]

Except it doesn't seem to work. I include that at the top of all the pages I don't want to be visible to non-logged in people, yet when I log out, I can still see it and it doesn't seem to execute this code. What can I do to make this code execute EVERY time this page is visited. EVEN if I logout and hit the back button, I want it to run the code. (Perhaps a forced refresh?)

Here is my login.php code. I have it included in a table in loginpage.php. I want this code to not load if somebody is already logged in. If they're logged in, I'd like it to redirect them to a page that echos something along the lines of "You're already logged in, (display user here). I'm not sure how to write the code for that page, particularly the (display user) part, but I can't imagine it's that hard so it's not my main concern at the moment. (But for those of you to whom this seems simple and non-time consuming, which will not be the case for me, feel free to jot down a semantic writeup. ^^) I know I'll be using that often, the echoing of info from databases. But there are tutorials for that, so don't hurt yourself. :)

[code]<?php

include ('db.php');

if(isset($_COOKIE['ID_my_site']))

{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check ))
{

if ($pass != $info['password'])
{

}

else
{
header("Location: index.php");

}

}

}


if (isset($_POST['submit'])) { // if form has been submitted


if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>');
}


while($info = mysql_fetch_array( $check ))
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);


if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}

else
{

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);

header("Location: index.php");
}

}

} else {

?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}


?>[/code]

There's nothing wrong with that code, other than I'd like to add the redirect if they're already logged in, as I mentioned, I'm just posting it for reference, if someone needs to see it.

Uh... my registration code. Again, I don't want the page this is included in to be visible to someone who has logged in. Where I am at the moment, people can still register while they're logged in. That's not good. So I want it to do essentially the same as the login redirect. Just display a page that echos "You don't need to register. O.o You're already logged in, (display username). I imagine the solution is the same as the login redirect problem, so don't worry about it. Posting it for reference purposes only:

[code]<?php

include ('db.php');

if (isset($_POST['submit'])) {

if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}

if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);

if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}

if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}

$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

$insert = "INSERT INTO users (username, password)
VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
$add_member = mysql_query($insert) or die(mysql_error());
?>

<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>

<?php
}
?>[/code]

Other than these, the only problem I'm having, (more of a worry, really), is security. I haven't put this on the web yet, but when I do, I have no idea of the common PHP security issues and what precautions I should take.

Tell me if you need more code to diagnose me and I'll gladly edit them in. :)

I'm not asking anybody to read over all this garbage and fix every little thing, but I'll leave this up here for a day and bump every three hours or so and see what help I can get. Thanks in advance,

-Matt

Share this post


Link to post
Share on other sites
What I always do is this:

[code]
<?PHP
if(!isset($_COOKIE['whatever']))
  header( "Location: http://blah.com/index.php" );
?>
[/code]

Share this post


Link to post
Share on other sites
if (!isset($_COOKIE['my_site_id'])) {
    echo 'Gotta log in, dude.';
    die();
}

Share this post


Link to post
Share on other sites
[code]{
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>

<?php
}
[/code]


:P try..

[code]
{
echo "
<form action=" . $_SERVER['PHP_SELF'] . " method=\"post\">
<table border=\"0\">
<tr><td>Username:</td><td>
<input type=\"text\" name=\"username\" maxlength=\"60\">
</td></tr>
<tr><td>Password:</td><td>
<input type=\"password\" name=\"pass\" maxlength=\"10\">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type=\"password\" name=\"pass2\" maxlength=\"10\">
</td></tr>
<tr><th colspan=2><input type=\"submit\" name=\"submit\" value=\"Register\"></th></tr> </table>
</form>";
}
[/code]

Share this post


Link to post
Share on other sites
[quote]if (!isset($_COOKIE['my_site_id'])) {
    echo 'Gotta log in, dude.';
    die();
}[/quote]

;D One problem solved!

EDIT:

Anybody know why this won't work?

[code]<?php
if (!isset($_COOKIE['ID_my_site'])) {
    header('loginpage.php');
    die();
}
?>[/code]

This is at the top of index.php. If the cookie isn't set, I want it to header to loginpage.php. 'Cept it just stays at index and the page is blank because of the die() statement. It won't header.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.