treilad Posted July 18, 2006 Share Posted July 18, 2006 I've been working /forever/ just trying to get the login system to work. (I know I just made a topic similar to this. Sorry?)I'm trying to condense what could be several topics into one, if this seems long. :)I want certain pages to not be visible if users are not logged in. Akitchin gave me this seemingly wonderful script to do just that:Login2.php[code]<?phpinclude ('db.php');if(isset($_COOKIE['ID_my_site'])){$username = $_COOKIE['ID_my_site'];$pass = $_COOKIE['Key_my_site'];$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());while($info = mysql_fetch_array( $check )){ if (!isset($_COOKIE['ID_my_site'])) { header('./logout.php'); }}}else{ header('./loginpage.php');}?>[/code]Except it doesn't seem to work. I include that at the top of all the pages I don't want to be visible to non-logged in people, yet when I log out, I can still see it and it doesn't seem to execute this code. What can I do to make this code execute EVERY time this page is visited. EVEN if I logout and hit the back button, I want it to run the code. (Perhaps a forced refresh?)Here is my login.php code. I have it included in a table in loginpage.php. I want this code to not load if somebody is already logged in. If they're logged in, I'd like it to redirect them to a page that echos something along the lines of "You're already logged in, (display user here). I'm not sure how to write the code for that page, particularly the (display user) part, but I can't imagine it's that hard so it's not my main concern at the moment. (But for those of you to whom this seems simple and non-time consuming, which will not be the case for me, feel free to jot down a semantic writeup. ^^) I know I'll be using that often, the echoing of info from databases. But there are tutorials for that, so don't hurt yourself. :)[code]<?phpinclude ('db.php');if(isset($_COOKIE['ID_my_site'])){ $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: index.php"); } }}if (isset($_POST['submit'])) { // if form has been submitted if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());$check2 = mysql_num_rows($check);if ($check2 == 0) { die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>'); }while($info = mysql_fetch_array( $check )) {$_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); }else{ $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour);setcookie(Key_my_site, $_POST['pass'], $hour); header("Location: index.php");}}} else { ?><form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"><table border="0"><tr><td colspan=2><h1>Login</h1></td></tr><tr><td>Username:</td><td><input type="text" name="username" maxlength="40"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" maxlength="50"></td></tr><tr><td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td></tr></table></form><?php}?>[/code]There's nothing wrong with that code, other than I'd like to add the redirect if they're already logged in, as I mentioned, I'm just posting it for reference, if someone needs to see it.Uh... my registration code. Again, I don't want the page this is included in to be visible to someone who has logged in. Where I am at the moment, people can still register while they're logged in. That's not good. So I want it to do essentially the same as the login redirect. Just display a page that echos "You don't need to register. O.o You're already logged in, (display username). I imagine the solution is the same as the login redirect problem, so don't worry about it. Posting it for reference purposes only:[code]<?php include ('db.php');if (isset($_POST['submit'])) { if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {die('You did not complete all of the required fields');}if (!get_magic_quotes_gpc()) {$_POST['username'] = addslashes($_POST['username']);}$usercheck = $_POST['username'];$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error());$check2 = mysql_num_rows($check);if ($check2 != 0) {die('Sorry, the username '.$_POST['username'].' is already in use.');}if ($_POST['pass'] != $_POST['pass2']) {die('Your passwords did not match. ');}$_POST['pass'] = md5($_POST['pass']);if (!get_magic_quotes_gpc()) {$_POST['pass'] = addslashes($_POST['pass']);$_POST['username'] = addslashes($_POST['username']);}$insert = "INSERT INTO users (username, password)VALUES ('".$_POST['username']."', '".$_POST['pass']."')";$add_member = mysql_query($insert) or die(mysql_error());?><h1>Registered</h1><p>Thank you, you have registered - you may now login</a>.</p><?php } else { ?><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"><table border="0"><tr><td>Username:</td><td><input type="text" name="username" maxlength="60"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" maxlength="10"></td></tr><tr><td>Confirm Password:</td><td><input type="password" name="pass2" maxlength="10"></td></tr><tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table></form><?php } ?>[/code]Other than these, the only problem I'm having, (more of a worry, really), is security. I haven't put this on the web yet, but when I do, I have no idea of the common PHP security issues and what precautions I should take.Tell me if you need more code to diagnose me and I'll gladly edit them in. :)I'm not asking anybody to read over all this garbage and fix every little thing, but I'll leave this up here for a day and bump every three hours or so and see what help I can get. Thanks in advance,-Matt Quote Link to comment Share on other sites More sharing options...
countnikon Posted July 18, 2006 Share Posted July 18, 2006 What I always do is this:[code]<?PHPif(!isset($_COOKIE['whatever'])) header( "Location: http://blah.com/index.php" );?>[/code] Quote Link to comment Share on other sites More sharing options...
pixy Posted July 18, 2006 Share Posted July 18, 2006 if (!isset($_COOKIE['my_site_id'])) { echo 'Gotta log in, dude.'; die();} Quote Link to comment Share on other sites More sharing options...
True`Logic Posted July 18, 2006 Share Posted July 18, 2006 [code]{ ?><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"><table border="0"><tr><td>Username:</td><td><input type="text" name="username" maxlength="60"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" maxlength="10"></td></tr><tr><td>Confirm Password:</td><td><input type="password" name="pass2" maxlength="10"></td></tr><tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table></form><?php } [/code]:P try..[code]{ echo "<form action=" . $_SERVER['PHP_SELF'] . " method=\"post\"><table border=\"0\"><tr><td>Username:</td><td><input type=\"text\" name=\"username\" maxlength=\"60\"></td></tr><tr><td>Password:</td><td><input type=\"password\" name=\"pass\" maxlength=\"10\"></td></tr><tr><td>Confirm Password:</td><td><input type=\"password\" name=\"pass2\" maxlength=\"10\"></td></tr><tr><th colspan=2><input type=\"submit\" name=\"submit\" value=\"Register\"></th></tr> </table></form>";}[/code] Quote Link to comment Share on other sites More sharing options...
treilad Posted July 18, 2006 Author Share Posted July 18, 2006 [quote]if (!isset($_COOKIE['my_site_id'])) { echo 'Gotta log in, dude.'; die();}[/quote] ;D One problem solved!EDIT:Anybody know why this won't work?[code]<?phpif (!isset($_COOKIE['ID_my_site'])) { header('loginpage.php'); die();} ?>[/code]This is at the top of index.php. If the cookie isn't set, I want it to header to loginpage.php. 'Cept it just stays at index and the page is blank because of the die() statement. It won't header. Quote Link to comment Share on other sites More sharing options...
treilad Posted July 19, 2006 Author Share Posted July 19, 2006 Bump. Quote Link to comment Share on other sites More sharing options...
hitman6003 Posted July 19, 2006 Share Posted July 19, 2006 header('location: loginpage.php'); Quote Link to comment Share on other sites More sharing options...
treilad Posted July 19, 2006 Author Share Posted July 19, 2006 :P Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.