frenchpl Posted July 17, 2009 Share Posted July 17, 2009 I am newish to PHP so please be gentle with me here. I have written a whole suit of scripts to control an imaginary company. So far they are all working together. I have a datacon.php, which has the normal connect the root user stuff in it. I have head and foot scripts, again normal as far as I can see. I want to use the require once, with the datacon, just to log in the user that is trying to log in. Whatever I have tried I cannot get anything to work correctly, if I do not include the datacon.php in each script. This seems to defeat the object of having a log in for other users. I am using SESSIONS and have the session start at the top of each file. I know this is working because I am echoing the session ID from every file. Obviously I am missing something, though a few books later I am none the wiser. The other question about this lo gin stuff is this. I have created a company database which has a 'users' table, which has an 'admin' or root user in it. When I log in with the log in script I want to enable the admin user that I have created or another user and NOT the admin user in the mysql database user table. How do I do this? Thanks guys Pete Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted July 18, 2009 Share Posted July 18, 2009 Maybe if you show us some code, we can point out your errors. Quote Link to comment Share on other sites More sharing options...
phporcaffeine Posted July 18, 2009 Share Posted July 18, 2009 Yep ... gotta see some code ... your issue culd be anything ... you don't even give enough detail to make a blind guess. Quote Link to comment Share on other sites More sharing options...
frenchpl Posted July 18, 2009 Author Share Posted July 18, 2009 Hi guys, OK here goes with the code thing. My datacon.php looks like this, with the exception that I have blanked out the password etc. Then there is the login script which I am again copying below. If anyone beeds anything else just ask and I will try to get it posted. Thanks Pete Datacon.php -------------------------------------------------------------------- <?php // MySQL Settings $MySqlHostname = "localhost"; $MySqlUsername = "root"; $MySqlPassword = "********"; $MySqlDatabase = "*******"; /* make connection to database */ /* If no connection made, display error Message */ $dblink = MYSQL_CONNECT($MySqlHostname , $MySqlUsername, $MySqlPassword) OR DIE("Unable to connect to database"); /* Select the database name to be used or else print error message if unsuccessful*/ mysql_select_db("$MySqlDatabase") or die( "Unable to select database"); ?> ----------------------------------------------------------------------- LogIn.php ------------- <!login.php> <!Initial entry to all helpdesk units> <!Not called from other scripts direct from browser> <?php // send nothing to the browser before the session_start() line // Check if a form has been submitted if(isset($_POST['submitted'])) { require_once('datacon.php'); $errors = array(); // initialise error array // check for a user id if(empty($_POST['user'])) { $errors[] = 'you forgot to enter your user name.'; } else { $u = $_POST['user']; } // end if empty // Check for a password. if(empty($_POST['pass'])) { $errors[] = 'you forgot to enter your password.'; } else { $p = $_POST['pass']; } // end if empty if(empty($errors)) { // if everything is OK // check the user_id for the name and password combination $query = ("SELECT * FROM users WHERE userName='$u' AND userPass= SHA('$p')")or die(mysql_error()); $result = MYSQL_QUERY($query); $arr = mysql_fetch_row($result); if($arr[0]!="") // A row was found { $user_id = $arr[0]; $name = $arr[1]; session_start(); $_SESSION['user_id'] = $user_id; $_SESSION['userName'] = $name; // redirect the user to the logged in page $url = 'http://' . $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); // Ceck for trailing slash if((substr($url, -1) == '/') OR (substr($url, -1)=='\\')) { $url = substr($url,0,-1); // chop the last slash } // Add the page $url .= '/ValidUser.php'; header("Location: $url"); exit(); // Quit this script } else { // No record found $errors[] = 'The username and password do not match those found on file'; //Public message $errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message } // end if record found }// end if empty errors mysql_close(); // Close the database connection } else { // form has not been submitted $errors = NULL; } // end of the main submit condition // begin the page now $page_title = 'Login'; include("UM\Head.php"); if(!empty($errors)) { // print any error messages echo '<h1 id="mainhead">Error!</h1> <p class="error">The following error(s) occured:<br />'; foreach($errors as $msg) { // print each error echo " - $msg<br />\n"; } echo '</p><p>Please try again.</p>'; } // Create the form ?> <center> <h1>Login</h1> <form action="login.php" method="post"> <p>User Name: <input type 'text' name = 'user' size = "20" maxlength="40"/></p> <p>Password: <input type = text name = 'pass' size = "20" maxlength="40"/></p> <p><input type="submit" name = "submit" value = "login" /></p> <input type = "hidden" name="submitted" value="TRUE"/> </form> </center> <?php include("UM\Foot.php"); ?> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted July 18, 2009 Share Posted July 18, 2009 What is wrong with that code? Whats your problem/question. You need to post more info. Also do note when posting code please use code tags ( ). Quote Link to comment Share on other sites More sharing options...
frenchpl Posted July 18, 2009 Author Share Posted July 18, 2009 Thanks for the answer wildteen. Surely you are asking my question, 'what is wrong with the code'. If you need more info to help then please tell me what you need to know. As I said I am fairly new to this PHP stuff. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted July 18, 2009 Share Posted July 18, 2009 Surely you are asking my question, 'what is wrong with the code'. In order for me to tell you that. I need to know what your script is supposed to do. What is your script not doing. Does it return any errors etc. Quote Link to comment Share on other sites More sharing options...
frenchpl Posted July 18, 2009 Author Share Posted July 18, 2009 I am trying to design a web based system. The user points his/her browser to my LogIn page, (LogIn.php). After entering ther username and password the user hits the submit button. All being well the input data is re-directed to the ValidateUser.php script. Here the username and password are checked against the database for validity. If correct the user is shown the main user control page for the system. If the user who logged in, is the Administrator then he is shown the main admin page. This all seems to work OK but only if I 'include' the datacon.php at the top of every script which has mysql interraction on it. If I do not do this I get the results shown below. without the datacon included Selection boxes are displayed but they are unpopulated. With including the datacon The boxes are populated with the correct fields. My original question was twofold. The first part was to cover this incorrect behaviour. The second part to the question was different. I note that within the MySql installation there is a user table, I also have a user table within the database that I have created. When I log in to my system, via the webpage which user table am I accessing? I thought that it was the one I created but now I am not too sure of that. Sorry, I snapped a coule of jpegs to display the results I am getting nut could se no way to include them. I am also posting the ValidateUser.php script for your perusal. <?php session_start(); // chech that we have a session if(!isset($_SESSION['user_id'])) { echo "You are not logged in"; exit(); } // User is redirected here from login form if no cookie is present redirect the user if(!isset($_SESSION['user_id'])) { // start defining the URL $url = 'http://' . $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); // Ceck for trailing slash if((substr($url, -1) == '/') OR (substr($url, -1)=='\\')); { $url = substr($url,0,-1); // chop the last slash } // Add the page $url .= '/ValidateUser.php'; header("Location: $url"); exit(); // Quit this script } if($_SESSION['user_id'] == 1) { // you are logged in as admin user // redirect the user to the admin page $url = 'http://' . $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); // Ceck for trailing slash if((substr($url, -1) == '/') OR (substr($url, -1)=='\\')) { $url = substr($url,0,-1); // chop the last slash } // Add the page $url .= '/MainAdmin.php'; // add the page header("Location: $url"); exit(); } else { // you are just a normal user // redirect the user to the non-admin page $url = 'http://' . $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); // Ceck for trailing slash if((substr($url, -1) == '/') OR (substr($url, -1)=='\\')) { $url = substr($url,0,-1); // chop the last slash } // Add the page $url .= '/MainIndex.php'; // add the page header("Location: $url"); exit(); } ?> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted July 18, 2009 Share Posted July 18, 2009 This all seems to work OK but only if I 'include' the datacon.php at the top of every script which has mysql interraction on it. If I do not do this I get the results shown below. without the datacon included Selection boxes are displayed but they are unpopulated. With including the datacon The boxes are populated with the correct fields. Ofcourse you need to connect to mysql in order for you to perform any SQL queries. If you are querying the database to populate your form then it wont work if you're not connected to mysql. I note that within the MySql installation there is a user table, I also have a user table within the database that I have created. This table is strictly for MySQL use only. The table you created in your database has nothing to do with the user table in the mysql database. You should not be using the MySQL database in your PHP scripts. Quote Link to comment Share on other sites More sharing options...
frenchpl Posted July 18, 2009 Author Share Posted July 18, 2009 Well thanks again for another unhelpful and sarcastic reply. I gather that you are supposed to be good at this stuff but that is no use unless you have the temperament to go with it. I may ask questions that seem obvious to you. That is why I am here asking them. I am looking for some knowledge that I obviously do not have. I do not need help like this. Thanks anyway Pete Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted July 18, 2009 Share Posted July 18, 2009 I wasn't being sarcastic. I was just replying to your question. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.