Jump to content

problem with login to multiple pages

harjpanesar

By harjpanesar
in PHP Coding Help

 Share

Recommended Posts

harjpanesar Newbie

harjpanesar

Posted
Posted

Hi

 

I am having problem with my php mysql login.

 

I have created a login system which works fine but the problem that I am facing is that I currently have one user in my database and that one user can login to multiple pages within different directories i.e

 

User can login into the following:

www.software.com/clients/john/john.php

 

but using the same username and password he can also log into

www.software.com/clients/bob/bob.php

 

How can i prevent this so each user can only log into their own clients directory.

 

 

HELP

Link to comment
https://forums.phpfreaks.com/topic/195357-problem-with-login-to-multiple-pages/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

We cannot really help you with what your code is doing or not doing without seeing it.

 

But in general, a log in script would check at the start of each page if the current visitor was both logged in and had the necessary permissions to access the page that was being requested. If you have user specific pages, you would need to make sure that the current logged in user matched that page.

harjpanesar Newbie

harjpanesar

Posted
  • Author
Posted

I am using the following below which is a sliding php login with Jquery.  You may have seen it.

 

 

<?php

 

define('INCLUDE_CHECK',true);

 

require 'connect.php';

require 'functions.php';

// Those two files can be included only if INCLUDE_CHECK is defined

 

 

session_name('tzLogin');

// Starting the session

 

session_set_cookie_params(2*7*24*60*60);

// Making the cookie live for 2 weeks

 

session_start();

 

if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])

{

// If you are logged in, but you don't have the tzRemember cookie (browser restart)

// and you have not checked the rememberMe checkbox:

 

$_SESSION = array();

session_destroy();

 

// Destroy the session

}

 

 

if(isset($_GET['logoff']))

{

$_SESSION = array();

session_destroy();

 

header("Location: demo.php");

exit;

}

 

if($_POST['submit']=='Login')

{

// Checking whether the Login form has been submitted

 

$err = array();

// Will hold our errors

 

 

if(!$_POST['username'] || !$_POST['password'])

$err[] = 'All the fields must be filled in!';

 

if(!count($err))

{

$_POST['username'] = mysql_real_escape_string($_POST['username']);

$_POST['password'] = mysql_real_escape_string($_POST['password']);

$_POST['rememberMe'] = (int)$_POST['rememberMe'];

 

// Escaping all input data

 

$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));

 

if($row['usr'])

{

// If everything is OK login

 

$_SESSION['usr']=$row['usr'];

$_SESSION['id'] = $row['id'];

$_SESSION['rememberMe'] = $_POST['rememberMe'];

 

// Store some data in the session

 

setcookie('tzRemember',$_POST['rememberMe']);

}

else $err[]='Wrong username and/or password!';

}

 

if($err)

$_SESSION['msg']['login-err'] = implode('<br />',$err);

// Save the error messages in the session

 

header("Location: demo.php");

exit;

}

else if($_POST['submit']=='Register')

{

// If the Register form has been submitted

 

$err = array();

 

if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)

{

$err[]='Your username must be between 3 and 32 characters!';

}

 

if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))

{

$err[]='Your username contains invalid characters!';

}

 

if(!checkEmail($_POST['email']))

{

$err[]='Your email is not valid!';

}

 

if(!count($err))

{

// If there are no errors

 

$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);

// Generate a random password

 

$_POST['email'] = mysql_real_escape_string($_POST['email']);

$_POST['username'] = mysql_real_escape_string($_POST['username']);

// Escape the input data

 

 

mysql_query(" INSERT INTO tz_members(usr,pass,email,regIP,dt)

VALUES(

 

'".$_POST['username']."',

'".md5($pass)."',

'".$_POST['email']."',

'".$_SERVER['REMOTE_ADDR']."',

NOW()

 

)");

 

if(mysql_affected_rows($link)==1)

{

send_mail( '[email protected]',

$_POST['email'],

'Registration System Demo - Your New Password',

'Your password is: '.$pass);

 

$_SESSION['msg']['reg-success']='We sent you an email with your new password!';

}

else $err[]='This username is already taken!';

}

 

if(count($err))

{

$_SESSION['msg']['reg-err'] = implode('<br />',$err);

}

 

header("Location: demo.php");

exit;

}

 

$script = '';

 

if($_SESSION['msg'])

{

// The script below shows the sliding panel on page load

 

$script = '

<script type="text/javascript">

 

$(function(){

 

$("div#panel").show();

$("#toggle a").toggle();

});

 

</script>';

 

}

?>

 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

 

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>A Cool Login System With PHP MySQL &amp jQuery | Tutorialzine demo</title>

   

    <link rel="stylesheet" type="text/css" href="demo.css" media="screen" />

    <link rel="stylesheet" type="text/css" href="login_panel/css/slide.css" media="screen" />

   

    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>

   

    <!-- PNG FIX for IE6 -->

    <!-- http://24ways.org/2007/supersleight-transparent-png-in-ie6 -->

    <!--[if lte IE 6]>

        <script type="text/javascript" src="login_panel/js/pngfix/supersleight-min.js"></script>

    <![endif]-->

   

    <script src="login_panel/js/slide.js" type="text/javascript"></script>

   

    <?php echo $script; ?>

</head>

 

<body>

 

<!-- Panel -->

<div id="toppanel">

<div id="panel">

<div class="content clearfix">

<div class="left">

Insert logo here

</div>

           

           

            <?php

 

if(!$_SESSION['id']):

 

?>

           

<div class="left">

<!-- Login Form -->

<form class="clearfix" action="" method="post">

<h1>Member Login</h1>

                   

                    <?php

 

if($_SESSION['msg']['login-err'])

{

echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';

unset($_SESSION['msg']['login-err']);

}

?>

 

<label class="grey" for="username">Username:</label>

<input class="field" type="text" name="username" id="username" value="" size="23" />

<label class="grey" for="password">Password:</label>

<input class="field" type="password" name="password" id="password" size="23" />

            <label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" />  Remember me</label>

        <div class="clear"></div>

<input type="submit" name="submit" value="Login" class="bt_login" />

</form>

</div>

<div class="left right">

 

</div>

           

            <?php

 

else:

 

?>

           

            <div class="left">

           

            <h1>Members panel</h1>

           

            <p>You can put member-only data here</p>

            <a href="registered.php">View a special member page</a>

            <p>- or -</p>

            <a href="?logoff">Log off</a>

           

            </div>

           

            <div class="left right">

            </div>

           

            <?php

endif;

?>

</div>

</div> <!-- /login -->

 

    <!-- The tab on top -->

<div class="tab">

<ul class="login">

    <li class="left"> </li>

        <li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>

<li class="sep">|</li>

<li id="toggle">

<a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Client Log In';?></a>

<a id="close" style="display: none;" class="close" href="#">Close Panel</a>

</li>

    <li class="right"> </li>

</ul>

</div> <!-- / top -->

 

</div> <!--panel -->

 

<div class="pageContent">

    <div id="main">

      <div class="container">

        <h1>A Cool Login System</h1>

        <h2>Easy registration management with PHP & jQuery</h2>

        </div>

       

        <div class="container">

       

          <p>This is a simple example site demonstrating the <a href="http://tutorialzine.com/2009/10/cool-login-system-php-jquery/">Cool Login System tutorial</a> on <strong>Tutorialzine</strong>. You can start by clicking the <strong>Client Log In</strong> button above.  After registration, an email will be sent to you with your new password.</p>

          <p><a href="registered.php" target="_blank">View a test page</a>, only accessible by <strong>registered users</strong>.</p>

          <p>The sliding jQuery panel, used in this example, was developed by  <a href="http://web-kreation.com/index.php/tutorials/nice-clean-sliding-login-panel-built-with-jquery" title="Go to site">Web-Kreation</a>.</p>

          <p>You are free to build upon this code and use it in your own sites.</p>

          <div class="clear"></div>

        </div>

       

      <div class="container tutorial-info">

      This is a tutorialzine demo. View the <a href="http://tutorialzine.com/2009/10/cool-login-system-php-jquery/" target="_blank">original tutorial</a>, or download the <a href="demo.zip">source files</a>.    </div>

    </div>

</div>

 

</body>

</html>

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.