harjpanesar Posted March 15, 2010 Share Posted March 15, 2010 Hi I am having problem with my php mysql login. I have created a login system which works fine but the problem that I am facing is that I currently have one user in my database and that one user can login to multiple pages within different directories i.e User can login into the following: www.software.com/clients/john/john.php but using the same username and password he can also log into www.software.com/clients/bob/bob.php How can i prevent this so each user can only log into their own clients directory. HELP Quote Link to comment https://forums.phpfreaks.com/topic/195357-problem-with-login-to-multiple-pages/ Share on other sites More sharing options...
PFMaBiSmAd Posted March 15, 2010 Share Posted March 15, 2010 We cannot really help you with what your code is doing or not doing without seeing it. But in general, a log in script would check at the start of each page if the current visitor was both logged in and had the necessary permissions to access the page that was being requested. If you have user specific pages, you would need to make sure that the current logged in user matched that page. Quote Link to comment https://forums.phpfreaks.com/topic/195357-problem-with-login-to-multiple-pages/#findComment-1026614 Share on other sites More sharing options...
harjpanesar Posted March 15, 2010 Author Share Posted March 15, 2010 I am using the following below which is a sliding php login with Jquery. You may have seen it. <?php define('INCLUDE_CHECK',true); require 'connect.php'; require 'functions.php'; // Those two files can be included only if INCLUDE_CHECK is defined session_name('tzLogin'); // Starting the session session_set_cookie_params(2*7*24*60*60); // Making the cookie live for 2 weeks session_start(); if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe']) { // If you are logged in, but you don't have the tzRemember cookie (browser restart) // and you have not checked the rememberMe checkbox: $_SESSION = array(); session_destroy(); // Destroy the session } if(isset($_GET['logoff'])) { $_SESSION = array(); session_destroy(); header("Location: demo.php"); exit; } if($_POST['submit']=='Login') { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!$_POST['username'] || !$_POST['password']) $err[] = 'All the fields must be filled in!'; if(!count($err)) { $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['password'] = mysql_real_escape_string($_POST['password']); $_POST['rememberMe'] = (int)$_POST['rememberMe']; // Escaping all input data $row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'")); if($row['usr']) { // If everything is OK login $_SESSION['usr']=$row['usr']; $_SESSION['id'] = $row['id']; $_SESSION['rememberMe'] = $_POST['rememberMe']; // Store some data in the session setcookie('tzRemember',$_POST['rememberMe']); } else $err[]='Wrong username and/or password!'; } if($err) $_SESSION['msg']['login-err'] = implode('<br />',$err); // Save the error messages in the session header("Location: demo.php"); exit; } else if($_POST['submit']=='Register') { // If the Register form has been submitted $err = array(); if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32) { $err[]='Your username must be between 3 and 32 characters!'; } if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username'])) { $err[]='Your username contains invalid characters!'; } if(!checkEmail($_POST['email'])) { $err[]='Your email is not valid!'; } if(!count($err)) { // If there are no errors $pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6); // Generate a random password $_POST['email'] = mysql_real_escape_string($_POST['email']); $_POST['username'] = mysql_real_escape_string($_POST['username']); // Escape the input data mysql_query(" INSERT INTO tz_members(usr,pass,email,regIP,dt) VALUES( '".$_POST['username']."', '".md5($pass)."', '".$_POST['email']."', '".$_SERVER['REMOTE_ADDR']."', NOW() )"); if(mysql_affected_rows($link)==1) { send_mail( '[email protected]', $_POST['email'], 'Registration System Demo - Your New Password', 'Your password is: '.$pass); $_SESSION['msg']['reg-success']='We sent you an email with your new password!'; } else $err[]='This username is already taken!'; } if(count($err)) { $_SESSION['msg']['reg-err'] = implode('<br />',$err); } header("Location: demo.php"); exit; } $script = ''; if($_SESSION['msg']) { // The script below shows the sliding panel on page load $script = ' <script type="text/javascript"> $(function(){ $("div#panel").show(); $("#toggle a").toggle(); }); </script>'; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>A Cool Login System With PHP MySQL & jQuery | Tutorialzine demo</title> <link rel="stylesheet" type="text/css" href="demo.css" media="screen" /> <link rel="stylesheet" type="text/css" href="login_panel/css/slide.css" media="screen" /> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> <!-- PNG FIX for IE6 --> <!-- http://24ways.org/2007/supersleight-transparent-png-in-ie6 --> <!--[if lte IE 6]> <script type="text/javascript" src="login_panel/js/pngfix/supersleight-min.js"></script> <![endif]--> <script src="login_panel/js/slide.js" type="text/javascript"></script> <?php echo $script; ?> </head> <body> <!-- Panel --> <div id="toppanel"> <div id="panel"> <div class="content clearfix"> <div class="left"> Insert logo here </div> <?php if(!$_SESSION['id']): ?> <div class="left"> <!-- Login Form --> <form class="clearfix" action="" method="post"> <h1>Member Login</h1> <?php if($_SESSION['msg']['login-err']) { echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>'; unset($_SESSION['msg']['login-err']); } ?> <label class="grey" for="username">Username:</label> <input class="field" type="text" name="username" id="username" value="" size="23" /> <label class="grey" for="password">Password:</label> <input class="field" type="password" name="password" id="password" size="23" /> <label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label> <div class="clear"></div> <input type="submit" name="submit" value="Login" class="bt_login" /> </form> </div> <div class="left right"> </div> <?php else: ?> <div class="left"> <h1>Members panel</h1> <p>You can put member-only data here</p> <a href="registered.php">View a special member page</a> <p>- or -</p> <a href="?logoff">Log off</a> </div> <div class="left right"> </div> <?php endif; ?> </div> </div> <!-- /login --> <!-- The tab on top --> <div class="tab"> <ul class="login"> <li class="left"> </li> <li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li> <li class="sep">|</li> <li id="toggle"> <a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Client Log In';?></a> <a id="close" style="display: none;" class="close" href="#">Close Panel</a> </li> <li class="right"> </li> </ul> </div> <!-- / top --> </div> <!--panel --> <div class="pageContent"> <div id="main"> <div class="container"> <h1>A Cool Login System</h1> <h2>Easy registration management with PHP & jQuery</h2> </div> <div class="container"> <p>This is a simple example site demonstrating the <a href="http://tutorialzine.com/2009/10/cool-login-system-php-jquery/">Cool Login System tutorial</a> on <strong>Tutorialzine</strong>. You can start by clicking the <strong>Client Log In</strong> button above. After registration, an email will be sent to you with your new password.</p> <p><a href="registered.php" target="_blank">View a test page</a>, only accessible by <strong>registered users</strong>.</p> <p>The sliding jQuery panel, used in this example, was developed by <a href="http://web-kreation.com/index.php/tutorials/nice-clean-sliding-login-panel-built-with-jquery" title="Go to site">Web-Kreation</a>.</p> <p>You are free to build upon this code and use it in your own sites.</p> <div class="clear"></div> </div> <div class="container tutorial-info"> This is a tutorialzine demo. View the <a href="http://tutorialzine.com/2009/10/cool-login-system-php-jquery/" target="_blank">original tutorial</a>, or download the <a href="demo.zip">source files</a>. </div> </div> </div> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/195357-problem-with-login-to-multiple-pages/#findComment-1026617 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.