BinaryBird Posted June 19, 2010 Share Posted June 19, 2010 Hi, i am trying to create a registration page. But i want users to access this page only validating their id not be able to access it directly. Say my landing page is home.php , i have a id field here where users can enter their id. I can check if this id exists in the db and if so take them to register.php where they can enter their details . But they should not be able to access the register page directly. A friend of mine tried to help me with this. He is using sessions. Here is the code for the home page <?php session_start(); require_once('connection.php'); if(!isset($_SESSION['id'])) { if(isset($_POST['submit'])) { $id = $_POST['id']; if(!empty($id)) { $query = "SELECT * FROM studentids where usn='".$id."'"; /* Please change the tablename and id column name here*/ $result = mysqli_query($conn,$query); while ($row = mysqli_fetch_array($result)) { $tid = $row['usn']; /* If Column Name is not id then you need to make changes here */ } if($tid == $id) { $row = mysqli_fetch_array($result); $_SESSION['id'] = $id; setcookie('id', $row['id'], time()+(60*60*24*30)); $url = 'http://www.googlewaveindia.com/'; $url .= 'shantanu/apps/register.php'; /*Change the path to redirect into register.php */ header('Location: ' . $url); } else { echo '<p class="error">Sorry,You must enter a valid ID to log in.</p>'; } } else { echo '<p class="error">Sorry,You must enter your ID to log in.</p>'; } } } ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Validation</title> </head> <body> <form id="createaccount" name="createaccount" action="register.php" method="post" > ID:<input type="text" name="id" id="id" size="30" value="" /> <input style="width:19em" id="submit" name="submit" type="submit" value='Validate' /> </form> </body> </html> This is not validating. Here is the link : http://www.googlewaveindia.com/shantanu/apps/newgister.php could some one tell me what could be wrong? Thanks. Quote Link to comment Share on other sites More sharing options...
cags Posted June 19, 2010 Share Posted June 19, 2010 So far as I can tell from your current indentation, you don't have an else statement to go with... if(isset($_POST['submit'])) If somebody goes directly to the page then $_POST['submit'] will not be set. If it's not set then you're code will simply not enter that if block and continue onto the main code of the page. You should add an else statement that kills off the script using die/exit. Quote Link to comment Share on other sites More sharing options...
BinaryBird Posted June 19, 2010 Author Share Posted June 19, 2010 For which if block should i add the exit code? I am sorry but i am new to php. Please help. Or is there any other way to access the register.php page on successfully validating a db entry? Quote Link to comment Share on other sites More sharing options...
swisse Posted June 19, 2010 Share Posted June 19, 2010 Try correcting some parts of your code: <?php session_start(); include('connection.php'); if(!isset($_SESSION['id'])) { if(isset($_POST['submit'])) { $id = $_POST['id']; if(!empty($id)) { $query = "SELECT * FROM studentids where usn='".$id."' LIMIT 1"; /* Please change the tablename and id column name here*/ $result = mysqli_query($conn,$query); $row = mysqli_fetch_array($result); if(mysqli_num_rows($row) == 1) { $_SESSION['id'] = $id; setcookie('id', $row['id'], time()+(60*60*24*30)); $url = 'http://www.googlewaveindia.com/'; $url .= 'shantanu/apps/register.php'; /*Change the path to redirect into register.php */ header('Location: ' . $url); exit(); } Quote Link to comment Share on other sites More sharing options...
kratsg Posted June 19, 2010 Share Posted June 19, 2010 It's actually better to use "require_once" here instead of "include". If they can't connect to the database - the file still shouldn't load. Try correcting some parts of your code: <?php session_start(); include('connection.php'); if(!isset($_SESSION['id'])) { if(isset($_POST['submit'])) { $id = $_POST['id']; if(!empty($id)) { $query = "SELECT * FROM studentids where usn='".$id."' LIMIT 1"; /* Please change the tablename and id column name here*/ $result = mysqli_query($conn,$query); $row = mysqli_fetch_array($result) if(mysqli_num_rows($row) == 1) { $_SESSION['id'] = $id; setcookie('id', $row['id'], time()+(60*60*24*30)); $url = 'http://www.googlewaveindia.com/'; $url .= 'shantanu/apps/register.php'; /*Change the path to redirect into register.php */ header('Location: ' . $url); exit(); } Quote Link to comment Share on other sites More sharing options...
BinaryBird Posted June 20, 2010 Author Share Posted June 20, 2010 I tried but something is wrong. Could some one tell me how do i read a value from a form sent it as a session variable ? I mean say i have a input field id, is it possible to read the value and set it as a session variable in the same page? Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 20, 2010 Share Posted June 20, 2010 Once a session is started you can set session variables. They are like any other type of variable. Your code does an assignment to a session variable when a db query succeeds in finding someone: $_SESSION['id'] = $id; That line sets the session variable "id". Quote Link to comment Share on other sites More sharing options...
BinaryBird Posted June 20, 2010 Author Share Posted June 20, 2010 I have solved the session problem. I finally inserted a javascript validation for the id filed. But it doesn work. <?php session_start(); $pvt_id = session_id(); //if(isset($_POST['submit'])) { $_SESSION['name'] = 'Jester'; $_SESSION['id'] = $pvt_id ; //echo $id; //} ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Validation</title> <script language="JavaScript" src="gen_validatorv31.js" type="text/javascript"></script> </head> <body> <form id="createaccount" name="createaccount" action="register.php" method="post" > ID:<input type="text" name="id" id="id" size="30" value="" /> <input style="width:19em" id="submit" name="submit" type="submit" value='Validate' /> </form> <script language="JavaScript" type="text/javascript"> var frmvalidator = new Validator("createaccount"); frmvalidator.addValidation("id","req","Please enter your ID") frmvalidator.addValidation("id","maxlen=10","Max length for ID is 10"); </script> </body> </html> Is there something i have missed out here? If i click on the submit button with out entering a value in the id field, it should alert me. But it just takes me to the action page. Help me out please. Thanks. Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 21, 2010 Share Posted June 21, 2010 Seems your question has now morphed into a javascript question. I can't tell you what the problem is, since you're using some sort of validation library I'm not familiar with, but I'd suggest you start a new question in the appropriate subforum for javascript questions. Quote Link to comment Share on other sites More sharing options...
BinaryBird Posted June 21, 2010 Author Share Posted June 21, 2010 Thanks. I have posted in the JS section. I managed to solve the sessions problem. Thanks again for all the help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.