Jump to content

session password protected page not working

silverglade

By silverglade
in PHP Coding Help

Recommended Posts

silverglade Advanced Member

silverglade

Posted
Posted

Hi, I have a login to a private page on my server, and it's not working. The private page is showing up blank when I go to it. I am using a little bouncer script to redirect the person home if the $_SESSION[userid] is not set. But it isnt working. When I remove the lines from the top of the intro.php page I'm trying to log into, it works but it isn't protected.

 

include(connect1.php);

include(bouncer.php);

 

When I remove those the intro page works, when I add them, it shows up blank. Any help GREATLY appreciated.

 

Here is the bouncer script to bump them off if not logged in.

 

<?php

session_start();// this is a session start declaration call. to let us know we are using sessions on this page.
                  // when you create a session you create an actual file on server that it writes to.
/*echo '<pre>';
print_r($_SESSION);
echo '</pre>';
exit;*//// TO TEST OUTPUT DEBUGGING WHY IT WOULDNT LET ME LOG IN
if(!isset($_SESSION["userid"])){ // why would they be on this page if session is not set!!!! this code is a bouncer..a cop.

header("Location:index.php"); // if it hasnt been set and they are on this page, hack=y and redirect them back with the naught naughty message.


exit;
}

?>

 

and here is the login page that is supposed to set the session variable so that only users who logged in can see the intro page.

 

<?php
include("connect1.php");

//mysql_error();


//ini_set('display_errors', 1);
//  error_reporting(E_ALL);   // GREAT SNIPPET FOR DEBUGGING OUTPUTS ERRORS TO SCREEN */

session_start(); // this is the session declaration , one per page.
/// data is set up in the mysql lite table , rows are 
// record_id, int, 11, not null checked, default, null
//username, varchar, 20, default null
// password, varchar, 20 default, null
//Name, varchar, 20 default null
////////////////////////////////////////
////////////////////////////////////////
// a while loop is used to loop through and display output, like a table info, etc.dynamic rows.
$u = $_POST['email'];
$p = $_POST['password'];



//$hack = $_GET['hack']; /// we got the hack variable from other page with GET




// if logoff is set, destroy the session, or unset it.
if(isset($_GET['logoff'])){

    
unset($_SESSION['userid']);

//session_destroy();

$message = "You have been logged off"; // notice here that he used the same variable as before but just changed value


     

		}


/*if(isset($hack)){    

   $message = "Naughty Naughty!  "; // COOL

    }*/


// escape username and password for use in SQL//person said on board "looks fine" like this
//to prevent sql injections
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);



// if fields username and password have contents, then...
if($u && $p){

 $p = md5($p);

$query = mysql_query("SELECT * FROM users WHERE Email = '$u' AND (Password = '$p' )");

if(!mysql_num_rows($query))
{
$message = "You do not exist on the system";
}
else
{
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
                                          //if its found a user it will create a populated array, if find nothing, it creates a blank array.
                                        //the mysql_fetch_array automatically gives us our keys for us.
// if username is set, go on...username is a key for $result, and a field in the table.

	$message = "You have been logged in";
	// session is an array, a php defined word, becomes like a variable.which can be accessed on any page.
	// 'userid'here is like a variable. we are going to assign to $_SESSION whatever the $result array contains which is 'username' in this case.

	$_SESSION['userid'] = $result['email'];

	 echo "<script type='text/javascript'>window.location='intro.php'</script>";
}



}





/////////BAN USER CODE/////////////


/*//this is the file that connect to sql
$s=$_SERVER["REMOTE_ADDR"];
//draws IP address of visitor
$ipbancheck="SELECT * from banip where IP='$s'";
$ipbancheck2=mysql_query($ipbancheck);
if (!$ipbancheck2) {
die("query error in $ipbancheck<br.".mysql_error());
}
if (mysql_num_rows($ipbancheck2) > 0)
{
header("Location:http://www.derekvanderven.com/hacker.html");
}
else
{
//put content you want unbanned users to see here
}*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Realm of the Sun Dragon</title>


<title>The Kingdom of Loathing</title>
<link rel="stylesheet" type="text/css" href="css/mainpage.css">
<style type="text/css">
<!--
.style4 {
font-weight: bold;
font-family: "Times New Roman", Times, serif;
font-size: xx-large;
color: #B9A428;
}
.style5 {
color: #FFD646
}
-->
</style>
</head>
<link href='icon/dragon_icon.jpg' rel='icon' type='image/jpg'/>
<body bgcolor=white link=black alink=black vlink=black text=black">

<center>
<table cellpadding=5>
<tr>

<td><img src="dragon_images/glass_dragon_left_tiny.jpg"></td>
<td>
<center>
  <font class="style4 style5">Realm of the Sun Dragon</font><br>
  <br>
</font></center>
</td><td><img src="dragon_images/glass_dragon_right_tiny.jpg"></td>
</table>
</center>
<center>

<table cellpadding=3><tr>
  <td style=" font-family: arial; font-size: 12px; ">
    <div align="center"><a href="whatis.html">What is ROSD?</a>
        <b>::</b>
      
        <a href="signup.php">Create an Account</a>
        <b>::</b>
        <a target=_blank href="#">Forums</a>
        <b>::</b><a href="sendmail.php">Contact Us</a>
      
      </font></div></td>
</tr></table>

<table>
<tr>
<td valign=top>

<table  width=250  cellspacing=0 cellpadding=0><tr><td style="color: white;" align=center bgcolor= #996600><b>Enter the Realm:</b></td>
</tr><tr><td style="padding: 5px; border: 1px solid gold;"><center><table><tr><td><table align=center>
<form name="Login" action="index.php" method="post">

<tr>
  <td align=right class=small>Email:</td><td align=left><input class=text type=text
   name=email size=16 ></td></tr>
<tr><td align=right class=small>Password:</td><td align=left><input class=text type=password name=password size=16></td></tr>
<tr><td colspan=2><center> 
           <input class=button type=submit value="Log In" name=submit id=Submit></center>
<p>

<font size=1>If you've forgotten your password,  please <a href="passrecovery8.php">click here</a>.
<p>
Logging in constitutes agreement to abide by the <a href="policies.html">Policies of ROSD</a>.</td></tr>
</form>
</table>

</td></tr></table></center></td></tr><tr><td height=4></td></tr></table><table  width=250  cellspacing=0 cellpadding=0><tr><td style="color: white;" align=center bgcolor=#996600><b>Sign Up!</b></td>
</tr><tr><td style="padding: 5px; border: 1px solid gold;"><center><table><tr><td><span class=small>Don't have an account?  Create one -- it's free!</span><center><form style='display: inline;' action=signup.php><input type=submit class=button value="Sign up to ROSD">
</form></td></tr></table></center></td></tr><tr><td height=4></td></tr></table><table  width=250  cellspacing=0 cellpadding=0><tr>
  <td style="color: white;" align=center bgcolor=#996600><b>Support the Realm:</b></td>
</tr><tr><td style="padding: 5px; border: 1px solid gold;"><center><table><tr>
  <td><font size=2>
<b>A friendly message from the Creator, Derek.</b>

<p>
As the number of ROSD players increases, so does the cost of hosting.  I very much want to keep the game free, so please consider supporting the development and maintenance of the Realms by donating (once you're logged in...) or picking up some groovy merchandise from our <a target=_blank href="#">Store</a>.
<p>
With a donation of 10 dollars or more, you'll receive an in-game gift!  Check the donate page (accessible from your top menu after you've logged in) for details.
  </font>
</td></tr></table></center></td></tr><tr><td height=4></td></tr></table></td>
<td valign=top>
<table  width=350  cellspacing=0 cellpadding=0><tr><td style="color: white;" align=center bgcolor=#996600><b>Announcements:</b></td>
</tr><tr><td style="padding: 5px; border: 1px solid gold;"><center><table><tr><td><font size=2>There are currently <b>780</b> players logged in.<p>Looking for ROSD players in your area?  Check out the <a target=_blank href="forum.php">community forum</a>!
<p><b>July 23</b><br>
  Sample
<p><b>July 19</b><br>
  Sample
<p><b>June 30</b><br>
  Sample.


<p><center><a href="oldannouncements.php">old announcements</a> / <a href="trivialupdates.php">trivial updates</a>
</center></font></td></tr></table></center></td></tr><tr><td height=4></td></tr></table><table width=350  cellspacing=0 cellpadding=0><tr>
  <td style="color: white;" align=center bgcolor=#996600><b>Go beyond...</b></td>
</tr><tr><td height="243" style="padding: 5px; border: 1px solid gold;"><center>
  <img src="dragon_images/front_dragon_gold.jpg" alt="" width="242" height="309" />
</center></td></tr><tr><td height=194></td>
</tr></table></td>

</tr></table>
</center>


<p align="center"> <font face=Arial>Copyright © 2010 by <a href="http://derekvanderven.com"> Derek Van Derven</a></font></p>

</body></html>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.