vishalonne Posted August 25, 2012 Share Posted August 25, 2012 I already have the php code for login and varification done using mysql database. I have some links which should not work if user click them without VALID LOGIN. My index.html page contain menu - Home Computer Science Informatics Practices Take Test (login required) Software Register Get Together(login required) Structure of my web site index.html---- Login Box and Register Page Link Computer Science (Menu) XI (Sub Menu) Unsolved Question Papers (Link) login not required Project Samples (Link) login not required Solved Materials (Link) login required Forum (Link) login required XI I (Sub Menu) Unsolved Question Papers (Link) login not required Project Samples (Link) login not required Solved Materials (Link) login required Forum (Link) login required Here is the code - login.php (login form) <script type="text/javascript" src="sha512.js"></script> // contain encryption code <script type="text/javascript"> function formhash(form, password) { // Create a new element input, this will be out hashed password field. var p = document.createElement("input"); // Add the new element to our form. p.name = "p"; p.type = "hidden" p.value = hex_sha512(password.value); // Make sure the plaintext password doesn't get sent. password.value = ""; // Finally submit the form. form.appendChild(p); form.submit(); } </script> <?php if(isset($_GET['error'])) { echo 'Error Logging In!'; } ?> </head> <body><form action="process_login.php" method="post" name="login_form"> Email: <input type="text" name="email" /><br /> Password: <input type="password" name="password" id="password"/><br /> <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" /> </form> </body> process_login.php (checking validity) <?php define("HOST", "localhost"); // The host you want to connect to. define("USER", "root"); // The database username. define("PASSWORD", ""); // The database password. define("DATABASE", "check1"); // The database name. $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE); echo "Process Login"; include 'functions.php'; sec_session_start(); // Our custom secure way of starting a php session. if(isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; // The hashed password. if(login($email, $password, $mysqli) == true) { // Login success echo 'Success: You have been logged in!'; } else { // Login failed header('Location: ./login.php?error=1'); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request'; } ?> Can see the online demo of web site here http://www.cbsecsnip.in/ Quote Link to comment https://forums.phpfreaks.com/topic/267558-how-to-restrict-some-links-to-be-click-without-valid-login/ Share on other sites More sharing options...
Pikachu2000 Posted August 25, 2012 Share Posted August 25, 2012 The better way would be to check if the user is logged in upon arrival at one of the pages that require login, and if not logged in, redirect to your login page. Quote Link to comment https://forums.phpfreaks.com/topic/267558-how-to-restrict-some-links-to-be-click-without-valid-login/#findComment-1372318 Share on other sites More sharing options...
vishalonne Posted August 25, 2012 Author Share Posted August 25, 2012 Thank you Pikachu for looking into my Issue. What I understand from your reply that I should check every page like this <?php if(isset($_SESSION['user'])){ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="#">Uploads</a></li> <li class="serviceli"><a href="downloads.php">Solved Materials</a></li> <li class="serviceli"><a href="#">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } else{ do the required login here... (this contains the links to push to a login page) }?> But if you see the page on site on a page I have 5-6 link some of them need login and some are not how can I separate them? Quote Link to comment https://forums.phpfreaks.com/topic/267558-how-to-restrict-some-links-to-be-click-without-valid-login/#findComment-1372321 Share on other sites More sharing options...
Christian F. Posted August 25, 2012 Share Posted August 25, 2012 As Pikachu said, you don't want to check if the users are logged in before they click the link. You want to check it, at the server, when the page is loading. That way it's easy to determine whether or not someone has access to the page. If the user doesn't have access, redirect to login form. As simple as that. Quote Link to comment https://forums.phpfreaks.com/topic/267558-how-to-restrict-some-links-to-be-click-without-valid-login/#findComment-1372327 Share on other sites More sharing options...
vishalonne Posted August 25, 2012 Author Share Posted August 25, 2012 Okay I got the point... So I have to check those page which require validation. Right..! Quote Link to comment https://forums.phpfreaks.com/topic/267558-how-to-restrict-some-links-to-be-click-without-valid-login/#findComment-1372329 Share on other sites More sharing options...
Christian F. Posted August 25, 2012 Share Posted August 25, 2012 Yep, that's right. Quote Link to comment https://forums.phpfreaks.com/topic/267558-how-to-restrict-some-links-to-be-click-without-valid-login/#findComment-1372333 Share on other sites More sharing options...
vishalonne Posted August 25, 2012 Author Share Posted August 25, 2012 Thanx for guidance. If you don't mind can you please check my code just I tried have some problem login.php <script type="text/javascript" src="sha512.js"></script> <script type="text/javascript"> function formhash(form, password) { // Create a new element input, this will be out hashed password field. var p = document.createElement("input"); // Add the new element to our form. p.name = "p"; p.type = "hidden" p.value = hex_sha512(password.value); // Make sure the plaintext password doesn't get sent. password.value = ""; // Finally submit the form. form.appendChild(p); form.submit(); } </script> <?php if(isset($_GET['error'])) { echo 'Error Logging In!'; } ?> </head> <body><form action="[b]process_login.php[/b]" method="post" name="login_form"> Email: <input type="text" name="email" /><br /> Password: <input type="password" name="password" id="password"/><br /> <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" /> </form> process_login.php <?php define("HOST", "localhost"); // The host you want to connect to. define("USER", "root"); // The database username. define("PASSWORD", ""); // The database password. define("DATABASE", "check1"); // The database name. $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE); echo "Process Login"; include 'functions.php'; sec_session_start(); // Our custom secure way of starting a php session. if(isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; // The hashed password. if(login($email, $password, $mysqli) == true) { // Login success include("XICS.php"); } else { // Login failed header('Location: ./login.php?error=1'); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request'; } ?> XICS.php on top of the page <?php $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE); echo "Process Login"; sec_session_start(); ?> then where the links should appear <?php if(login_check($mysqli) == true){ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="#">Uploads</a></li> <li class="serviceli"><a href="downloads.php">Solved Materials</a></li> <li class="serviceli"><a href="forum.php">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } else{ ?> <div id="nav" class="image002-03"> <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span> <ul id="ul1" class="serviceul"> <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li> <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li> <li class="serviceli"><a href="#">Notes</a></li> <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li> <li class="serviceli"><a href="#">Presentations</a></li> <li class="serviceli"><a href="login.php">Uploads</a></li> <li class="serviceli"><a href="login.php">Solved Materials</a></li> <li class="serviceli"><a href="login.php">Forum</a></li> <li class="serviceli"><a href="#">Live Chat</a></li> </ul> </div> <?php } ?> This is working but if give wrong password or id it is not showing those link which doesn't require login credentials. Rest is fine :-\ Quote Link to comment https://forums.phpfreaks.com/topic/267558-how-to-restrict-some-links-to-be-click-without-valid-login/#findComment-1372336 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.