Jump to content

user login required to access pages

jonahpup

By jonahpup
in PHP Coding Help

 Share

Recommended Posts

jonahpup Newbie

jonahpup

Posted
Posted

Ok... after getting some really good help on here yesterday, I decided I would ask for a bit more help...

 

I have a 3 page (index.php, login.php, and logout.php) user login script which connects to my user database to check username and password for user logging in.

 

if you have a look at www.350finale.co.nz/test and use the username: test and password: test you will see how it all works...

 

What I want to know is, if I directly type in www.350finale.co.nz/test/page2.php it will redirect me to the login page (unless I am already logged in), which is what I want, however, once I have logged in, I want it to take me back to page2.php not index.php like it currently is.

 

How do I do this???

 

I will include the code for my index.php page, and login.php (logout.php is as I want it).

 

index.php

<?php
// Connects to your Database
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

//checks cookies to make sure they are logged in
if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{

//if the cookie has the wrong password, they are taken to the login page
if ($pass != $info['password'])
{ header("Location: login.php");
}

//otherwise they are shown the admin area
else
{
?>

<html>
<head>
<link rel="stylesheet" href="styles/main.css" type="text/css" />
</head>
<body>
<div id="main">
<h1>Welcome</h1>

<div style="border: 1px dashed black; padding: 1.5em">
<h3>You are now logged in</h3>

<p>Click on a link below!</p>

<a href="logout.php">Logout</a><br /><br />
<a href="page2.php">Next Page</a>
</div>
</div>
</body>
</html>



<?
}
}
}
else

//if the cookie does not exist, they are taken to the login screen
{
header("Location: login.php");
}
?>

 

 

login.php

<?php

// Connects to your Database 
mysql_connect("localhost", "username", "password") or die(mysql_error()); 
mysql_select_db("database") or die(mysql_error()); 


//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))


//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check )) 	
	{

	if ($pass != $info['password']) 
		{

		}

	else
		{
		header("Location: index.php");

		}

	}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
	die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
	$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
	die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
			}


while($info = mysql_fetch_array( $check )) 	
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) { ?>
<html>
<head>
<link rel="stylesheet" href="styles/main.css" type="text/css" />
</head>
<body>
<div id="main">
<div style="border: 1px dashed black; padding: 1.5em">
<?
	die('Incorrect password, click the BACK button and please try again.');
}  
else
{
// if login is ok then we add a cookie 

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);	

//then redirect them to the members area
header("Location: index.php");
}

}

} else {	

// if they are not logged in
?>
<html>
<head>
<link rel="stylesheet" href="styles/main.css" type="text/css" />
</head>
<body>
<div id="main">
<div style="border: 1px dashed black; padding: 1.5em">

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}


?>

</div>
</div>
</body>
</html>

 

 

page2.php

<?php
// Connects to your Database
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

//checks cookies to make sure they are logged in
if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{

//if the cookie has the wrong password, they are taken to the login page
if ($pass != $info['password'])
{ header("Location: login.php");
}

//otherwise they are shown the admin area
else
{
?>
<html>
<head>
<link rel="stylesheet" href="styles/main.css" type="text/css" />
</head>
<body>
<div id="main">
<h1>Page 2</h1>

<div style="border: 1px dashed black; padding: 1.5em">
<h3>You are now logged in and can view content on Page 2</h3>

<a href="logout.php">Logout</a><br />

</div>
</div>
</body>
</html>
<?
}
}
}
else

//if the cookie does not exist, they are taken to the login screen
{
header("Location: login.php");
}
?>

 

 

If anyone can help me, that would be awesome!

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

In login.php, change this....

 

//then redirect them to the members area
header("Location: index.php");

 

to....

 

//then redirect them to the members area
header("Location: index2.php");

Link to comment
Share on other sites
jonahpup Newbie

jonahpup

Posted
  • Author
Posted

In login.php, change this....

 

//then redirect them to the members area
header("Location: index.php");

 

to....

 

//then redirect them to the members area
header("Location: index2.php");

 

I tried that... but it will then redirect to index2.php when logged in, no matter what page they have come from...

 

I need it so that whatever page a user comes from, once the user is successfully logged in, I want them to be returned to the page they came from...

 

???

 

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

Well, thats different. The most reliable way is to send the previous page through a url variable.

 

Can we see the code within index2.php that redirects a user to login.php if they are not logged in?

Link to comment
Share on other sites
jonahpup Newbie

jonahpup

Posted
  • Author
Posted 

<?php
// Connects to your Database
mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

//checks cookies to make sure they are logged in
if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{

//if the cookie has the wrong password, they are taken to the login page
if ($pass != $info['password'])
{ header("Location: login.php");
}

//otherwise they are shown the admin area
else
{
?>
<html>
<head>
<link rel="stylesheet" href="styles/main.css" type="text/css" />
</head>
<body>
<div id="main">
<h1>Page 2</h1>

<div style="border: 1px dashed black; padding: 1.5em">
<h3>You are now logged in and can view content on Page 2</h3>

<a href="logout.php">Logout</a><br />

</div>
</div>
</body>
</html>
<?
}
}
}
else

//if the cookie does not exist, they are taken to the login screen
{
header("Location: login.php");
}
?>

 

Here is the code!

Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted

edit:  2 people have posted, and I think they answered your question, but I already typed this so might as well post it ;p

 

My personal favorite way to do that is to do something like:

 

if($_SESSION['username']) { //assuming when users login you set the username key of the session array to their username
//display normal content or what ever you want logged in people to see
}
else {
include("login form file");
}

Note: with the session if thing, you could easily use a cookie check or anything else there instead.

 

Then your login file would contain the login form (with the action set to "" or $_SERVER['PHP_SELF']) and the logic necessary to process it.

That way the page would include the login field instead of redirecting to it, and it would show the correct page if the $_SESSION['username'] or what ever value was when the login form was submitted (assuming the password and user were correct ;p).

 

I hope that made sense....

 

Anyway, working with your existing code, the easiest thing to do would be either check the referrer via $_SERVER['HTTP_REFERER'].  You would have to pass this as a hidden field in the form, since the referrer would end up being login.php if you evaluated it after you submitted the form.  You would definitely want to check the referrer and make sure it's from your site, and so on before you redirected.

Link to comment
Share on other sites
dj-kenpo Member

dj-kenpo

Posted
Posted

$ref = $_SERVER['HTTP_REFERER'];

 

if(preg_match('/^(www\.example¦example)\.com/', $ref) ){

//do matched stuff

}

else{

//do unmatched stuff

}

 

assuming your site is example.com

then you can check the http refer.

if it came from your domain, use it, else ignore, and pass it as they said as a hidden form variable.

Link to comment
Share on other sites
dj-kenpo Member

dj-kenpo

Posted
Posted

http refer is acctually the incorrect way to do it now that I looked furthur, as the $server command is limited on many shared hosts (ie, on my dreamhost accoutn it works on one server, not the other...) also, it relies on the clients browser, so it's hit and miss, many browsers don't report it due to security.

 

it's much better to use sessions to supply the previous page url

 

I'll let someone else do the example code for that one tho...

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.