Dada78 Posted January 17, 2008 Share Posted January 17, 2008 I have been reading about this for the past 2 weeks and looking at code examples but I am not real clear how this works or if this does what I am needing it to do. How can I restrict pages to only users after they have registered and logged in? I have already built the registration, log in, user CP page and the database for it is all built. I really just need to secure certain pages. I have an ID column so I need to be able to create a unique sessions ID depending on what it is in the table because the user will be able to enter information I will need to be able for them to enter information into their row that their registration information is entered on. Hope that makes sense. If not I can give you some examples, but if anyone knows how to go about this I am open to suggestions. I am just really tired so forgive me if it doesn't make much sense. -Thanks Quote Link to comment Share on other sites More sharing options...
predator Posted January 17, 2008 Share Posted January 17, 2008 on the login page you could have a session called hasLoggedIn = 1 and then validate that on the pages u want secure for example on the top of each page you would want <? session_start(): if($_SESSION['hasLoggedIn']!=1) { header("Location: login.php"); } ?> Quote Link to comment Share on other sites More sharing options...
Dada78 Posted January 17, 2008 Author Share Posted January 17, 2008 Thank you for that it seems to be working when someone tries to access a page directly. What in my login would I need to add. Also I need them to be logged in by their ID that is in the Database. Another problem I am having is if someone leaves a field blank it is suppose to show the user an error that they left XXX field blank but it isn't working for some reason. <?php include ('db_connect.php'); if (isset($_POST['submit'])) { if (empty($_POST['email']) || empty($_POST['password'])) { $error = 'Please fill in all fields.'; // here, they have not filled in either the username OR the password. Set an error. } else { // email and password sent from signup form $email=$_POST['email']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE email='$email' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $email and $password, table row must be 1 row if($count==1){ // Register $email, $password and redirect to file "user.php" session_register("email"); session_register("password"); header("location:user.php"); } } } ?> -Thanks Quote Link to comment Share on other sites More sharing options...
predator Posted January 17, 2008 Share Posted January 17, 2008 in the login script once the have been validated you would declare the session there to = 1 but only validate it when there username and password match and are all ok. what is their id used for from the database? as for the error probs i am havin a butchers at that now for ya mate Quote Link to comment Share on other sites More sharing options...
predator Posted January 17, 2008 Share Posted January 17, 2008 just check it works normally to check if emptys return something with the below code. <?php include ('db_connect.php'); if (isset($_POST['submit'])) { if ($_POST['email'] == "" || $_POST['password'] == "") { $error = 'Please fill in all fields.'; // here, they have not filled in either the username OR the password. Set an error. } else { // email and password sent from signup form $email=$_POST['email']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE email='$email' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $email and $password, table row must be 1 row if($count==1){ // Register $email, $password and redirect to file "user.php" session_register("email"); session_register("password"); header("location:user.php"); } } } ?> Quote Link to comment Share on other sites More sharing options...
Dada78 Posted January 17, 2008 Author Share Posted January 17, 2008 in the login script once the have been validated you would declare the session there to = 1 but only validate it when there username and password match and are all ok. what is their id used for from the database? as for the error probs i am havin a butchers at that now for ya mate I am unclear how to validate the session in the login form. The ID in the database is for a unique session so that the user will be directed to their own User CP instead of all registered users being directed to the same User CP. Once regsitered and logged in from the User CP they will be able to submit their display from this URL http://www.mesquitechristmas.com/local/submit.php It's not protected not but will be. Anyways the values are entered into the same row as their ID, Email and Password. So to make sure the user is entering the correct data to the correct row with their regsiteration information I have the ID. Does that make sense? If you know of an easier way or have an suggestion I am open. I am web developer but I only deal with the design parts with HTML, XHTML, CSS etc. The guy that is suppose to handle the function and PHP side bailed on me which left me to fend for myself and I am almost home if I can just get this out of the way. I tried the code for showing an error but if you hit submit without filling out a field no error is showed. http://www.mesquitechristmas.com/local/login.php Quote Link to comment Share on other sites More sharing options...
predator Posted January 17, 2008 Share Posted January 17, 2008 right in the login script when u check to see if the users pass and and username match before u redirect them to there CP do $_SESSION['hasLoggedIn'] = 1; then make a new sql statment to do $SQL = SELECT * FROM users where username='username the person used to sign in with' $result = mysql_query($SQL); $row = mysql_fetch_assoc($result); $_SESSION['userID'] = $row['id']; then redirect user then the sessions userID contains there id for the no error showing just put some echos in the different stages to see whether or not it is getting to the areas it needs to get to Quote Link to comment Share on other sites More sharing options...
predator Posted January 17, 2008 Share Posted January 17, 2008 use this code for the no errors not showing then you can see where you are or are not entering the script <?php include ('db_connect.php'); if (isset($_POST['submit'])) { if ($_POST['email'] == "" || $_POST['password'] == "") { echo "it enters the missing fields box"; $error = 'Please fill in all fields.'; // here, they have not filled in either the username OR the password. Set an error. } else { echo "it enters the part to show fields are field in(delete me once debugged as the headers will not work other wise)"; // email and password sent from signup form $email=$_POST['email']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE email='$email' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $email and $password, table row must be 1 row if($count==1) { // Register $email, $password and redirect to file "user.php" session_register("email"); session_register("password"); header("location:user.php"); } } } echo "does not enter the submit check"; ?> Quote Link to comment Share on other sites More sharing options...
Dada78 Posted January 17, 2008 Author Share Posted January 17, 2008 The statement that is getting echoed is "does not enter the submit check" which is the last one on the code. I don't know what that means. I guess I must be tired but I am not understanding exactly where to insert this code in reference to what is already there. All their is no username, they register and login using their email and password they entered on the registration form. here is the current code <?php include ('db_connect.php'); if (isset($_POST['submit'])) { if ($_POST['email'] == "" || $_POST['password'] == "") { echo "it enters the missing fields box"; $error = 'Please fill in all fields.'; // here, they have not filled in either the username OR the password. Set an error. } else { echo "it enters the part to show fields are field in(delete me once debugged as the headers will not work other wise)"; // email and password sent from signup form $email=$_POST['email']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE email='$email' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $email and $password, table row must be 1 row if($count==1) { // Register $email, $password and redirect to file "user.php" $_SESSION['hasLoggedIn'] = 1; session_register("email"); session_register("password"); header("location:user.php"); } } } echo "does not enter the submit check"; ?> -Thanks Quote Link to comment Share on other sites More sharing options...
predator Posted January 17, 2008 Share Posted January 17, 2008 where it is echoing does not enter submit check that means it is not seeing the press of the submit button (just check the spelling for the sumbit button name with the name you have there). other than that the code you should have is this for the sessions to work <?php include ('db_connect.php'); if (isset($_POST['submit'])) { if ($_POST['email'] == "" || $_POST['password'] == "") { echo "it enters the missing fields box"; $error = 'Please fill in all fields.'; // here, they have not filled in either the username OR the password. Set an error. } else { echo "it enters the part to show fields are field in(delete me once debugged as the headers will not work other wise)"; // email and password sent from signup form $email=$_POST['email']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE email='$email' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $email and $password, table row must be 1 row if($count==1) { // Register $email, $password and redirect to file "user.php" $_SESSION['hasLoggedIn'] = 1; //get the users id that is associated with him $SQL2 = "SELECT * FROM users WHERE email='$email'"; $result2 = mysql_query($SQL); $row = mysql_fetch_assoc($result); //store the id in the session for use $_SESSION['userID'] = $row['id']; session_register("email"); session_register("password"); header("location:user.php"); } } } echo "does not enter the submit check"; ?> Quote Link to comment Share on other sites More sharing options...
Dada78 Posted January 17, 2008 Author Share Posted January 17, 2008 Ok the error is working now, I was just testing the script and realized I need to add an error if someone enters the wrong login information, I will get to that though in a minute though. I tried to log in and it doesn't log in and go to the user.php You can try to test this at http://www.mesquitechristmas.com/local/login.php email: test1@test.com password: 22250916 All it does it refresh with no error <?php include ('db_connect.php'); if (isset($_POST['submit'])) { if ($_POST['email'] == "" || $_POST['password'] == "") { echo "it enters the missing fields box"; $error = 'Please fill in all fields.'; // here, they have not filled in either the username OR the password. Set an error. } else { // email and password sent from signup form $email=$_POST['email']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE email='$email' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $email and $password, table row must be 1 row if($count==1) { // Register $email, $password and redirect to file "user.php" $_SESSION['hasLoggedIn'] = 1; //get the users id that is associated with him $SQL2 = "SELECT * FROM users WHERE email='$email'"; $result2 = mysql_query($SQL); $row = mysql_fetch_assoc($result); //store the id in the session for use $_SESSION['userID'] = $row['id']; session_register("email"); session_register("password"); header("location:user.php"); } } } ?> -Thanks Quote Link to comment Share on other sites More sharing options...
Dada78 Posted January 17, 2008 Author Share Posted January 17, 2008 Ok I have figured out what my problem is I am just not sure how to fix it. Since when you register the password is entered into the database as MD5. So when you log in it needs to set as MD5 before the password on the login page. I am just not sure which password to put it in front of and how exactly. I have tried a few different ways but have failed Here is the code for the login page <?php session_start(); include ('db_connect.php'); if (isset($_POST['submit'])) { if ($_POST['email'] == "" || $_POST['password'] == "") { $error = 'Please fill in all fields.'; // here, they have not filled in either the username OR the password. Set an error. } else { // email and password sent from signup form $email=$_POST['email']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE email='$email' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $email and $password, table row must be 1 row if($count==1) { // Register $email, $password and redirect to file "user.php" $_SESSION['hasLoggedIn'] = 1; //get the users id that is associated with him $SQL2 = "SELECT * FROM users WHERE email='$email'"; $result2 = mysql_query($SQL); $row = mysql_fetch_assoc($result); //store the id in the session for use $_SESSION['userID'] = $row['id']; session_register("email"); session_register("password"); header("location:user.php"); } } } ?> -Thanks Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 17, 2008 Share Posted January 17, 2008 try this <?php session_start(); include ('db_connect.php'); if (isset($_POST['submit'])) { if ($_POST['email'] == "" || $_POST['password'] == "") { $error = 'Please fill in all fields.'; // here, they have not filled in either the username OR the password. Set an error. } else { // email and password sent from signup form $email=$_POST['email']; $password=md5($_POST['password']); $sql="SELECT * FROM users WHERE email='$email' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $email and $password, table row must be 1 row if($count==1) { // Register $email, $password and redirect to file "user.php" $_SESSION['hasLoggedIn'] = 1; //get the users id that is associated with him $SQL2 = "SELECT * FROM users WHERE email='$email'"; $result2 = mysql_query($SQL); $row = mysql_fetch_assoc($result); //store the id in the session for use $_SESSION['userID'] = $row['id']; session_register("email"); session_register("password"); header("location:user.php"); } } } ?> Quote Link to comment Share on other sites More sharing options...
predator Posted January 17, 2008 Share Posted January 17, 2008 yeah wot adam has put dada will work correctly for you mate Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.