willc Posted March 14, 2008 Share Posted March 14, 2008 Hello, I am having some difficulty. I have a page that I am trying to limit access to: www.mydomain.com/forum/index.php I only want members to be able to get to that page after a successful log in and from a link within a members only page: www.mydomain.com/members/members_page.php On members_page.php, the link will take us to another page (www.mydomain.com/members/forum.php). On forum.php, the www.mydomain.com/forum/index.php page is "embedded" using phpinclude. The sessions don't seem to be working. I know I'm missing something because I am an idiot with this stuff. So, here's how the progression goes and the essential code for each page: 1. Deny access to www.mydomain.com/forum/index.php directly unless they have logged in: <?php session_start(); if ($_SESSION['access'] !== true) { header("location:http://www.mydomain.com/members/main_login.php"); } ?> HTML and php of the forum index page falls below the code above. 2. If they have not logged in, they have been directed to main_login.php. Here is the code on that page: <? session_start(); if ($_SESSION['access'] == true) { header("location:http://www.mydomain.com/members/members_page.php"); //let them in if successful log-in } ?> Form HTML falls below the code above. 3. After they have entered their log-in information, they are sent to checklogin.php to see if the username and password match. Here is the code for that: <?php session_start(); $host="xxxxx"; $username="xxxxx"; $password="xxxxx"; $db_name="xxxxx"; $tbl_name="xxxxxx"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $myusername=strtoupper($_POST['myusername']); $mypassword=$_POST['mypassword']; $sql="SELECT * FROM $tbl_name WHERE UPPER(lastname) LIKE '%$myusername%' and membernum='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ $_SESSION['access'] = true; header("Location: http://www.mydomain.com/members/members_page.php"); } else { echo "Wrong Username or Password"; } ?> 4. If they have logged in successfully, they are sent to the members_page.php. Here is the php code for that page: <?php session_start(); if ($_SESSION['access'] !== true) { header("location:http://www.mydomain.com/members/main_login.php"); } 5. On members_page.php, there is a link to another page (www.mydomain.com/members/forum.php) which has the forum index page (www.mydomain.com/forum/index.php) embedded in it using phpinclude. So when they load www.mydomain.com/members/forum.php, they are actually partly seeing www.mydomain.com/forum/index.php within it. Here is the code for www.mydomain.com/members/forum.php <?php session_start(); if ($_SESSION['access'] !== true) { header("location:http://www.mydomain.com/members/main_login.php"); } ?> HTML of website with php code is down below the code above. The link to the actual forum (www.mydomain.com/forum/index.php) is done using phpinclude so it happens automatically. So phpinclude brings the forum page (forum/index.php) into the members' forum page (members/forum.php). Here is that code in the middle of the HTML of the forum.php page: <?php session_start(); $_SESSION['access'] = true; include("http://www.mydomain.com/forum/"); ?> My problem is that I can't get into the forum. I am just sent endlessly in a loop from the member log in page to the members only page, around and around. I suspect that something is happening where the session is not being carried over from the link on the members_only page to the forum.php page. The access=true is not working on the embedded forum because it keeps asking me to log-in. Should I not be using phpinclude or do you see something that I don't that is not allowing me to get into the forum? I think I am probably using sessions incorrectly. Any help in any area greatly appreciated. Thank you, Will Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 14, 2008 Share Posted March 14, 2008 i believe you have to register the session before assigning it. but I could be wrong. session_register(''access''); Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 14, 2008 Share Posted March 14, 2008 also enclose all the access session value in qoutes if($count==1){ session_register("access"); //register first $_SESSION['access'] = "true"; //enclose in quotes header("Location: http://www.mydomain.com/members/members_page.php"); } else { echo "Wrong Username or Password"; } ?> wrap in quotes for all pages <? session_start(); if ($_SESSION['access'] == "true") { header("location:http://www.mydomain.com/members/members_page.php"); //let them in if successful log-in } ?> Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 14, 2008 Share Posted March 14, 2008 this is wrong. !== Here is the code for www.mydomain.com/members/forum.php <?php session_start(); if ($_SESSION['access'] !== true) { header("location:http://www.mydomain.com/members/main_login.php"); } ?> use this != and dont forget to enclose in quotes Here is the code for www.mydomain.com/members/forum.php <?php session_start(); if ($_SESSION['access'] != "true") { header("location:http://www.mydomain.com/members/main_login.php"); } ?> Quote Link to comment Share on other sites More sharing options...
willc Posted March 14, 2008 Author Share Posted March 14, 2008 thank you, i will give that a go! I hope it works. Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 14, 2008 Share Posted March 14, 2008 lol sorry. WHY are you doing this??? $sql="SELECT * FROM $tbl_name WHERE UPPER(lastname) LIKE '%$myusername%' and membernum='$mypassword'"; thats no good. if your worried about the whitespaces use the trim() function also use single quote to enclose the field name when your using the UPPER function like so $myusername = trim($myusername); $sql="SELECT * FROM $tbl_name WHERE UPPER('lastname')='$myusername' and membernum='$mypassword'"; Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 14, 2008 Share Posted March 14, 2008 "also use single quote to enclose the field name when your using the UPPER function" not required. i typically use single-word legal MySQL column names and never use quotes to avoid any problems. Quote Link to comment Share on other sites More sharing options...
willc Posted March 14, 2008 Author Share Posted March 14, 2008 Hi, First, thanks for your help. I really do appreciate it. Second, please laugh at me loudly. Seriously. It's comical that I'm even trying to tackle this stuff. My brain cannot handle this code. I really don't know how you guys do it. In any case, to answer your question: $sql="SELECT * FROM $tbl_name WHERE UPPER(lastname) LIKE '%$myusername%' and membernum='$mypassword'"; I was just trying to choose the username from the table regardless of whether they entered a lower case last name or an uppercase one. I didn't want there to be any difference between "Jones" and "jones." I thought that's how it was done. But I will implement your solution. All of your help on the log-in seems to be working (thank you) but I'm not quite there yet. I get this error now: Warning: include(http://www.mydomain.org/forum/) [function.include]: failed to open stream: Redirection limit reached, aborting in /forum.php on line 397 Warning: include() [function.include]: Failed opening 'http://www.mydomain.org/forum/' for inclusion forum.php on line 397 Those errors occur on the forum.php page so it seems that once that is fixed, we will be in business! Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 14, 2008 Share Posted March 14, 2008 why are you using this? you dont want it to redirect there? <?php session_start(); $_SESSION['access'] = true; include("http://www.mydomain.com/forum/"); ?> like this <?php session_start(); $_SESSION['access'] = true; header("location: http://www.mydomain.com/forum/"); ?> oh and btw i wasent laughing out loud at you. I was laughing becuase I posted so many times instead of just one time Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 14, 2008 Share Posted March 14, 2008 In any case, to answer your question: $sql="SELECT * FROM $tbl_name WHERE UPPER(lastname) LIKE '%$myusername%' and membernum='$mypassword'"; I was just trying to choose the username from the table regardless of whether they entered a lower case last name or an uppercase one. I didn't want there to be any difference between "Jones" and "jones." I thought that's how it was done. But I will implement your solution. ok so so do it the way i posted $myusername=strtoupper($_POST['myusername']); $myusername = trim($myusername); $mypassword=$_POST['mypassword']; $sql="SELECT * FROM $tbl_name WHERE UPPER('lastname')='$myusername' and membernum='$mypassword'"; $result=mysql_query($sql); Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 14, 2008 Share Posted March 14, 2008 unless you enable URL access for the include function in PHP.ini then it wont work. if its on your server then just use the path to it. ex. /home/user/public_html/forums/index.php (just an example) Quote Link to comment Share on other sites More sharing options...
willc Posted March 14, 2008 Author Share Posted March 14, 2008 thanks for the username stuff, i will implement that. on the php include, i just thought that's how it was done if i wanted to "embed" the /forum/index.php page into the members/forum.php page. But you are suggesting that I put the header redirect in instead? The php include is now in the middle of the page, in some html code. When I implement your suggestion, I get this error: Warning: Cannot modify header information - headers already sent by (output started at members/forum.php:20) in members/forum.php on line 397. Line 397 has this on it: ("location: http://www.mydomain.org/forum/"); Thanks again for all your help with this. Also, I will look into just using the path with include. Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 14, 2008 Share Posted March 14, 2008 on the php include, i just thought that's how it was done if i wanted to "embed" the /forum/index.php page into the members/forum.php page yes do that! read my last post. you cant use a URL instead use the path like you said include("/forum/index.php"); Quote Link to comment Share on other sites More sharing options...
willc Posted March 17, 2008 Author Share Posted March 17, 2008 Hello, No matter what I do with the php's include function, I am getting errors on my page. My code in my php page is this: include("http://www.mydomain.org/forum/"); when I do that, I get these error messages: Warning: include(http://www.mydomain.org/forum/) [function.include]: failed to open stream: Redirection limit reached, aborting in /home/usr/public_html/members/forum.php on line 397 Warning: include() [function.include]: Failed opening 'http://www.mydomain.org/forum/' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/usr/public_html/members/forum.php on line 397 I've even checked the php.ini file and it allows urls. Alternatively, when I use the relative path instead like this: include("/home/usr/public_html/forum/index.php"); I get these warning messages: Warning: include(./extension.inc) [function.include]: failed to open stream: No such file or directory in /home/usr/public_html/forum/index.php on line 33 Warning: include() [function.include]: Failed opening './extension.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/usr/public_html/forum/index.php on line 33 Warning: include(./common.) [function.include]: failed to open stream: No such file or directory in /home/usr/public_html/forum/index.php on line 34 Warning: include() [function.include]: Failed opening './common.' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/usr/public_html/forum/index.php on line 34 Fatal error: Call to undefined function session_pagestart() in /home/usr/public_html/forum/index.php on line 39 Anybody know what to do about this? There must be something simple I'm missing. Are .php files supposed to go in specific, "pre-designated" directories? Thank you! Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 17, 2008 Share Posted March 17, 2008 thats wierd... try include($_SERVER['DOCUMENT_ROOT']."/forum/index.php"); Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 17, 2008 Share Posted March 17, 2008 wait... let me see your code for line 33 on index.php Warning: include() [function.include]: Failed opening './extension.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/usr/public_html/forum/index.php on line 33 Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 17, 2008 Share Posted March 17, 2008 wait... let me see your code for line 33 on index.php Warning: include() [function.include]: Failed opening './extension.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/usr/public_html/forum/index.php on line 33 Quote Link to comment Share on other sites More sharing options...
willc Posted March 18, 2008 Author Share Posted March 18, 2008 here are lines 33-39 on index.php where the problems now seem to be occurring: 33 include($phpbb_root_path . 'extension.inc'); 34 include($phpbb_root_path . 'common.'.$phpEx); 35 36 // 37 // Start session management 38 // 39 $userdata = session_pagestart($user_ip, PAGE_INDEX); Have the file paths been screwed up? Thank you! Quote Link to comment Share on other sites More sharing options...
willc Posted March 18, 2008 Author Share Posted March 18, 2008 thats wierd... try include($_SERVER['DOCUMENT_ROOT']."/forum/index.php"); When I inserted the code above, I got the same error messages as before.... I think the problem is on index.php. I have included the code in the previous post that is likely causing the problem. Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 19, 2008 Share Posted March 19, 2008 hrmmm what is the value of $phpbb_root_path also... any one else in the forum care to help as well???? Quote Link to comment Share on other sites More sharing options...
l0ve2hat3 Posted March 19, 2008 Share Posted March 19, 2008 can you post all your code? or is it too much or private? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.