SitePoint Sponsor

User Tag List

Results 1 to 15 of 15

Hybrid View

  1. #1
    SitePoint Addict Chris Roane's Avatar
    Join Date
    Jul 1999
    Location
    Helena, MT
    Posts
    287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I call up this script after someone fills out and submits a login form. The code is meant to see if the username and password matchs from another file and if it does, it should load the index page.

    ---------------------------------
    <?
    function authenticateUser($user, $password)
    {

    If($file = fopen("password.txt", "r")) {
    $files = fread($file, 500);
    $files = split("/", "$files");
    $real_username = $files[0];
    $real_password = $files[1];
    If (($user == $real_username) && ($password == $real_password)) {
    return 1 ;
    } else {
    return 0 ;
    } // end if statement
    } // end if statement

    } // end function

    If (authenticateUser($form_user_id,$form_password)) {
    setcookie ("cookie_user","$form_user_id");
    setcookie ("cookie_passwd","$form_password");
    Header("Location: /index.php3");
    }
    ?>
    ---------------------------------
    When that page loads after I submit the login form, and when the login information is correct, it brings up these errors:

    ---------------------------------
    Warning: Oops, php3_SetCookie called after header has been sent in /home/spot/spotscripts-www/phpmo/admin/admin.php3 on line 21

    Warning: Oops, php3_SetCookie called after header has been sent in /home/spot/spotscripts-www/phpmo/admin/admin.php3 on line 22

    Warning: Cannot add more header information - the header was already sent (header information may be added only before any output is generated from the script - check for text or whitespace outside PHP tags, or calls to functions that output text) in /home/spot/spotscripts-www/phpmo/admin/admin.php3 on line 23
    ---------------------------------

    The previous code is the whole file.

    Any help would be appreciated.

    Chris Roane

  2. #2
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should really take a look at sessions for this kind of task.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  3. #3
    SitePoint Addict Chris Roane's Avatar
    Join Date
    Jul 1999
    Location
    Helena, MT
    Posts
    287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've heard about Sessions before, but they sem pretty complicated.

    What would the advantages of using sessions have over my current method?

    Chris Roane

  4. #4
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1) You can store your usernames and passwords in a database


    Using Sessions
    you simply call session_start(); at the top of the pages that you want to use session variables in

    For instance
    session_start();
    session_register("SESSION");
    session_register($SESSION["username"]);
    $SESSION["username"] = "billybob";

    now on any page I can call $SESSION["username"]
    and get the value for the life of the session.

    The point is that now you could simply put two lines at the top of pages you wanted password protected

    if (empty($SESSION["username"])) header("Location: login.php");

    Then on your login script page once the user is validated you can shoot them off to whatever page. It is basically like your method but all the cookie stuff is taken care of by the session functions
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  5. #5
    SitePoint Addict Chris Roane's Avatar
    Join Date
    Jul 1999
    Location
    Helena, MT
    Posts
    287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That sounds like a good idea.

    But I don't need to store my username and password in a database because there will only be one set of them. I thought it would be kind of pointless to create a table for only one username and one password.

    "now on any page I can call $SESSION["username"]
    and get the value for the life of the session."


    What do you mean "life" of the session? Are you talking about how long that username has been logged in or something?

    The whole purpose of this password protection is for the administration area of a script I am working on.

    Thanks!

    Chris Roane

  6. #6
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    exactly until you destroy the session close your browser or the session times out. It would make your adminisration a lot more scalable, so one day if you wanted you could give someone else a username and password to the admin area you wouln't need to change any scripts
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  7. #7
    SitePoint Evangelist
    Join Date
    May 2000
    Location
    Canada
    Posts
    533
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    quick tip.. if you're the only person logging into the site, .htacess would be a much easier solution than any kind of scripts...

    otherwise, sessions are good and scalable
    cogito, ergo sum

  8. #8
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    And Vinay you could move your app from server with relative ease and completely independent of the web server providing you have php installed on each machine you want use. htaccess is an Apache thing and IIS doesn't have it.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  9. #9
    Fluffy Kitten Programmer~ Elledan's Avatar
    Join Date
    Jun 2000
    Location
    Netherlands
    Posts
    1,356
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What are the best articles/tutorials on sessions?

    I've already followed the tutorial at Webmonkey.com, but I just wanted to know whether there are more of the same high quality
    www.nyanko.ws - My web-, software- and game development company.
    www.mayaposch.com - My personal site and blog.

  10. #10
    Non-Member
    Join Date
    Apr 2000
    Location
    Waco, Texas.
    Posts
    188
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Elledan,
    there is one on http://www.devshed.com which is pretty good. I found that the best way is to go to php.net, and look through all the information they have on sessions (as well as read peoples comments), and try it out yourself.

    As many people have said to me,
    'RTFM'

  11. #11
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Unforunately the manual doesn't give a lot of real world samples to go by, but I am with robp learn by doing! There are a couple of articles on phpbuilder.com as well.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  12. #12
    Fluffy Kitten Programmer~ Elledan's Avatar
    Join Date
    Jun 2000
    Location
    Netherlands
    Posts
    1,356
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm new reading the articles at phpbuilder.com and I must say that they're really useful.

    I hope to get a good grasp on sessions tomorrow.

    Thanks for your replies.
    www.nyanko.ws - My web-, software- and game development company.
    www.mayaposch.com - My personal site and blog.

  13. #13
    SitePoint Addict Chris Roane's Avatar
    Join Date
    Jul 1999
    Location
    Helena, MT
    Posts
    287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Vinay, yes I know, but it isn't just for myself. It is for a free script I am going to be distributing on spotscripts.com . I personally think it makes the script look better and more "powerful" if they have their owner user system, even though it isn't that big of a deal.

    Also, there are some files that I don't want to be password protected in that directory, and I won't be able to do that with .htaccess.

    The main reason why I am trying to figure this thing out is so I can expand my knowledge with cookies and "user" management type of things. I think this will give me a good start on it.

    Thanks guys!

    Chris Roane

  14. #14
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your problem will be with content or whitespace being echoed before the cookies and header are set, make sure when you include the files that that include is the very first bit of code on the page, with no whitespace betwen the top of the page and the call to the script.

    also maybe do not bother with the return values, ie
    If you lost the function and just include()'ed this script at the head of any protected page, you would need to call it with the path back to the calling page ie include("pass.php3?referer=index.php3").

    if(!$cookie_user && !$cookie_password){//if cookies not alrrady set
    If($file = fopen("password.txt", "r")) {
    $files = fread($file, 500);
    $files = split("/", "$files");
    $real_username = $files[0];
    $real_password = $files[1];
    (($user == $real_username) && ($password == $real_password)) {
    setcookie ("cookie_user","$form_user_id");
    setcookie ("cookie_passwd","$form_password");
    Header("Location: /$referer");
    } else {
    Header)"Location: oops.htm");
    } // end if statement
    } // end if statement
    }//end if cookies set

    Noting that you appear to be using PHP3,
    you can also use a database to store the user names and passwords in a Database with or without sessions.

    I would also suggest setting an expiry time for the cookies as I think netscape gets angry if you dont?

  15. #15
    SitePoint Addict Chris Roane's Avatar
    Join Date
    Jul 1999
    Location
    Helena, MT
    Posts
    287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Thanks firepages! That is what I ended up doing before you posted and everything works great. The main problem that was causing the error was I had an HTML comment before the cookies, which I guess screwed things up.

    Chris Roane


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •