SitePoint Sponsor

User Tag List

Results 1 to 19 of 19
  1. #1
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    stockport
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Problems managing users and sessions..

    I'm a complete novice regarding Mysql and Php, I've recently bought Kevin Yanks book "Build your own Database Driven Website" (3rd edition) I have been working my way through it and I'm doing ok.

    However, I have also been trying to follow the Tutorial "managing users & sessions" I have followed everything and I have managed to successfully add some new entries into my database using Kevin's code in the tutorial after making the changes suggested by Kevin, but the email notification isn't working and I'm getting the "access denied" message when I try accessing protected pages. Any suggestions???

    my php sessions path is pointing to a temp folder in my www folder. Register_globals is set to off.

    I posted this question having read a very long on thread on the subject but I didn't get a reply, nor did I find any answers in the thread, hence my second request for help. Apologies if I've missed something obvious in the thread.

  2. #2
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,524
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What page in the book does the tutorial start on that you're looking at? Also, it would be helpful if you could post your code, obviously masking passwords and directory paths as appropriate.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  3. #3
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    stockport
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    here you go......

    the tutorial is online not in the book:

    http://www.sitepoint.com/article/use...ssions-mysql/4

    The code is below, I've pasted a link to this page at the top of standard Html page as an include file as instructed but it doesn't work, nor does the email I'm probably doing something stupid .....

    <?php // accesscontrol.php
    include_once 'common.php';
    include_once 'db.php';

    session_start();

    $uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
    $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

    if(!isset($uid)) {
    ?><!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title> Please Log In for Access </title>
    <meta http-equiv="Content-Type"
    content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <h1> Login Required </h1>
    <p>You must log in to access this area of the site. If you are
    not a registered user, <a href="signup.php">click here</a>
    to sign up for instant access!</p>
    <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
    User ID: <input type="text" name="uid" size="8" /><br />
    Password: <input type="password" name="pwd" SIZE="16" /><br />
    <input type="submit" value="Log in" />
    </form></p>
    </body>
    </html>
    <?php
    exit;
    }

    $_SESSION['uid'] = $uid;
    $_SESSION['pwd'] = $pwd;

    dbConnect("ijdb3");
    $sql = "SELECT * FROM user WHERE
    userid = '$uid' AND password = PASSWORD('$pwd')";
    $result = mysql_query($sql);
    if (!$result) {
    error('A database error occurred while checking your '.
    'login details.\\nIf this error persists, please '.
    'contact markn@ivmedia.com.');
    }

    if (mysql_num_rows($result) == 0) {
    unset($_SESSION['uid']);
    unset($_SESSION['pwd']);
    ?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title> Access Denied </title>
    <meta http-equiv="Content-Type"
    content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <h1> Access Denied </h1>
    <p>Your user ID or password is incorrect, or you are not a
    registered user on this site. To try logging in again, click
    <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
    access, click <a href="signup.php">here</a>.</p>
    </body>
    </html>
    <?php
    exit;
    }

    $username = mysql_result($result,0,'fullname');
    ?>

  4. #4
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    stockport
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Has everyone gone to the party? Any help welcomed...

  5. #5
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ummm. you said email notification is not working. but i dint see any mail being sent out in the above script you posted. just wanna make is that what you asked for or what is the problem.

  6. #6
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    stockport
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    well.....

    I'm not exactly sure where the email is generated from. However, to clarify I thought an email would be sent to the end user once they entered the database via the signup.php form. As I clearly explained that part is working as I have entered some names into the database but I don't get an email containing the password details.

    Added to which I'm continually getting the access denied message, which is another problem.


  7. #7
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,524
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As to the email problem, there must be some code elsewhere within this application that sends it because it certainly isn't in the code you've shown us.

    Regarding the "Access Denied" message, find the following in your code:

    Code:
    $sql = "SELECT * FROM user WHERE
    userid = '$uid' AND password = PASSWORD('$pwd')";
    and place the following statement directly afterward:

    Code:
    die($sql);
    Does that give you what you're expecting? In other words, does it show the username and password you entered? Are you sure they're in your database?
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  8. #8
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    stockport
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    here's the signup code...

    I'm sure there must a be problem here somewhere...
    As I said the signup code appears to be working although it generates a 16 digit password for new entries into the dbase and not six as described in the text of the article......

    <?php // signup.php

    include("common.php");
    include("db.php");

    if (!isset($_POST['submitok'])):
    // Display the user signup form
    ?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title> New User Registration </title>
    <meta http-equiv="Content-Type"
    content="text/html; charset=iso-8859-1
    </head>
    <body>

    <h3>New User Registration Form</h3>
    <p><font color="orangered" size="+1"><tt><b>*</b></tt></font>
    indicates a required field</p>
    <form method="post" action="<?=$_SERVER['PHP_SELF']?>">
    <table border="0" cellpadding="0" cellspacing="5">
    <tr>
    <td align="right">
    <p>User ID</p>
    </td>
    <td>
    <input name="newid" type="text" maxlength="100" size="25" />
    <font color="orangered" size="+1"><tt><b>*</b></tt></font>
    </td>
    </tr>
    <tr>
    <td align="right">
    <p>Full Name</p>
    </td>
    <td>
    <input name="newname" type="text" maxlength="100" size="25" />
    <font color="orangered" size="+1"><tt><b>*</b></tt></font>
    </td>
    </tr>
    <tr>
    <td align="right">
    <p>E-Mail Address</p>
    </td>
    <td>
    <input name="newemail" type="text" maxlength="100" size="25" />
    <font color="orangered" size="+1"><tt><b>*</b></tt></font>
    </td>
    </tr>
    <tr valign="top">
    <td align="right">
    <p>Other Notes</p>
    </td>
    <td>
    <textarea wrap="soft" name="newnotes" rows="5" cols="30"></textarea>
    </td>
    </tr>
    <tr>
    <td align="right" colspan="2">
    <hr noshade="noshade" />
    <input type="reset" value="Reset Form" />
    <input type="submit" name="submitok" value=" OK " />
    </td>
    </tr>
    </table>
    </form>

    </body>
    </html>

    <?php
    else:
    // Process signup submission
    dbConnect('ijdb3');

    if ($_POST['newid']=='' or $_POST['newname']==''
    or $_POST['newemail']=='') {
    error('One or more required fields were left blank.\\n'.
    'Please fill them in and try again.');
    }

    // Check for existing user with the new id
    $sql = "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'";
    $result = mysql_query($sql);
    if (!$result) {
    error('A database error occurred in processing your '.
    'submission.\\nIf this error persists, please '.
    'contact markn@ivmedia.');
    }
    if (mysql_result($result,0,0)>0) {
    error('A user already exists with your chosen userid.\\n'.
    'Please try another.');
    }

    $newpass = substr(md5(time()),0,6);

    $sql = "INSERT INTO user SET
    userid = '$_POST[newid]',
    password = PASSWORD('$newpass'),
    fullname = '$_POST[newname]',
    email = '$_POST[newemail]',
    notes = '$_POST[newnotes]'";
    if (!mysql_query($sql))
    error('A database error occurred in processing your '.
    'submission.\\nIf this error persists, please '.
    'contact markn@ivmedia.com.\\n' . mysql_error());

    // Email the new password to the person.
    $message = "G'Day!

    Your personal account for the Project Web Site
    has been created! To log in, proceed to the
    following address:

    http://www.example.com/

    Your personal login ID and password are as
    follows:

    userid: $_POST[newid]
    password: $newpass

    You aren't stuck with this password! Your can
    change it at any time after you have logged in.

    If you have any problems, feel free to contact me at
    <markn@ivmedia.com>.

    -Your Name
    Your Site Webmaster
    ";

    mail($_POST['newemail'],"Your Password for the Project Website",
    $message, "From:Your Name <markn@ivmedia.com>");

    ?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title> Registration Complete </title>
    <meta http-equiv="Content-Type"
    content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <p><strong>User registration successful!</strong></p>
    <p>Your userid and password have been emailed to
    <strong><?=$_POST['newemail']?></strong>, the email address
    you just provided in your registration form. To log in,
    click <a href="index.php">here</a> to return to the login
    page, and enter your new personal userid and password.</p>
    </body>
    </html>
    <?php
    endif;
    ?>

  9. #9
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi mark,
    you'll get more feedback if you embed your code, follow the little link in my sig


  10. #10
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,524
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Mark and I have had a couple of PM's over this problem, and I thought I'd bring it back here to the thread.

    I had a couple of thoughts that I wanted to share. In case you're wondering if email can really be sent, try copying this script over to a new one and strip out everything that doesn't contribute to sending the mail. Then see if the script will send mail. Personally, I don't think that's the problem but it will still eliminate a possibility.

    You also mentioned in a PM that you wondered if you had a path problem. I assume you mean with one of your includes? I don't think that's it. If your script tried to include a file that it couldn't find, you would get an error.

    The more likely problem in my opinion is that there is some sort of logic problem. If I were you, I would try some different places to put some meaningful echo statements so you can tell where the problem is.

    Solving a problem like this can be very frustrating, as most of us can tell you from personal experience. Just keep plugging away, and I'm sure you'll find what's causing the problem.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  11. #11
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    with regard to echo statement put them after each line and i mean each line like
    $result =mysql_query($sql) or error('');
    echo 'query executed';
    while($result ba blah)
    echo 'in loop';

    so, you know where you go currently and where it stops.

    its just a small debugging of your program to see what is going on. i don't see any problem. i am just elaborating vinyl-junkie's idea.

    make sure database and password for the database are correct, make sure query is executed, and because of your error function make sure the error.txt is empty and if not then take a look what are the errors.

    like i said before, i don't see a problem. the script is working perfectly on my computer. just tell specifically where you get the problem in script like after dbconnect() or mysql_query() or something else.
    and what eactly uou see the problem is?

  12. #12
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    stockport
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks chaps, but despite everyones suggestions, I think it might have been quicker to solve the msytery of the Turin Shroud, I've been on this so long...

  13. #13
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,524
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Chin up, mate! You can solve this problem if you keep plugging away at it. Just do what jaswinder_rana and I suggested. It's tedious, I'll grant you, but it works.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  14. #14
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    stockport
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Another clue......

    As I have pointed out, there's no problem entering new names into the database that part is working just fine.

    However, I'm not receiving a confirmation email together with the password.

    so what I have been doing is logging on to Mysql via the command line editor making a note of the password that's been generated, then trying to access the protected pages with the userid and mysql password.

    Each time I try this I get the access denied message, which says either my userid or password is incorrect. Does that give anyone any more to go on? I'm at a loss (surprise, surprise)...

  15. #15
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    about this access deinied problem let me describe what i understood.
    you created a user, now you are trying to log in the user and it says username and passwor dis not in database so, access is being denied. if what i explained is the same as your problem then this is not a PHP or MySQl problem. its something wrong with the logic of script

    next about emailing try the following code. just make a new file and run the following script. (i think vinyl-junkie already mentioned this)
    PHP Code:
    mail('your@email.address','Test Email','The body of the test email',"From: test@test.com\r\n");//i am not sure whether it should be \n or \r\n so try both 
    if you get an error post it and if you get email then think again about your script. think about logic.

  16. #16
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    stockport
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    OK Jas..

    I'll give this whirl tomorrow, thanks.......

  17. #17
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    stockport
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Jas,

    I tried the option mentioned but it didn't work (see below) before I made the changes the code looked like this: $_POST['newmail'] any suggetions?.........

    // Email the new password to the person.
    $message = "G'Day!

    Your personal account for the Project Web Site
    has been created! To log in, proceed to the
    following address:

    http://www.example.com/

    Your personal login ID and password are as
    follows:

    userid: $_POST[newid]
    password: $newpass

    You aren't stuck with this password! Your can
    change it at any time after you have logged in.

    If you have any problems, feel free to contact me at
    <markn@ivmedia.com>.

    -Your Name
    Your Site Webmaster
    ";

    mail($_POST["markn@ivmedia"],"your new password details",
    $message, "From:Your Name <markn@ivmediacom>");

    ?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title> Registration Complete </title>
    <meta http-equiv="Content-Type"
    content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <p><strong>User registration successful!</strong></p>
    <p>Your userid and password have been emailed to
    <strong><?=$_POST["markn@ivemdia.com"]?></strong>, the email address
    you just provided in your registration form. To log in,
    click <a href="index2.php">here</a> to return to the login
    page, and enter your new personal userid and password.</p>
    </body>
    </html>
    <?php
    endif;
    ?>

  18. #18
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hmmm. again please post the whole script (if you changed something), because there might be something in the code. and also post html part.

  19. #19
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    stockport
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here you go Jas, I'm wondering if this is something do with sessions?

    <?php // signup.php

    include("common.php");
    include("db.php");

    if (!isset($_POST['submitok'])):
    // Display the user signup form
    ?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title> New User Registration </title>
    <meta http-equiv="Content-Type"
    content="text/html; charset=iso-8859-1
    </head>
    <body>

    <h3>New User Registration Form</h3>
    <p><font color="orangered" size="+1"><tt><b>*</b></tt></font>
    indicates a required field</p>
    <form method="post" action="<?=$_SERVER['PHP_SELF']?>">
    <table border="0" cellpadding="0" cellspacing="5">
    <tr>
    <td align="right">
    <p>User ID</p>
    </td>
    <td>
    <input name="newid" type="text" maxlength="100" size="25" />
    <font color="orangered" size="+1"><tt><b>*</b></tt></font>
    </td>
    </tr>
    <tr>
    <td align="right">
    <p>Full Name</p>
    </td>
    <td>
    <input name="newname" type="text" maxlength="100" size="25" />
    <font color="orangered" size="+1"><tt><b>*</b></tt></font>
    </td>
    </tr>
    <tr>
    <td align="right">
    <p>E-Mail Address</p>
    </td>
    <td>
    <input name="newemail" type="text" maxlength="100" size="25" />
    <font color="orangered" size="+1"><tt><b>*</b></tt></font>
    </td>
    </tr>
    <tr valign="top">
    <td align="right">
    <p>Other Notes</p>
    </td>
    <td>
    <textarea wrap="soft" name="newnotes" rows="5" cols="30"></textarea>
    </td>
    </tr>
    <tr>
    <td align="right" colspan="2">
    <hr noshade="noshade" />
    <input type="reset" value="Reset Form" />
    <input type="submit" name="submitok" value=" OK " />
    </td>
    </tr>
    </table>
    </form>

    </body>
    </html>

    <?php
    else:
    // Process signup submission
    dbConnect('ijdb3');

    if ($_POST['newid']=='' or $_POST['newname']==''
    or $_POST['newemail']=='') {
    error('One or more required fields were left blank.\\n'.
    'Please fill them in and try again.');
    }

    // Check for existing user with the new id
    $sql = "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'";
    $result = mysql_query($sql);
    if (!$result) {
    error('A database error occurred in processing your '.
    'submission.\\nIf this error persists, please '.
    'contact markn@ivmedia.com');
    }
    if (mysql_result($result,0,0)>0) {
    error('A user already exists with your chosen userid.\\n'.
    'Please try another.');
    }

    $newpass = substr(md5(time()),0,6);

    $sql = "INSERT INTO user SET
    userid = '$_POST[newid]',
    password = PASSWORD('$newpass'),
    fullname = '$_POST[newname]',
    email = '$_POST[newemail]',
    notes = '$_POST[newnotes]'";
    if (!mysql_query($sql))
    error('A database error occurred in processing your '.
    'submission.\\nIf this error persists, please '.
    'contact markn@ivmedia.com\\n' . mysql_error());

    // Email the new password to the person.
    $message = "G'Day!

    Your personal account for the Project Web Site
    has been created! To log in, proceed to the
    following address:

    http://www.example.com/

    Your personal login ID and password are as
    follows:

    userid: $_POST[newid]
    password: $newpass

    You aren't stuck with this password! Your can
    change it at any time after you have logged in.

    If you have any problems, feel free to contact me at
    <markn@ivmedia.com>.

    -Your Name
    Your Site Webmaster
    ";

    mail($_POST["markn@ivmedia"],"your new password details",
    $message, "From:Your Name <markn@ivmediacom>");

    ?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title> Registration Complete </title>
    <meta http-equiv="Content-Type"
    content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <p><strong>User registration successful!</strong></p>
    <p>Your userid and password have been emailed to
    <strong><?=$_POST["markn@ivemdia.com"]?></strong>, the email address
    you just provided in your registration form. To log in,
    click <a href="index2.php">here</a> to return to the login
    page, and enter your new personal userid and password.</p>
    </body>
    </html>
    <?php
    endif;
    ?>


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •