SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 49

Hybrid View

  1. #1
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Login Problems...

    This has been posted in a previous thread, though it was off-topic and stopped getting replies, so I thought I'd put it here, to give my current problem more exposure... so sorry if you've read this already.

    Ok, in index.php I have an if, else script... if I'm logged in, it gives me a link to the admin section, and a logout button, else, it gives me a login link...

    So I goto index.php, select login, give it my user/pass, it takes me to admin.php, when I click view site, it acts like I'm not logged in... I click login, it asks me to login again...

    Also, anytime I directly access admin.php, it tells me I'm using an incorrect username... it never includes login.php...

    I will post some code if you need it...

    Thanks,
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  2. #2
    get into it! bigduke's Avatar
    Join Date
    May 2004
    Location
    Australia
    Posts
    847
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    can you post your script in [ php][/ php] tags please?

  3. #3
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    eh... my login pages are:

    index.php
    login.php
    includes/login.inc.php
    admin.php
    includes/secure.inc.php
    includes/access.inc.php
    includes/conf.php

    which one(s) do you need?

    ~Jabird
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  4. #4
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Any ideas?
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  5. #5
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    151 Post(s)
    Tagged
    3 Thread(s)
    Post login.php, admin.php and outline briefly what is in the includes.

    Cheers

    SpikeZ
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  6. #6
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    login.php:

    PHP Code:
    <?php require_once 'includes/login.inc.php'?>
    login.inc.php:

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="httpd://www.w3.org/1999/xhtml">
    <head>
    <title><?php echo $page_title?> - Login Required for Acess</title>
    <meta http-equiv="Content-Type"
        content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <h1>Please log in for access</h1>
    <div>
        <form action="admin.php"
            method="post">
        <label>User name:
            <input type="text" name="username" /></label><br />
        <label>Password:
            <input type="password" name="password" /></label>
        <input type="submit" value="Log In" />
    </form>
    </div>
    </body>
    </html>
    admin.php:

    PHP Code:
    <?php require 'includes/secure.inc.php'?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "httpd://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title><?php echo $page_title?> - Administration Area</title>
    <meta http-equiv="Content-Type"
        content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <h1>Administration Options</h1>
    <ul>
        <li><a href="index.php">View Site</a></li>
        <li><a href="editindex.php">Add News</a></li>
        <li><a href="addauthor.php">Add a new Author</a></li>
        <li><a href="authors.php">View Authors</a></li>
    </ul>
    <p><a href="<?php echo $_SERVER['PHP_SELF']; ?>?logout=1">Logout</a></p>
    </body>
    </html>
    secure.inc.php:

    PHP Code:
    <?php
    require_once 'access.inc.php';
    if (!
    loggedIn()) {
        include 
    'login.inc.php';
        exit;
    }
    ?>
    I could crawl deeper if you need, but that probly gets the idea across...
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  7. #7
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    151 Post(s)
    Tagged
    3 Thread(s)
    where is loggedIn() being set?
    are you sure it is set correctly?
    there is a possiblility that it isn't if you are getting booted out after having logged in.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  8. #8
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    access.inc.php:

    PHP Code:
    <?php
    require_once 'conf.php';

    if(!isset(
    $_SESSION['authorized'])) {
        if(
    array_key_exists($_POST['username'], $users)) {
            
    // the user entered a valid username, test the password
            
    if($_POST['password']!=$users[$_POST['username']]) {
                
    // incorrect password!
                
    die('Incorrect Username or PASSWORD!');
            } else {
                
    $_SESSION['authorized'] = true;
            }
        } else {
            
    // unkown username
            
    die('Incorrect USERNAME or Password!');
        }
    }

    function 
    loggedIn() {
        return isset(
    $_SESSION['authorized']);
    }

    // Process logout
    if (isset($_REQUEST['logout'])) {
        unset(
    $_SESSION['authorized']);
    }
    ?>
    Has the loggedIn() function...
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  9. #9
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also, in order to password protect a page, i would add:

    <?php require 'includes/secure.inc.php'; ?>

    well, index.php isn't password protected, but I want it to check if someone is logged in, so it shows the right links... how would I do this?

    ~jabird
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  10. #10
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    468
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can you post your conf.php code

    Colin

  11. #11
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    <?php
    ################################
    ## All content is  Copyright ##
    ## Jacob D. Jerrell and C & S ##
    ##          Consulting        ##
    ## If you have any questions, ##
    ##   Look in /docs/contact    ##
    ################################
    // MySQL information
    $site_ip 'localhost'// localhost will usually work just fine
    $mysql_user 'mysql'// Your MySQL username
    $mysql_pass 'password'// Your MySQL password
    $database 'name'// Your database name
    // Global Variables
    $page_title 'JabirdCMS'// Shows up at the top of all pages
    $users = array();  // DO NOT CHANGE!
    ## I have set this up for 2 admins, because for the
    ## project I made this for, 2 where needed, and I thought it might be nice to have two anyway...
    ## TO USE:
    ## The first line is admin #1
    ## Edit the part in brackets for your username (Leave the quotes)
    ## edit the part outside the brackets "yourpass" for your password (leave the quotes)
    ## do the same for admin #2...
    ## NOTE: If you only want 1 admin, just use the same user/pass you used in the first line.
    $users['admin1'] = 'pass1';
    $users['admin2'] = 'pass2';
    ?>
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  12. #12
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    468
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you putting <?php require 'includes/secure.inc.php'; ?> on the very first line of each page you are trying to protect?

  13. #13
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, the only protected page so far, is admin.php, let me add it to another and see if it keeps the loggedIn setting...
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  14. #14
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, when I add that to a file I want protected, it says:

    "Incorrect USERNAME or Password!"

    Which is another problem I think I left out, I can goto login.php and login, then it takes me to admin.php and it works, but when I goto admin.php, it tells me incorrect user/pass, instead of showing me the page or showing me login.php...

    Thanks,


    EDIT: 100th Post
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  15. #15
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    468
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can you view admin.php if you enter it into your browser? You say "when I click view site" are you attempting to navigate away from admin.php and look at other pages?

    Colin

  16. #16
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if I enter admin.php in my browser, it says:

    Incorrect Username...

    if I login, it takes me to admin.php, in admin.php there is a link called "View Site" when that is clicked it takes me to index.php...
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  17. #17
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    468
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I put this together a while ago maybe it will be of use:

    Login.php

    PHP Code:
    <?php

    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix


    // Check for previous authentication
    if ( isset($_SESSION['auth']) )
    {

    $loc 'index.php' ;
    header("location:$loc");
    exit;
    }

    // Error Messages
    $msg = array();
    $msg['login'] = 'Login to access client section';
    $msg['invalid'] = 'Username/password incorrect';
    $msg['logout'] = 'Log out successful';

    // Check for error
    if ( isset($_GET['reason']) && !empty($_GET['reason']) )
    {
    $error $_GET['reason'];
    echo 
    '<font color="#FF0000"><b>' $msg[$error] . '</b></font><br />';
    }

    ?>

    <FORM method="post" action="process_login.php" onSubmit="return validateForm(this)">
    <p align="center">
    <p>Please enter your Username and Password below and Login.</p>
    <p>Username:
    <input type="text" name="username" value="" class="inputbox">
    <br>
    <br>
    Password:
    <input type="password" name="password" value="" class="inputbox">
    <p class="copy">
    <input type="submit" name="do_login" value="Login" class= "button">
    </p>
    </form>
    Process_login.php:

    PHP Code:
    <?php

    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix

    // Check for previous authentication
    if ( isset($_SESSION['auth']) )
    {

    $loc 'index.php' ;
    header("location:$loc");
    exit;
    }

    // Database Connection
    $dbh = @mysql_connect('localhost','','');
    if ( !
    $dbh )
    {
    die (
    'Database Error - Connect');
    }
    @
    mysql_select_db('your_database',$dbh);

    // Get Form Contents
    if ( isset($_POST['do_login']) )
    {
    $username trim($_POST['username']);
    $password trim($_POST['password']);

    $sql "SELECT * FROM users WHERE username = '$username' AND password = '$password' LIMIT 0,1";

    $result = @mysql_query($sql);
    if ( !
    $result )
    {
    die(
    'Database Error - Query');
    }
    if ( 
    mysql_num_rows($result) == )
    {
    $_SESSION['auth'] = 1;
    $_SESSION['username'] = $username;

    $loc 'index.php';
    header("location:$loc");
    exit;
    }
    else
    {
    $loc 'login.php?reason=invalid';
    header("location:$loc");
    exit;
    }

    }
    else
    {
    $error_loc 'login.php?reason=login';
    header("location:$error_loc");
    exit;
    }

    ?>
    Index.php:

    PHP Code:
    <?php //<-- Place this at line 1 of page you want to protect

    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix

    // Check for previous authentication
    if ( !isset($_SESSION['auth']) )
    {
    $loc 'login.php?reason=login';
    header("location:$loc");
    exit;
    }

    ?>
    Logout.php:

    PHP Code:
    <?php

    // Initialize Session
    session_start();

    // Destroy Session
    $_SESSION = array();
    session_destroy();

    // Redirect to login.php
    $loc 'login.php?reason=logout';
    header("location:$loc");
    exit;

    ?>
    Datapage.php

    PHP Code:
    <?php //<-- Place this at line 1 of page you want to protect

    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix

    // Check for previous authentication
    if ( !isset($_SESSION['auth']) )
    {
    $loc 'login.php?reason=login';
    header("location:$loc");
    exit;
    }

    ?>


    <?php
    // connect to database

    $dbcnx = @mysql_connect('localhost''''');
    if (!
    $dbcnx) {
    echo( 
    '<p>Unable to connect to the ' .
    'database server at this time.</p>' );
    exit();
    }

    if (! @
    mysql_select_db('your_database') ) {
    die( 
    '<p>Unable to locate the ' .
    'database at this time.</p>' );
    }
    ?>


    <?php
    $result 
    mysql_query("SELECT * FROM tablename
    WHERE username= '"
    $_SESSION['username']."'") or die (mysql_error());

    while (
    $row mysql_fetch_assoc($result)) {
    print 
    $row['fieldname'];
    }
    ?>
    Colin

  18. #18
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ColinHughes
    Index.php:

    PHP Code:
    <?php //<-- Place this at line 1 of page you want to protect

    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix

    // Check for previous authentication
    if ( !isset($_SESSION['auth']) )
    {
    $loc 'login.php?reason=login';
    header("location:$loc");
    exit;
    }

    ?>
    So if I don't want index.php to be protected, I don't add that, but for any script I want protected, I would add that little script?

    Thanks alot, this should help a bunch...

    EDIT: Also, again, I want index.php to have a script that checks if I'm logged in, and if I am, it has a logout link and a link to admin.php if I'm not logged in, it has a login link...

    EDIT2: Again, is datapage.php required? or just an example page?
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  19. #19
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    468
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    <?php //<-- Place this at line 1 of page you want to protect

    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix

    // Check for previous authentication
    if ( !isset($_SESSION['auth']) )
    {
    $loc 'login.php?reason=login';
    header("location:$loc");
    exit;
    }

    ?>
    This simply checks for the session variable on each protected page. If the variable has not been set it brings up the login page.

    Have fun

    Colin

  20. #20
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    468
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    datapage is just an example.

    Colin

  21. #21
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    151 Post(s)
    Tagged
    3 Thread(s)
    Why not try a different login system? This one seems a little over complicated for what you want to do. Not to mention less secure.

    If you want to verify a user from hard coded values and not database, there are other ways of doing it!

    BTW Congrats on the 100 posts
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  22. #22
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The login script I wrote there, was made from loosely following:

    "Build Your Own Database Driven Website Using PHP & MySQL" by Kevin Yank.

    I have OBSOLUTELY no problem with a database-based login system, because when I get the admin section in place and all, I'll be able to make users, and I want to submit there username/pass(md5hashed) to a database anyway...

    If you could point me to a good guide for something like this, that would probly work wonders

    Thanks,
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  23. #23
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    151 Post(s)
    Tagged
    3 Thread(s)
    If I come across one, I will post it! have a look on zend.com, they usually have some fine tutorials as well as Sitepoint (obviously!)

    Cheers

    Mike
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  24. #24
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Now, in index.php I want it to check if I'm logged on, and if I am, it shows:
    <a href='admin.php'>Admin</a>
    <a href='logout.php'>Logout</a>

    if I'm not logged in, it shows:

    <a href='login.php'>Login</a>

    how do I do this, without requiring someone to login to view index.php?

    EDIT: Ok, I am setting up my database to work with your script...

    So would I make something like:

    CREATE TABLE users (
    id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
    username TEXT,
    password TEXT(?)
    );

    ? And then just setup your script to make use of that? or am I way off?
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  25. #25
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    468
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey Mike

    You want to take over here with if else statements


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •