SitePoint Sponsor |
|
User Tag List
Results 1 to 25 of 49
Thread: Login Problems...
-
Jun 28, 2005, 11:12 #1
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Login Problems...
This has been posted in a previous thread, though it was off-topic and stopped getting replies, so I thought I'd put it here, to give my current problem more exposure... so sorry if you've read this already.
Ok, in index.php I have an if, else script... if I'm logged in, it gives me a link to the admin section, and a logout button, else, it gives me a login link...
So I goto index.php, select login, give it my user/pass, it takes me to admin.php, when I click view site, it acts like I'm not logged in... I click login, it asks me to login again...
Also, anytime I directly access admin.php, it tells me I'm using an incorrect username... it never includes login.php...
I will post some code if you need it...
Thanks,
-
Jun 28, 2005, 11:16 #2
can you post your script in [ php][/ php] tags please?
-
Jun 28, 2005, 11:28 #3
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
eh... my login pages are:
index.php
login.php
includes/login.inc.php
admin.php
includes/secure.inc.php
includes/access.inc.php
includes/conf.php
which one(s) do you need?
~Jabird
-
Jun 29, 2005, 06:39 #4
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Any ideas?
-
Jun 29, 2005, 06:43 #5
- Join Date
- Aug 2004
- Location
- Manchester UK
- Posts
- 13,807
- Mentioned
- 158 Post(s)
- Tagged
- 3 Thread(s)
Post login.php, admin.php and outline briefly what is in the includes.
Cheers
SpikeZMike Swiffin - Community Team Advisor
Only a woman can read between the lines of a one word answer.....
-
Jun 29, 2005, 06:48 #6
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
login.php:
PHP Code:<?php require_once 'includes/login.inc.php'; ?>
PHP Code:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="httpd://www.w3.org/1999/xhtml">
<head>
<title><?php echo $page_title; ?> - Login Required for Acess</title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>Please log in for access</h1>
<div>
<form action="admin.php"
method="post">
<label>User name:
<input type="text" name="username" /></label><br />
<label>Password:
<input type="password" name="password" /></label>
<input type="submit" value="Log In" />
</form>
</div>
</body>
</html>
PHP Code:<?php require 'includes/secure.inc.php'; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"httpd://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php echo $page_title; ?> - Administration Area</title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>Administration Options</h1>
<ul>
<li><a href="index.php">View Site</a></li>
<li><a href="editindex.php">Add News</a></li>
<li><a href="addauthor.php">Add a new Author</a></li>
<li><a href="authors.php">View Authors</a></li>
</ul>
<p><a href="<?php echo $_SERVER['PHP_SELF']; ?>?logout=1">Logout</a></p>
</body>
</html>
PHP Code:<?php
require_once 'access.inc.php';
if (!loggedIn()) {
include 'login.inc.php';
exit;
}
?>
-
Jun 29, 2005, 06:52 #7
- Join Date
- Aug 2004
- Location
- Manchester UK
- Posts
- 13,807
- Mentioned
- 158 Post(s)
- Tagged
- 3 Thread(s)
where is loggedIn() being set?
are you sure it is set correctly?
there is a possiblility that it isn't if you are getting booted out after having logged in.Mike Swiffin - Community Team Advisor
Only a woman can read between the lines of a one word answer.....
-
Jun 29, 2005, 07:11 #8
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
access.inc.php:
PHP Code:<?php
require_once 'conf.php';
if(!isset($_SESSION['authorized'])) {
if(array_key_exists($_POST['username'], $users)) {
// the user entered a valid username, test the password
if($_POST['password']!=$users[$_POST['username']]) {
// incorrect password!
die('Incorrect Username or PASSWORD!');
} else {
$_SESSION['authorized'] = true;
}
} else {
// unkown username
die('Incorrect USERNAME or Password!');
}
}
function loggedIn() {
return isset($_SESSION['authorized']);
}
// Process logout
if (isset($_REQUEST['logout'])) {
unset($_SESSION['authorized']);
}
?>
-
Jun 29, 2005, 07:29 #9
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Also, in order to password protect a page, i would add:
<?php require 'includes/secure.inc.php'; ?>
well, index.php isn't password protected, but I want it to check if someone is logged in, so it shows the right links... how would I do this?
~jabird
-
Jun 29, 2005, 07:59 #10
- Join Date
- Sep 2004
- Location
- Spain
- Posts
- 473
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Can you post your conf.php code
Colin
-
Jun 29, 2005, 08:00 #11
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
PHP Code:<?php
################################
## All content is © Copyright ##
## Jacob D. Jerrell and C & S ##
## Consulting ##
## If you have any questions, ##
## Look in /docs/contact ##
################################
// MySQL information
$site_ip = 'localhost'; // localhost will usually work just fine
$mysql_user = 'mysql'; // Your MySQL username
$mysql_pass = 'password'; // Your MySQL password
$database = 'name'; // Your database name
// Global Variables
$page_title = 'JabirdCMS'; // Shows up at the top of all pages
$users = array(); // DO NOT CHANGE!
## I have set this up for 2 admins, because for the
## project I made this for, 2 where needed, and I thought it might be nice to have two anyway...
## TO USE:
## The first line is admin #1
## Edit the part in brackets for your username (Leave the quotes)
## edit the part outside the brackets "yourpass" for your password (leave the quotes)
## do the same for admin #2...
## NOTE: If you only want 1 admin, just use the same user/pass you used in the first line.
$users['admin1'] = 'pass1';
$users['admin2'] = 'pass2';
?>
-
Jun 29, 2005, 08:14 #12
- Join Date
- Sep 2004
- Location
- Spain
- Posts
- 473
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Are you putting <?php require 'includes/secure.inc.php'; ?> on the very first line of each page you are trying to protect?
-
Jun 29, 2005, 08:16 #13
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Yes, the only protected page so far, is admin.php, let me add it to another and see if it keeps the loggedIn setting...
-
Jun 29, 2005, 08:19 #14
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Ok, when I add that to a file I want protected, it says:
"Incorrect USERNAME or Password!"
Which is another problem I think I left out, I can goto login.php and login, then it takes me to admin.php and it works, but when I goto admin.php, it tells me incorrect user/pass, instead of showing me the page or showing me login.php...
Thanks,
EDIT: 100th Post
-
Jun 29, 2005, 08:20 #15
- Join Date
- Sep 2004
- Location
- Spain
- Posts
- 473
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Can you view admin.php if you enter it into your browser? You say "when I click view site" are you attempting to navigate away from admin.php and look at other pages?
Colin
-
Jun 29, 2005, 08:22 #16
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
if I enter admin.php in my browser, it says:
Incorrect Username...
if I login, it takes me to admin.php, in admin.php there is a link called "View Site" when that is clicked it takes me to index.php...
-
Jun 29, 2005, 08:27 #17
- Join Date
- Aug 2004
- Location
- Manchester UK
- Posts
- 13,807
- Mentioned
- 158 Post(s)
- Tagged
- 3 Thread(s)
Why not try a different login system? This one seems a little over complicated for what you want to do. Not to mention less secure.
If you want to verify a user from hard coded values and not database, there are other ways of doing it!
BTW Congrats on the 100 postsMike Swiffin - Community Team Advisor
Only a woman can read between the lines of a one word answer.....
-
Jun 29, 2005, 08:29 #18
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
The login script I wrote there, was made from loosely following:
"Build Your Own Database Driven Website Using PHP & MySQL" by Kevin Yank.
I have OBSOLUTELY no problem with a database-based login system, because when I get the admin section in place and all, I'll be able to make users, and I want to submit there username/pass(md5hashed) to a database anyway...
If you could point me to a good guide for something like this, that would probly work wonders
Thanks,
-
Jun 29, 2005, 08:32 #19
- Join Date
- Aug 2004
- Location
- Manchester UK
- Posts
- 13,807
- Mentioned
- 158 Post(s)
- Tagged
- 3 Thread(s)
If I come across one, I will post it! have a look on zend.com, they usually have some fine tutorials as well as Sitepoint (obviously!)
Cheers
MikeMike Swiffin - Community Team Advisor
Only a woman can read between the lines of a one word answer.....
-
Jun 29, 2005, 08:36 #20
- Join Date
- Sep 2004
- Location
- Spain
- Posts
- 473
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I put this together a while ago maybe it will be of use:
Login.php
PHP Code:<?php
// Initialize Session
session_start();
header ("Cache-control: private") ; //IE 6 Fix
// Check for previous authentication
if ( isset($_SESSION['auth']) )
{
$loc = 'index.php' ;
header("location:$loc");
exit;
}
// Error Messages
$msg = array();
$msg['login'] = 'Login to access client section';
$msg['invalid'] = 'Username/password incorrect';
$msg['logout'] = 'Log out successful';
// Check for error
if ( isset($_GET['reason']) && !empty($_GET['reason']) )
{
$error = $_GET['reason'];
echo '<font color="#FF0000"><b>' . $msg[$error] . '</b></font><br />';
}
?>
<FORM method="post" action="process_login.php" onSubmit="return validateForm(this)">
<p align="center">
<p>Please enter your Username and Password below and Login.</p>
<p>Username:
<input type="text" name="username" value="" class="inputbox">
<br>
<br>
Password:
<input type="password" name="password" value="" class="inputbox">
<p class="copy">
<input type="submit" name="do_login" value="Login" class= "button">
</p>
</form>
PHP Code:<?php
// Initialize Session
session_start();
header ("Cache-control: private") ; //IE 6 Fix
// Check for previous authentication
if ( isset($_SESSION['auth']) )
{
$loc = 'index.php' ;
header("location:$loc");
exit;
}
// Database Connection
$dbh = @mysql_connect('localhost','','');
if ( !$dbh )
{
die ('Database Error - Connect');
}
@mysql_select_db('your_database',$dbh);
// Get Form Contents
if ( isset($_POST['do_login']) )
{
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password' LIMIT 0,1";
$result = @mysql_query($sql);
if ( !$result )
{
die('Database Error - Query');
}
if ( mysql_num_rows($result) == 1 )
{
$_SESSION['auth'] = 1;
$_SESSION['username'] = $username;
$loc = 'index.php';
header("location:$loc");
exit;
}
else
{
$loc = 'login.php?reason=invalid';
header("location:$loc");
exit;
}
}
else
{
$error_loc = 'login.php?reason=login';
header("location:$error_loc");
exit;
}
?>
PHP Code:<?php //<-- Place this at line 1 of page you want to protect
// Initialize Session
session_start();
header ("Cache-control: private") ; //IE 6 Fix
// Check for previous authentication
if ( !isset($_SESSION['auth']) )
{
$loc = 'login.php?reason=login';
header("location:$loc");
exit;
}
?>
PHP Code:<?php
// Initialize Session
session_start();
// Destroy Session
$_SESSION = array();
session_destroy();
// Redirect to login.php
$loc = 'login.php?reason=logout';
header("location:$loc");
exit;
?>
PHP Code:<?php //<-- Place this at line 1 of page you want to protect
// Initialize Session
session_start();
header ("Cache-control: private") ; //IE 6 Fix
// Check for previous authentication
if ( !isset($_SESSION['auth']) )
{
$loc = 'login.php?reason=login';
header("location:$loc");
exit;
}
?>
<?php
// connect to database
$dbcnx = @mysql_connect('localhost', '', '');
if (!$dbcnx) {
echo( '<p>Unable to connect to the ' .
'database server at this time.</p>' );
exit();
}
if (! @mysql_select_db('your_database') ) {
die( '<p>Unable to locate the ' .
'database at this time.</p>' );
}
?>
<?php
$result = mysql_query("SELECT * FROM tablename
WHERE username= '". $_SESSION['username']."'") or die (mysql_error());
while ($row = mysql_fetch_assoc($result)) {
print $row['fieldname'];
}
?>
-
Jun 29, 2005, 08:53 #21
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by ColinHughes
Thanks alot, this should help a bunch...
EDIT: Also, again, I want index.php to have a script that checks if I'm logged in, and if I am, it has a logout link and a link to admin.php if I'm not logged in, it has a login link...
EDIT2: Again, is datapage.php required? or just an example page?
-
Jun 29, 2005, 09:01 #22
- Join Date
- Sep 2004
- Location
- Spain
- Posts
- 473
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
PHP Code:<?php //<-- Place this at line 1 of page you want to protect
// Initialize Session
session_start();
header ("Cache-control: private") ; //IE 6 Fix
// Check for previous authentication
if ( !isset($_SESSION['auth']) )
{
$loc = 'login.php?reason=login';
header("location:$loc");
exit;
}
?>
Have fun
Colin
-
Jun 29, 2005, 09:04 #23
- Join Date
- Sep 2004
- Location
- Spain
- Posts
- 473
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
datapage is just an example.
Colin
-
Jun 29, 2005, 09:04 #24
- Join Date
- Aug 2004
- Location
- U.S.
- Posts
- 593
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Now, in index.php I want it to check if I'm logged on, and if I am, it shows:
<a href='admin.php'>Admin</a>
<a href='logout.php'>Logout</a>
if I'm not logged in, it shows:
<a href='login.php'>Login</a>
how do I do this, without requiring someone to login to view index.php?
EDIT: Ok, I am setting up my database to work with your script...
So would I make something like:
CREATE TABLE users (
id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
username TEXT,
password TEXT(?)
);
? And then just setup your script to make use of that? or am I way off?
-
Jun 29, 2005, 09:10 #25
- Join Date
- Sep 2004
- Location
- Spain
- Posts
- 473
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hey Mike
You want to take over here with if else statements
Bookmarks