SitePoint Sponsor

User Tag List

Page 2 of 2 FirstFirst 12
Results 26 to 49 of 49
  1. #26
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok... so if I understand you correctly, for every page I want password protected, I put all the code that is in datapages.php in there?
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  2. #27
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    473
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No you just need to use the code:

    PHP Code:
    <?php //<-- Place this at line 1 of page you want to protect

    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix

    // Check for previous authentication
    if ( !isset($_SESSION['auth']) )
    {
    $loc 'login.php?reason=login';
    header("location:$loc");
    exit;
    }

    ?>
    This MUST be at line one on any page you want to protect.

    See http://uk.php.net/session for more on sessions

  3. #28
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)


    Well... I have ANOTHER problem...

    I made admin.php password protected, by adding:
    PHP Code:
    <?php require_once('logininfo.php'); ?>
    Logininfo.php:

    PHP Code:
    <?php //<-- Place this at line 1 of page you want to protect
    require_once('includes/conf.php');
    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix

    // Check for previous authentication
    if ( !isset($_SESSION['auth']) )
    {
    $loc 'login.php?reason=login';
    header("location:$loc");
    exit;
    }

    ?>


    <?php
    // connect to database

    $dbcnx = @mysql_connect(''.$site_ip.''''.$mysql_user.''''.$mysql_pass.'');
    if (!
    $dbcnx) {
    echo( 
    '<p>Unable to connect to the ' .
    'database server at this time.</p>' );
    exit();
    }

    if (! @
    mysql_select_db('cms') ) {
    die( 
    '<p>Unable to locate the ' .
    'database at this time.</p>' );
    }
    ?>


    <?php
    $result 
    mysql_query("SELECT * FROM users
    WHERE username= '"
    $_SESSION['username']."'") or die (mysql_error());

    while (
    $row mysql_fetch_assoc($result)) {
    print 
    $row['fieldname'];
    }
    ?>
    I went into mysql, added a username and password... lets say the username and password is:

    Username: frog
    Password: banana

    now when I put those into the login form, and hit submit, process_login.php gives me this:

    Database Error - Query

    What do I do?
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  4. #29
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    alright, so if:

    PHP Code:
    <?php
    // connect to database

    $dbcnx = @mysql_connect(''.$site_ip.''''.$mysql_user.''''.$mysql_pass.'');
    if (!
    $dbcnx) {
    echo( 
    '<p>Unable to connect to the ' .
    'database server at this time.</p>' );
    exit();
    }

    if (! @
    mysql_select_db('cms') ) {
    die( 
    '<p>Unable to locate the ' .
    'database at this time.</p>' );
    }
    ?>


    <?php
    $result 
    mysql_query("SELECT * FROM users
    WHERE username= '"
    $_SESSION['username']."'") or die (mysql_error());

    while (
    $row mysql_fetch_assoc($result)) {
    print 
    $row['fieldname'];
    }
    ?>
    isn't included on all the pages that require login... how does it connect to the DB and check my password?
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  5. #30
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    473
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It doesnt need to connect to your database to check your password for each page it just checks for the existence of the session variable.

    You do not "require" login_info.php just the code mentioned before at the top line of each page you need to protect

    Colin

    Read up on sessions!!

  6. #31
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What I'm trying to say is...

    on initial login, doesn't it have to check for the right password? The user/pass is database-based no?

    EDIT: OHHHH, process_login.php does this =\... I need to go home

    Do I just include it? what do I have to do?

    btw, this is all thats in logininfo.php:

    PHP Code:
    <?php //<-- Place this at line 1 of page you want to protect
    require_once('includes/conf.php');
    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix

    // Check for previous authentication
    if ( !isset($_SESSION['auth']) )
    {
    $loc 'login.php?reason=login';
    header("location:$loc");
    exit;
    }

    ?>
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  7. #32
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    473
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    YES! process_login does this then sets the session variable which remains until you logout.

    Make sure you have the correct login details for your DB entered in this


  8. #33
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    473
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    login_info ??? what is this?

    Use login.php as the page where you enter the username and password, put process_login.php and logout.php the same directory and make sure that any other page you wish to protect has that snippet of code on the first line of the page and away you go, it is that simple.

    You do not need to make other login pages just use what is there. Datapage.php is just an example to show you how to query the DB once you have logged in, it is not important so treat it as a protected page,index.php is also just an example.

  9. #34
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    awesome, I'm getting there I was reading through process_login again, and I noticed these lines:

    $username = trim($_POST['username']);
    $password = trim($_POST['password']);

    do I need to change anything there? or is it only the DB details I change?

    I also changed logininfo.php to:

    PHP Code:
    <?php //<-- Place this at line 1 of page you want to protect
    require_once('includes/conf.php');
    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix

    // Check for previous authentication
    if ( !isset($_SESSION['auth']) )
    {
    $loc 'login.php?reason=login';
    header("location:$loc");
    exit;
    }

    ?>
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  10. #35
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    473
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do not change anything other than your MySql details in this section of process_login.php

    PHP Code:
    // Database Connection
    $dbh = @mysql_connect('localhost','YOUR USERNAME HERE','YOUR PASSWORD HERE');
    if ( !
    $dbh )
    {
    die (
    'Database Error - Connect');
    }
    @
    mysql_select_db('your_database',$dbh); 

  11. #36
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    473
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What is logininfo ?

  12. #37
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The file I put at the first like of the pages I want to protect, I put that script in there, so all I have to do is include logininfo.php to the pages I want protected


    Also, still getting:

    Database Error - Query

    What could this be? I set my table like this:

    CREATE TABLE users (
    id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
    username TEXT,
    password TEXT(?)
    );

    Then I:

    INSERT INTO users SET
    username = "frog",
    password = "banana";

    did I do all this right? *begins praying*
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  13. #38
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    473
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    NO NO NO

    All you need to do is place:
    PHP Code:
    <?php //<-- Place this at line 1 of page you want to protect

    // Initialize Session
    session_start();
    header ("Cache-control: private") ; //IE 6 Fix

    // Check for previous authentication
    if ( !isset($_SESSION['auth']) )
    {
    $loc 'login.php?reason=login';
    header("location:$loc");
    exit;
    }

    ?>
    At the first line of every page. You cannot use an include for this it must be added directly to the page as it needs to be interpreted first. If you try to use it as an include then it will not be interpreted until after the include which will not work.

    Use PHP Admin with your MySQL DB you will find it much easier to manage things.
    Last edited by ColinHughes; Jun 29, 2005 at 11:32. Reason: Additional content

  14. #39
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Alright, I solved that... I'm still getting the Database Query Error though... Could this be because of improper table setup, or php configuration?

    I currently use Webmin for all my server-based stuff... but I'm trying to get a grasp on command-line MySQL right now...
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  15. #40
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    473
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Probably a DB error. You only have to enter the DB name, username and password into the process_login page to get it working HONEST!

    What error message do you get?

  16. #41
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Database Error - Query
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  17. #42
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    473
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Have you selected your DB?

    Process_login.php:

    PHP Code:
    // Database Connection
    $dbh = @mysql_connect('localhost','','');
    if ( !
    $dbh )
    {
    die (
    'Database Error - Connect');
    }
    //SELECT YOUR DATABASE IN THE LINE BELOW
    @mysql_select_db('your_database',$dbh); 
    and make sure the details in the SQL query are correct for you. Have you named the table users?

    PHP Code:
    $sql "SELECT * FROM users WHERE username = '$username' AND password = '$password' LIMIT 0,1"

  18. #43
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yessir:

    @mysql_select_db(''.$database.'',$dbh);

    (I plan on this being used for many sites, so I include conf.php which contains all the db info, so when I install this somewhere else, all I have to do is change conf.php and set up a database...)
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  19. #44
    SitePoint Evangelist ColinHughes's Avatar
    Join Date
    Sep 2004
    Location
    Spain
    Posts
    473
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So have you put an include to config.php at the top of process_login?

  20. #45
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry about that, I went home early yesterday... bad day...

    Ok, yesterday really was a bad day... I forgot the include it works fine now, except I still need to know how to make index.php check if I'm logged in, if I am, it shows a link to admin.php and a link to logout.php and if I'm not logged in, I geta link to login.php...

    Any idea how to go about this?

    ~Jabird
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  21. #46
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Currently I have:

    PHP Code:
        <?php if ( isset($_SESSION['auth']) ) {
        echo 
    "<a href='admin.php'>Admin</a><br />
        <a href='logout.php'>Logout</a>"
    ;
        } else
        {
        echo 
    "<a href='login.php?reason=login'>Login</a>";
        
    ?>
        <?php ?>
    Thats actually header.php, and header.php is included in index.php...

    Your script works GREAT, it saves sessions across pages and all, I goto admin.php it asks to login, redirects to index.php, I go back to admin.php its still logged in, I browse around a bit, come back, its still logged in... click logout, THEN it logs out

    Thank you!
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  22. #47
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Eh... another question

    I am going to have 2 admins, they will be the ONLY people able to access admin.php

    They will also be the first 2 people in the database, so there id's of course, will be 1, and 2, can I make the PHP script check there ID, and if = 1 else = 2, show admin.php else include login.php?
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  23. #48
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Alright, here are my plans (so far... to hot in here to think ATM...)

    Login.php
    If global=1 (global is a row I'm going to add to the users table, so when I create a user, I can select global, they will have permission to do ANYTHING)
    show admin.php
    if author=1 (author is another row I'm adding...)
    show author.php?id=$firstname%20$lastname ($firstname and $lastname are rows in the users table)
    if editindex(a row in MySQL) = 1 show addnews.php (there will be only a couple people with this permission, and a global admin is the only person that can assign this permission)
    show index.php (they are a user, thats only allowed to comment (these are allowed to register themselves... there will also be a row in MySQL titled "comment" if set to 1, they are allowed to comment on news, if set to 0, they're not...)
    else
    show login.php because they entered an invalid user/pass

    Admin Area -- admin.php (protected)
    View Site = index.php
    Add News = addnews.php (protected... this is only for index.php)
    Add Author = addauthor.php (protected)
    Add Admin = addadmin.php (protected)
    View Users = viewusers.php (protected)

    Header.php
    Home = index.php
    Dropdown list, that contains a link to every authors own page.
    if logged in global=1 -- Admin = admin.php -- Logout = logout.php
    if logged out -- Login = login.php
    if logged in author=1 -- author.php?id=$firstname%20$lastname -- logout.php
    if logged in comment=1 -- logout.php
    Don't know why I posted this, just brainstorming really...
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?

  24. #49
    011110010110000101111001 jabird's Avatar
    Join Date
    Aug 2004
    Location
    U.S.
    Posts
    593
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)


    It works!!
    ~Jabird
    Jabird.com
    If I were binary... I'd be all 1's for you.
    BBCode trouble?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •