SitePoint Sponsor

User Tag List

Page 3 of 12 FirstFirst 1234567 ... LastLast
Results 51 to 75 of 295
  1. #51
    Now with customized title Jump's Avatar
    Join Date
    Sep 2002
    Location
    The Restaurant at The End of The Universe
    Posts
    1,423
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    <?php // accesscontrol.php

    include("common.php");
    include(
    "db.php");
    $expiry 60*60*24*365// 365 days

    session_start();
    setcookie('uid'$uidtime()+$expiry"/");
    setcookie('pwd'$pwdtime()+$expiry"/");


    if(!isset(
    $uid)) {
      
    ?>
      <html>
      <head>
      <title> Please Log In for Access </title>
      <LINK REL=STYLESHEET TYPE="text/css" HREF="stocksol.css">
      </head>
      <body>
      <h1> Login Required </h1>
      <p>blahblah  .., <a href="signup.php">click here</a> blah .</p>
      <p><form method="post" action="<?=$PHP_SELF?>">
        Pilot Name: <input type="text" name="uid" size="8"><br>
        Password: <input type="password" name="pwd" SIZE="8"><br>
        <input type="submit" value="Log in">
      </form></p>
      </body>
      </html>
      <?php
      
    exit;
    }

    session_register("uid");
    session_register("pwd");


    dbConnect("dbname");
    $sql "SELECT * FROM user WHERE userid = '$uid' AND password = PASSWORD('$pwd')";
    $result mysql_query($sql);
    if (!
    $result) {
      
    error("A database error occurred while checking your ".
            
    "login details.\nIf this error persists, please ".
            
    "contact .");
    }

    if (
    mysql_num_rows($result) == 0) {
      
    session_unregister("uid");
      
    session_unregister("pwd");
    setcookie('uid'$uidtime()-$expiry"/");
    setcookie('pwd'$pwdtime()-$expiry"/");


      
    ?>
      <html>
      <head>
      <title> Access Denied </title>
      <LINK REL=STYLESHEET TYPE="text/css" HREF="stocksol.css">
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your Pilot Name or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$PHP_SELF?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
      </body>
      </html>
      <?php
      
    exit;
    }

    $username mysql_result($result,0,"userid");
    $squad mysql_result($result,0,"squad");
    $faction mysql_result($result,0,"faction");
    $userlvl mysql_result($result,0,"userlvl");
    ?>

  2. #52
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hmm... could be that the cookie registration is overriding the cookie deregistration. Try this:
    PHP Code:
    <?php // accesscontrol.php

    include("common.php");
    include(
    "db.php");
    $expiry 60*60*24*365// 365 days

    session_start();

    if(!isset(
    $uid)) {
      
    ?>
      <html>
      <head>
      <title> Please Log In for Access </title>
      <LINK REL=STYLESHEET TYPE="text/css" HREF="stocksol.css">
      </head>
      <body>
      <h1> Login Required </h1>
      <p>blahblah  .., <a href="signup.php">click here</a> blah .</p>
      <p><form method="post" action="<?=$PHP_SELF?>">
        Pilot Name: <input type="text" name="uid" size="8"><br>
        Password: <input type="password" name="pwd" SIZE="8"><br>
        <input type="submit" value="Log in">
      </form></p>
      </body>
      </html>
      <?php
      
    exit;
    }

    session_register("uid");
    session_register("pwd");

    dbConnect("dbname");
    $sql "SELECT * FROM user WHERE userid = '$uid' AND password = PASSWORD('$pwd')";
    $result mysql_query($sql);
    if (!
    $result) {
      
    error("A database error occurred while checking your ".
            
    "login details.\nIf this error persists, please ".
            
    "contact .");
    }

    if (
    mysql_num_rows($result) == 0) {
      
    session_unregister("uid");
      
    session_unregister("pwd");
      
    setcookie('uid'$uidtime()-$expiry"/");
      
    setcookie('pwd'$pwdtime()-$expiry"/");


      
    ?>
      <html>
      <head>
      <title> Access Denied </title>
      <LINK REL=STYLESHEET TYPE="text/css" HREF="stocksol.css">
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your Pilot Name or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$PHP_SELF?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
      </body>
      </html>
      <?php
      
    exit;
    }
    else {
      
    setcookie('uid'$uidtime()+$expiry"/");
      
    setcookie('pwd'$pwdtime()+$expiry"/");
    }

    $username mysql_result($result,0,"userid");
    $squad mysql_result($result,0,"squad");
    $faction mysql_result($result,0,"faction");
    $userlvl mysql_result($result,0,"userlvl");
    ?>
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  3. #53
    Now with customized title Jump's Avatar
    Join Date
    Sep 2002
    Location
    The Restaurant at The End of The Universe
    Posts
    1,423
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well that stoped the page from locking up. Only time will tell if it keeps me logged in. Thanks alot.

  4. #54
    SitePoint Enthusiast lupulet's Avatar
    Join Date
    Oct 2001
    Location
    romania
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Talking thanks guys

    I was so confused why i keep getting ugly errors for a simple session_start() ... But after i read this topic...gotcha...it needed to be in the first line...thx

    and by the way, kevin, thanks for "managing user..." article
    you'll never be what you desire

  5. #55
    SitePoint Member
    Join Date
    Oct 2000
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Change password

    Kevin,
    In the reply that gets eMailed, from signup.php

    Your personal login ID and password are as
    follows:

    userid: $newid
    password: $newpass

    You aren't stuck with this password! Your can
    change it at any time after you have logged in.
    You didn't include the code and, altho it's probably simple, I couldn't find anything after a LOT of searching. Do you have an example just lyin' around?

    Thanx,
    Phred

  6. #56
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Simple just-lying-around code submitted for your inspection:
    PHP Code:
    <?
    include('accesscontrol.php');

    if (
    $chgpw == ""):
    html_header(); // Print standard page header
    ?>
    <p>This page will become a little more functional later,
     but for now you can change your password if you wish:</p>
    <form action="<?=$PHP_SELF?>" method=post>
    <center>
    <table border=0 cellpadding=0 cellspacing=0>
    <tr>
        <td align=right><p>New password: <input
     type=password name=newpw></td>
    </tr>
    <tr>
        <td align=right><p>Retype: <input type=password
     name=newpw2></td>
    </tr>
    <tr>
        <td align=right><input type=submit name=chgpw
     value="   OK   "></td>
    </tr>
    </table>
    </form>
    <?
    else:
        if (
    $newpw != $newpw2) {
            
    error_message("The two password fields did
     not match! Please try again."
    );
        }
        if (
    $newpw == "") {
            
    error_message("You did not provide a
     password. Please try again."
    );
        }
        
    $sql "UPDATE user SET password=PASSWORD('$newpw')
     WHERE userid='
    $userid'";
        if (
    mysql_query($sql)):
        
    // Update the password in the user's session
        
    $userpassword=$newpw;
        
    html_header();
        
    ?>
        <p><STRONG>Password change successful!</STRONG></p>
        <p>Your password has been changed! Click
     <a href="index.php">here</a> to return to the main page of
     the Web site.</p>
        <?
        
    else:
            
    error_message("A database error occurred
     while processing your request.\\nIf the problem persists,
     please contact [email]you@email.com[/email].\\n"
    .
     
    mysql_error());
        endif;
    endif;
    html_footer();
    ?>
    Last edited by Kevin Yank; Dec 2, 2002 at 02:35.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  7. #57
    SitePoint Member
    Join Date
    Dec 2002
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    problem with returning to appropriate page after login script

    hi there,

    i'm a beginner trying to get some experience with php and mysql.

    when i try the script mentioned in the article i don't get sent to the appropriate page after a successful login. it looks to me like i'm getting stuck in the login script and i don't know why. other than that everything works fine.

    if anybody has any suggestions i'd greatly appreciate it.

    jason

  8. #58
    SitePoint Wizard johnn's Avatar
    Join Date
    Mar 2001
    Location
    Southern California, USA
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Since you don't post your code, I guess you probably use the latest PHP version. If so, you need to use for example, use $_GET['name'] instead of $name, since the register global was turned off. This is very common error, numerous of beginner threads posted about this.

  9. #59
    SitePoint Addict thoresson's Avatar
    Join Date
    Dec 2002
    Location
    Gothenburg, Sweden
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Problem running the login-script in PHP 4.2.2

    Hi,

    I'm trying to understand sessions, and have made some progress. I'm at the moment trying to get Kevin Yank's login-script up and running, but without 100 percent success.

    I've made some modifications to the script, to have it work under PHP 4.2.2.

    The script is split up in two major parts: bilder.php, which is the main script, and accesscontrol.php, which should check wether a valid username and password are entered or is already entered.

    The first time bilder.php is run, everything works fine. accesscontrol.php gets called, and since I've not logged in, a log in-form is displayed. I enter a valid username and password, which is checked in a MySQL-table and get the green light.

    But then the scripts forget that I've already logged in, and presents the log in-form over and over again.

    PHP Code:
    <?php

    # bilder.php

    include ("db_functions.php");
    include (
    "html_functions.php");
    include (
    "accesscontrol.php");
    include (
    "bilder_functions.php");

    session_start();

    define ("INITIAL_PAGE"0);
    define ("LOGOUT"1);



    # start

    $title "bilder";
    $header " ";
    html_begin ($title$header);

    # if $action is empty, show the start page

    if (empty($action)) 
        
    $action INITIAL_PAGE;
    if(isset(
    $_REQUEST["action"])) {
        
    $action $_REQUEST["action"];
    }

    # examine $action

    switch ($action
        {
        case 
    INITIAL_PAGE:
            
    accesscontrol();
            
    menu();
            break;

        case 
    LOGOUT:
            
    accesscontrol();
            
    logout();
            break;
        
        default:
            die(
    "Unknown action: $action");
    }


    html_end();
    ?>
    PHP Code:
    <?php
    function accesscontrol() {
        

    # accesscontrol.php - include-file to control that user is logged in

    session_start();

    # check if either $_POST['uid'] or $_SESSION['uid'] is set

    if(!isset($_POST['uid']) AND !isset($_SESSION['uid'])) {
    $title "log in";
    $header " ";
    html_begin ($title$header);
    ?>
    <H2>You are not logged in.</H2>
    <p> To see the pictures you need a username and a password. If you don't have these, send a <A HREF="mailto:listor@thoresson.net">mail</A>. </p>
    <p> <FORM METHOD="POST" ACTION="<?=$_SERVER['PHP_SELF']?>">
    <TABLE>
            <TR>
                <TD>Name:</TD>
                <TD><input name=uid type=text maxlength=20 size=15></TD>
            </TR>
            <TR>
                <TD>Password: </TD>
                <TD><input name=pwd type=password maxlength=10 size=15></TD>
            </TR>
            <TR>
                <TD></TD>
                <TD><input type=submit name=skicka value=" OK "> <input type=reset value="Clear"></TD>
            </TR>
    </TABLE>
    </FORM>
    </p>
    <?php
        html_end
    ();
        exit;
    }

    # if either $_POST['uid'] or $_SESSION['uid'] is set, here is where one end up

    $_SESSION['uid'] = $_POST['uid'];
    $_SESSION['pwd'] = $_POST['pwd'];
    $uid $_SESSION['uid'];
    $pwd $_SESSION['pwd'];

    # db_connect is my own function to connect to my database

    db_connect ("XXX""YYY""ZZZ");

    $sql "SELECT * FROM users WHERE userid = '$uid' AND password = PASSWORD('$pwd')";
    $result mysql_query($sql);
    if(!
    $result) {
        
    error("An error occured while your username and password were processed.\\n");
    }

    if(
    mysql_num_rows($result) == 0) {
        unset(
    $_SESSION['uid']);
        unset(
    $_SESSION['pwd']);

    $title "log in - error";
    $header " ";
    html_begin ($title$header);
    ?>
    <H2> Log in failure! </H2>
    <p> Your username or password was wrong. <A HREF="<?=$_SERVER['PHP_SELF']?>">Try again</A>.
    <?php
    html_end
    ();
    exit;
    }
    $_SESSION['username'] = mysql_result($result,0,"fullname");
    }
    ?>

    My non-educated guess is that there is something wrong with the line if(!isset($_POST['uid']) OR !isset($_SESSION['uid'])). Also, at the moment I have a session_start(); in both files. Right or wrong?


    Best regards,

    Anders

  10. #60
    SitePoint Wizard johnn's Avatar
    Join Date
    Mar 2001
    Location
    Southern California, USA
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    I haven't tried 'action', action is an input field? Really? If not you probably need to create a hidden field 'action'. Anyway, this line
    PHP Code:
    if (empty($action)) 
        
    $action INITIAL_PAGE
    $action is always empty. Edit:
    As I posted above your post, you need $_GET['action'] if pass variable in a query string. If you use hidden field with POST form then use $_POST['action']
    Last edited by johnn; Dec 17, 2002 at 03:21.

  11. #61
    SitePoint Addict thoresson's Avatar
    Join Date
    Dec 2002
    Location
    Gothenburg, Sweden
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by johnn
    $action is always empty.
    I'm using lines like this:

    PHP Code:
     printf("<A HREF=\"%s?action=%d\">"$_SERVER['PHP_SELF'], LOGOUT); 
    in the function menu(). It does work in other scripts I've build with the similiar syntax. Was I just lucky than, and should do it some other way?

    Needless to say(?), I just a few weeks in to PHP.

    Best regards,

    Anders

  12. #62
    SitePoint Wizard johnn's Avatar
    Join Date
    Mar 2001
    Location
    Southern California, USA
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, then you passed it in the query string before I didn't see it, then to use it in the script you passed it to, use $_GET['action']

  13. #63
    SitePoint Addict thoresson's Avatar
    Join Date
    Dec 2002
    Location
    Gothenburg, Sweden
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But from what I can tell it isn't the action-parameter that's the problem, but rather that the session variables isn't set the right way.

    Is this line ok?

    PHP Code:
    if(!isset($_POST['uid']) OR !isset($_SESSION['uid'])) 
    To me it looks like that that IF-rule doesn't "see" when $_SESSION['uid'] is set.

  14. #64
    SitePoint Addict thoresson's Avatar
    Join Date
    Dec 2002
    Location
    Gothenburg, Sweden
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've rebuilt accesscontrol.php to check variables in three steps:

    1) If $_POST['uid'] is set, validate against the MySQL DB and if ok register session variables in $_SESSION

    2) If $_SESSION['uid'] is set, validate against the MySQL DB.

    3) If neither $_POST['uid'] or $_SESSION['uid'] is set, show the login form.

    Like this:

    PHP Code:
    <?php

    function accesscontrol() {
        

    # accesscontrol.php - include-file to control that user is logged in

    session_start();

    # check if $_POST['uid'] is set - validate and register session-variables 

    if(isset($_POST['uid'])) {

        
    $_SESSION['uid'] = $_POST['uid'];
        
    $_SESSION['pwd'] = $_POST['pwd'];
        
    $uid $_SESSION['uid'];
        
    $pwd $_SESSION['pwd'];

    # db_connect is my own function to connect to my database

        
    db_connect ("anders""aze75""samp_db");

        
    $sql "SELECT * FROM users WHERE userid = '$uid' AND password = PASSWORD('$pwd')";
        
    $result mysql_query($sql);
        if(!
    $result) {
            
    error("An error occured while your username and password were processed.\\n");
        }

        if(
    mysql_num_rows($result) == 0) {
            unset(
    $_SESSION['uid']);
            unset(
    $_SESSION['pwd']);

        
    $title "log in - error";
        
    $header " ";
        
    html_begin ($title$header);
        
    ?>
        <H2> Log in failure! </H2>
        <p> Your username or password was wrong. <A HREF="<?=$_SERVER['PHP_SELF']?>">Try again</A>.
        <?php
        html_end
    ();
        exit;
    }
        
    $_SESSION['username'] = mysql_result($result,0,"fullname");
        
    $_SESSION['logged_in'] = true;

    }


    # check if $_SESSION['uid'] is set - validate

    if(isset($_SESSION['uid'])) {

        
    $uid $_SESSION['uid'];
        
    $pwd $_SESSION['pwd'];

    # db_connect is my own function to connect to my database

        
    db_connect ("anders""aze75""samp_db");

        
    $sql "SELECT * FROM users WHERE userid = '$uid' AND password = PASSWORD('$pwd')";
        
    $result mysql_query($sql);
        if(!
    $result) {
            
    error("An error occured while your username and password were processed.\\n");
        }

        if(
    mysql_num_rows($result) == 0) {
            unset(
    $_SESSION['uid']);
            unset(
    $_SESSION['pwd']);

        
    $title "log in - error";
        
    $header " ";
        
    html_begin ($title$header);
        
    ?>
        <H2> Log in failure! </H2>
        <p> Your username or password was wrong. <A HREF="<?=$_SERVER['PHP_SELF']?>">Try again</A>.
        <?php
        html_end
    ();
        exit;
    }
    }

    # if neither $_POST['uid'] or $_SESSION['uid'] is set, here is where one end up

    else {

    $title "log in";
    $header " ";
    html_begin ($title$header);
    ?>
    <H2>You are not logged in.</H2>
    <p> To see the pictures you need a username and a password. If you don't have these, send a <A HREF="mailto:listor@thoresson.net">mail</A>. </p>
    <p> <FORM METHOD="POST" ACTION="<?=$_SERVER['PHP_SELF']?>">
    <TABLE>
            <TR>
                <TD>Name:</TD>
                <TD><input name=uid type=text maxlength=20 size=15></TD>
            </TR>
            <TR>
                <TD>Password: </TD>
                <TD><input name=pwd type=password maxlength=10 size=15></TD>
            </TR>
            <TR>
                <TD></TD>
                <TD><input type=submit name=skicka value=" OK "> <input type=reset value="Clear"></TD>
            </TR>
    </TABLE>
    </FORM>
    </p>
    <?php
        html_end
    ();
        exit;
    }
    }
    ?>
    Now everything seems to work just fine.

    But another question: At the moment I've got a session_start() both in accesscontrol.php and in the main script bilder.php. Is that needed?

    Best regards,

    Anders

  15. #65
    SitePoint Member
    Join Date
    Dec 2002
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Avoiding access to db everytime?

    I am fairly new to PHP & Web development. I found the article really interesting and really liked the PHPSELF idea.

    With the techinique you are suggesting the database get accessed everysingle time the user go to a page (this in order to check that the username/password combination is correct).

    I would have thought that it could be possible to store in the sessions variables (with session_register) that the user has logged on and therefore no further check is needed.

    I would appreciate people's comments on this.

    Cheers!

  16. #66
    SitePoint Addict thoresson's Avatar
    Join Date
    Dec 2002
    Location
    Gothenburg, Sweden
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Avoiding access to db everytime?

    I've been thinking about that, me too. I thought that it might add extra security to check the username and password everytime, instead of storing a variable, say $_SESSION['loggedin'] = true.

    But perhaps it doesn't, but just add an extra burdon on the database?

  17. #67
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Checking the user's credentials in the database for every request ensures that if you remove a user's access rights while they're logged in, they will be kicked off the site immediately.

    If you cache the loged-in state in a session variable as you suggest, anyone who has even momentary access to your site can keep that access so long as they keep their session alive.

    The choice is yours, but in my experience it's not worth sacrificing a bit of security to save a single database query.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  18. #68
    SitePoint Enthusiast lauriek's Avatar
    Join Date
    Dec 2002
    Posts
    74
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ooh this is tricky stuff! I'm completely new to PHP and MYSQL, have just finished going through Kevin's book for the first time, and I am trying to set up this access control bit. I seem to be having the same problem as thoresson, but I thought I'd got round it yesterday. My problem is that I have two PC's I'm developing on and PHP seems to be setup slightly differently on each. I have the following access control script -

    PHP Code:


    <?php

    session_start
    ();

    include(
    "common.php");
    include(
    "db.php");

    $uid=$_POST['uid'];
    if(
    $uid=="") {
        
    $uid=$_SESSION['uid'];
    }
    $openpwd=$_POST['pwd'];
    if(
    $openpwd=="") {
        
    $openpwd=$_SESSION['pwd'];
    }

    //echo $uid;

    $salt=substr($openpwd02);
    $cryptpwd=crypt($openpwd$salt);
    $pwd=$openpwd;

    $thispage=$PHP_SELF;
    if(
    $thispage=="") {
        
    $thispage=$_SERVER['PHP_SELF'];
    }

    if(!isset(
    $uid)) {

        
    ?>

    <html>
    <head>
    <title> Please Log In for Access </title>
    <link rel="stylesheet" href="/local.css">
    <link rel="stylesheet" href="moviedb.css">
    </head>
    <script language="Javascript">
    <!--

    grabUrl=document.location.search.substring(1);
    if(grabUrl!="") {
        var urlParams=new Array();
        var urlParamSets=grabUrl.split("&");
        for(f=0;f<urlParamSets.length;f++) {
            thisParamSet=urlParamSets[f];
            var thisParam=thisParamSet.split("=");
            thisParamName=thisParam[0];
            thisParamValue=thisParam[1];
            if(urlParams.length==0) {
                nextItem=0;
                nextValue=1;
            } else {
                nextItem=urlParams.length+1;
                nextValue=urlParams.length+2;
            }
            urlParams[nextItem]=thisParamName;
            urlParams[nextValue]=thisParamValue;
        }
    } else { urlParams=""; }

    // -->
    </script>
    <body>
    <?php
    include "header.inc";

    //echo "Supplied UID - $uid <br>\n";
    //echo "Supplied openpass - $openpwd <br>\n";
    //echo "Supplied cryptpass - $cryptpwd <br>\n";
    //echo "Supplied salt - $salt <br>\n";

    ?>

    <p> <font class=title><b>Login Required </b></font></p>
    <p>You must log in to access this area of the site. If you are
    not a registered user, <a href="useradd.php">click here</a>
    to sign up for instant access!</p>

    <p><form method="post" action="<?=$thispage?>">

    <script language="Javascript">
    <!--
    for(f=0;f<urlParams.length;f=f+2) {
        g=f++;
        opHtml="<input type='hidden' name='"+urlParams[g]+"' value='"+urlParams[f]+"'>"
    //    alert(opHtml);
        document.writeln(opHtml);
    }

    // -->
    </script>

    <table border=0>
    <tr>
    <td align=right>User ID:</td><td><input type="text" name="uid" size="20"></td>
    </tr>
    <tr>
    <td align=right>Password:</td><td><input type="password" name="pwd" SIZE="20"></td>
    </tr>
    <tr><td colspan=2 align=center><input type="submit" value="Log in"></td></tr>
    </table>

    </form></p>

    <?php
    include "trailer.inc";
     
    ?>
    </body>
    </html>

    <?php

    exit;

    }

    $_SESSION['uid']=$uid;
    $_SESSION['pwd']=$pwd;

    //session_register("uid");
    //session_register("pwd");

    dbConnect("moviesowned");
    $sql "SELECT * FROM users WHERE EmailAddress = '$uid' AND password = '$cryptpwd'";
    $result mysql_query($sql);
    if (!
    $result) {
        
    error("A database error occurred while checking your " "login details.\\nIf this error persists, please " "contact [email]kevin@sitepoint.com[/email].");
    }

    if (
    mysql_num_rows($result) == 0) {
        
    session_unregister("uid");
        
    session_unregister("pwd");

        
    ?>

    <html>
    <head>
    <title> Access Denied </title>
    <link rel="stylesheet" href="moviedb.css">
    <link rel="stylesheet" href="/local.css">
    </head>
    <body>
    <?php include "header.inc"?>

    <h1> Access Denied </h1>

    <?php

    echo "Supplied username - !" $uid "!<br>\n";
    echo 
    "Supplied password - !" $openpwd "!<br>\n";
    echo 
    "Supplied salt - !" $salt "!<br>\n";
    echo 
    "Crypted password - !" $cryptpwd "!<br>\n";

    ?>

    <p>Your user ID or password is incorrect, or you are not a
    registered user on this site. To try logging in again, click
    <a href="<?=$thispage;?>">here</a>. To register for instant
    access, click <a href="useradd.php">here</a>.</p>

    <?php include "trailer.inc"?>
    </body>
    </html>

    <?php

    exit;
    }

    $username mysql_result($result,0,"UserName");

    ?>

    Which was working fine on one PC yesterday, but I've transferred all my scripts to another PC and now the uid is not being kept between pages. I have put in some debug echos so I can see whats happening and the funny thing is that the pwd is being kept between pages but the uid is being lost. I am pulling out my hair trying to see whats wrong! Any pointers much appreciated!

    To clarify, I have to log in to each and every page which includes this accesscontrol script, the UID is lost between pages, somehow the PWD is remembered!

    Laurie

  19. #69
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Without actually runnning the script myself, it certainly all looks like it should work.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  20. #70
    SitePoint Enthusiast lauriek's Avatar
    Join Date
    Dec 2002
    Posts
    74
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've fixed it, I don't understand how but its working! I changed this bit -

    PHP Code:

    $uid
    =$_POST['uid'];
    if(
    $uid=="") {
        
    $uid=$_SESSION['uid'];

    to this -

    PHP Code:

    $uid
    =$_SESSION['uid'];
    if(
    $uid=="") {
        
    $uid=$_POST['uid'];

    and now it works okay! Can anyone advise the url of a good tutorial about these different variables - _GET, _SESSION, _POST etc?

    Thanks!

    Laurie

    ps Kevin, thanks for the excellent book, I struggled to get anything working in the past with php and mysql but now things are starting to come together!!

  21. #71
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  22. #72
    SitePoint Member
    Join Date
    Dec 2002
    Location
    Northwestern Kansas, USA
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's a curious bit of garbage that appears at the top of the page occasionally (not every time) following an exit from a page that destroys the current session (a "logout" page that has a "session_destroy(); at the top):

    ------------------------
    HTTP/1.1 200 OK Date: Sat, 21 Dec 2002 01:47:24 GMT Server: Apache/1.3.22 (Unix) mod_perl/1.26 mod_throttle/2.11 PHP/4.1.0 FrontPage/4.0.4.3 mod_ssl/2.8.5 OpenSSL/0.9.6b X-Powered-By: PHP/4.1.0 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Keep-Alive: timeout=15, max=999 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html d0c
    -------------------------

    I'm sure I'll get to the bottom of it eventually, probably something ignorant I'm doing with my session, but does anyone happen to know what this is? Is it an expired session throwing up all over the place? Just guessing at this point...meanwhile I'm doing some more reading...

    Thanky,
    kate (...and reaching for the sponge mop...)

  23. #73
    SitePoint Enthusiast
    Join Date
    Dec 2002
    Location
    Leeds, UK
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks to Kevin for the book and the Managing Users with Sessions tutorial. As a complete novice I feel like I've come a long way with PHP in the last few days.

    I just have a couple of small problems with the signup.php script. Everything works fine except when I try to submit the form with either blank fields or with an existing user name. It should result in an error message using the common.php include file but this doesn't happen.

    Can anyone see any errors with my script (see below). Greatly appreciate any help with this.

    PHP Code:

    <?php // signup.php

    include("common.php");
    include(
    "db.php");

    if (!isset(
    $submitok)):    
    // Display the user signup form    
    ?>        
    <html>    
    <head><title>New User Registration</title></head>    
    <body>
            <p><font color=orangered size=+1><TT><B>*</B></TT></font>
                   indicates a required field</p>
                   <form method=post action="<?=$PHP_SELF?>">
                   <table border=0 cellpadding=0 cellspacing=5>
                                <tr>
                                    <td align=right>
                                        <p>User ID</p>
                                    </td>
                                    <td>
                                        <input name=newid type=text maxlength=100 size=25>
                                        <font color=orangered size=+1><TT><B>*</B></TT></font>        
                                    </td>
                                </tr>
                                <tr>
                                    <td align=right>
                                        <p>Full Name</p>
                                    </td>
                                    <td>
                                        <input name=newname type=text maxlength=100 size=25>
                                        <font color=orangered size=+1><TT><B>*</B></TT></font>
                                    </td>
                                </tr>
                                <tr>
                                    <td align=right>
                                        <p>E-Mail Address</p>
                                    </td>
                                    <td>
                                        <input name=newemail type=text maxlength=100 size=25>
                                        <font color=orangered size=+1><TT><B>*</B></TT></font>
                                    </td>
                                </tr>
                                <tr valign=top>
                                    <td align=right>
                                        <p>Other Notes</p>
                                    </td>
                                    <td>
                                        <textarea wrap name=newnotes rows=5 cols=30></textarea>
                                    </td>
                                </tr>
                                <tr>
                                    <td align=right colspan=2>
                                        <hr noshade color=black>
                                        <input type=reset value="Reset Form">
                                        <input type=submit name="submitok" value="   OK   ">
                                    </td>
                                </tr>
                            </table>
                            </form>
    </body>
    </html>                        
                            
    <?php
    else:    // Process signup submission    
    dbConnect('db71423777');

    if (
    $newid=="" or $newname=="" or $newemail=="") {        
    error("One or more required fields were left blank.\\n".              
    "Please fill them in and try again.");    }

    // Check for existing user with the new id    
    $sql "SELECT COUNT(*) FROM user WHERE userid = '$newid'";    
    $result mysql_query($sql);    
    if (!
    $result) {            
        
    error("A database error occurred in processing your ".              
            
    "submission.\\nIf this error persists, please ".              
            
    "contact [email]info@danielprendergast.co.uk[/email] ERROR 1");    
    }    
    if (@
    mysql_result($result,0,0)>0) {        
        
    error("A user already exists with your chosen userid.\\n".              
            
    "Please try another.");    
    }

    $newpass substr(md5(time()),0,6);

    $sql "INSERT INTO user SET              
    userid = '
    $newid',              
    password = PASSWORD('
    $newpass'),              
    fullname = '
    $newname',              
    email = '
    $newemail',              
    notes = '
    $newnotes'";    
    if (!
    mysql_query($sql))        
    error("A database error occurred in processing your ".              
    "submission.\\nIf this error persists, please ".              
    "contact [email]info@danielprendergast.co.uk[/email] ERROR 2");

    // Email the new password to the person.    
    $message "G'Day!
    Your personal account for the Project Web Site
    has been created! To log in, proceed to the
    following address:
        [url]index.php[/url]
    Your personal login ID and password are asfollows:
        userid: 
    $newid    password: $newpass
    You aren't stuck with this password! You can
    change it at any time after you have logged in.
    If you have any problems, feel free to contact me at
    <info@danielprendergast.co.uk>.
    -Daniel Prendergast Project Webmaster"
    ;
        
    mail($newemail,"Your Password for the Project Website",         
        
    $message"From:Daniel Prendergast <info@danielprendergast.co.uk>");
    ?>    

    <html>    
    <head><title> Registration Complete </title></head>    
    <body>    
    <p><strong>User registration successful!</strong></p>    
    <p>Your userid and password have been emailed to       
    <strong><?=$newemail?></strong>, the email address       
            you just provided in your registration form. To log in,       
            click <a href="members.php">here</a> to return to the login       
            page, and enter your new personal userid and password.</p>    
    </body>    
    </html>    

    <?php
    endif;
    ?>

    Also, I'm new to sessions and cookies but have managed to adapt the script to store the user id for longer periods of time than a single session. Could anyone tell me how to remove the stored session ids from my system(I need to do this to help me test the scripts). I've tried clearing the cookies folder and system cache but the script is still logging me in automatically.

    Thanks

  24. #74
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    To begin with, you have some double quotes in your email message string that are not correctly escaped with backslashes. You can see in the code highlighting above how this prevents PHP from seeing where the message actually ends.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  25. #75
    SitePoint Member
    Join Date
    Jan 2003
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Toubles with $PHP_SELF

    Hi all,

    first of all let me thank Kevin for his great article.

    My problem is that I always get the same error message from the Apache Server (1.3.27, PHP 4.2.2, running at localhost on a Windows2000 workstation), saying: "Forbidden
    You don't have permission to access /OST/HTML_Seiten/< on this server".

    I created different files for the projects i am working on in my document-root htdocs. One of them is called "OST". In OST i have different files for HTML-pages (HTML_Seiten), php-scripts, images, and css.

    It seems to me that php can't handle the <?php-tag announcing the following php-code.

    Here is the line which causes all the trouble:

    <form method=post action="<?php echo $_SERVER['PHP_SELF']; ?>">

    Anybody has a clue what I missed and would like to help me?

    Cheers,

    thomlin


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •