Managing Users with PHP Sessions and MySQL

[Wbmstr84]

for the public/login/sub/users/ directory...

PHP Code:

 include '../../accesscontrol.php'; 


this accesses from two directories up. ../../../ goes three and so forth. Thats probably the easiest way for you to approach it. You could also just put the path from the root to it in as well...

PHP Code:

 include '/login/accesscontrol.php'; 


[deuce777]

for the public/login/sub/users/ directory...

PHP Code:

 include '../../accesscontrol.php'; 


this accesses from two directories up. ../../../ goes three and so forth. Thats probably the easiest way for you to approach it. You could also just put the path from the root to it in as well...

PHP Code:

 include '/login/accesscontrol.php'; 


any tips of how I can list the contents of the public/login/sub/user

so the can download them once the access the index?

example list the files, with a link to download the file?

here's what I got

PHP Code:

<? 
$dl = "http://www./public/login3/customer/$email/files"; 
$proof = "http://www./public/login3/customer/$email/upload/index.php"; 
$list = "<table width=500 border=1 bordercolor=#000000 style=\"border-collapse: collapse\">"; 
$list .= "<tr><td width=500><center><b>Click To Download</b></center></td></tr>"; 
$current_dir = /public/login3/customer/$email/files"; 
$dir = opendir($current_dir); 
while ($file = readdir($dir)) { 
$proof .= "<tr><td width=500><a href='$dl'>$file</a></center></td></tr>"; 
$list .= "<tr><td width=500><a href='$dl'>$file</a></center></td></tr>"; 
} 
$list .= "</table>"; 
echo $list;         

echo 
?>

[Wbmstr84]

The directory functions can be a handy tool to do just this:
PHP:

$path = '/path/to/folder/';

// Open a known directory, and proceed to read its contents
if (is_dir($path)) {
if ($dh = opendir($path)) {
while (($file = readdir($dh)) !== false) {
if (!is_dir($base . $file) && $file !== '.' && $file !== '..') {
echo "Filename: $file";
}
}
closedir($dh);
}
}

[deuce777]

The directory functions can be a handy tool to do just this:
PHP:

$path = '/path/to/folder/';

// Open a known directory, and proceed to read its contents
if (is_dir($path)) {
if ($dh = opendir($path)) {
while (($file = readdir($dh)) !== false) {
if (!is_dir($base . $file) && $file !== '.' && $file !== '..') {
echo "Filename: $file";
}
}
closedir($dh);
}
}

coool how do add that into a protected page?

[Kevin Yank]

First of all, your include belongs before any output on the page:

PHP Code:

<?php include 'accesscontrol.php'; ?><?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?>

Now, if your accesscontrol.php file is in a directory that is on your PHP include path, that will work fine. If it isn't, you'll need to provide the relative path to the include file, like this:

PHP Code:

<?php include '../../accesscontrol.php'; ?><?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?>

[Kevin Yank]

deuce777,

Please stop asking questions about storing files in user-specific directories on your server. This has nothing to do with the subject of the article, and belongs in a separate thread.

I'll delete any further posts on this subject in this thread.

[deuce777]

Works great

[Anonymous]

Hi, in this article:Managing Users with PHP Sessions and MySQL, your form request the 'userid' field to be filled in ,but if someone is requesting a new login how will hey have a user id if they are a new visitor?

WA

[Kevin Yank]

Users get to choose their own user ID by typing it into the signup form.

[Anonymous]

Hi, when I tried your scripts,(both for reistering and login), the login doesn't like 'session_start'();' as an error appears staing that 'Warning: Cannot send session cookie - headers already sent by'then ist states the path ending with common.php:22?

[Kevin Yank]

Hi, when I tried your scripts,(both for reistering and login), the login doesn't like 'session_start'();' as an error appears staing that 'Warning: Cannot send session cookie - headers already sent by'then ist states the path ending with common.php:22?

For session_start() to do its job, it needs to send HTTP headers to the browser. It can't do that if your script has already sent some HTML code to the browser, since HTTP headers must be sent before HTML code.

If you don't have any HTML tags outside of <?php ?> tags or echo() statements before you've called session_start(), then try looking for whitespace (spaces, line breaks, tab characters) outside your <?php ?> tags, which may be getting sent to the browser.

[fadeski]

The error messages don't work for me when I tested them out. I tried signing up with a username that's already in the database, or I tried submitting the form while leaving a field empty, but all that happens is that the page just reloads.

What I'm thinking is that it's probably this:

PHP Code:

if (@mysql_result($result,0,0)>0) 


The database shown in the article has:
ID
userid
password
fullname
email
notes

But mine is like this:
ID
date
name
password
email

So, are the errors not working because of this?

PHP Code:

if (@mysql_result($result,0,0)>0) 


Thanks.

[Anonymous]

this article was just what I needed for page by page authentication with sessions. Thanks.

[Anonymous]

Hey there, i have just installed this wonderfull script. It works great, what i would like to know, is there a php scipt that we can download which will enable the users to change there details (from orginal signup form)

i have looked throught the forums but cant find anything.

Thanks
Brock

[bjantke]

hey there i have just downloaded the script for making the accesscontrol.php user managemt from Kevin Yank,

i have been looking through the forum for information on how to display the users information that they had entered in during the sign up process and i couldnt find anything on how to do it.

could any body please help me with this.

Thanks
Brock

[random]

are you not meant to mysql_close($dbcnx); somewhere in that code?

[Kevin Yank]

mysql_close occurs automatically at the end of the script. The code could close the connection sooner if database connections were in short supply, however.

[deuce777]

Hello Kevin

If a user , has the cookies disabled in there, or there firewall or cookie block is enabled, can the you loggin with session, still work without the user having to re-sign in to each page?

or do I have to promt them, to enable the browser and disable there
firewall or cookie block each time, it seems like the sessions are being store in a cookie at the current set-up...

[fadeski]

Hi Kevin,

When I try to signup with a username that's already in the database, the error message doesn't display. Do you have an idea of what could be causing this? The page just re-loads with the fields still filled in, no error message.

Thanks.

[Kevin Yank]

If a user, has the cookies disabled in there, or there firewall or cookie block is enabled, can the you loggin with session, still work without the user having to re-sign in to each page?

Not by default. You need to enable PHP's cookieless sessions support. This is covered in detail in Chapter 12 of my book.

[deuce777]

I will read up on this, would you recomend this method since so many do block there cookies now of days , which is more of a pain with support, or would it be better to do a cookie check ,and redirect them can ask them to enable it, which i still think user will still , get turn off by having to do this.

[mw1508]

What a great script. Thanks Kevin.

Do you have any suggestions about how to protect a frames page? I have tried putting an include in my frameset document and this works well, but I also want to protect against a savvy user who tries to load an individual page that is not supposed to be viewed outside of a frame.

In that event I want to redirect to the frameset document when authentication has occurred. If I include the script in each page then I get the master login but but once the user successfully logs in I get another login page in each frame.

Any suggestions gratefully accepted.

Thanks, M

[jacobkball]

This is such a useful article. It's a great feeling when you get it all working, and customise it to suit your client's specific needs.

[random]

are sessions meant to be this insecure? i mean anyone can look at it, cant they or am i not looking at this right.

pass|s:4:"password";id|s:4:"random";

[Kevin Yank]

Where are you seeing that, random?