|
PHP - Need Help With Redirect To Secured Page And Back If Not A User
I need some help with a form being successfully submitted redirecting to a secure page. I already have the form code working and just need the part to redirect within an else statement. Also need to redirect a user back to the form page if they try and visit the secure page without being a member.
thanks in advance. Similar Tutorials
User Authentication Help By Using If Elseif And Else Statement And Redirect Page On 3 Differnet Urls
This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=330185.0 Below code is working fine but i need to redirect on 3 different pages and its giving me error. My table structure is as
User table
Email Password
admin@yahoo.com 123
tariq@yahoo.com 987
bilal@yahoo.com 456
if user name is like; admin@yahoo.com the page should redirect on welcome.php
if user name is like; info@aiousoft.com the page should redirect to welcome2.php
and if user doesnot exist in database then give error as ELSE "user doesnot exist"
thanks
signin.php
<html><head><title>Sign In</title></head><body> <?php include 'header.php'; ?> <?php include 'menu.php'; ?> <center> <form method="post" action="checklogin.php"> <h3>Please Signin</h3> <table width="400" border="0"> <tr><td>Email</td> <td><input name="email" type="text" id="email"></td></tr> <tr><td>Password</td> <td><input name="password" type="password" id="password"></td></tr> </table> <p><label> <input type="submit" email="submit" value="Submit"> </label><input email="reset" type="reset"> </p> </form> </center> </body> </html> checklogin.php <html><head><title>Check Login</title></head><body> <?php include 'header.php'; include 'menu.php'; $email=$_POST['email']; $password=$_POST['password']; @ $db = mysql_pconnect('localhost', 'root', ''); if (!$db) { echo 'Error: Could not connect to database. Please try again later.'; exit;} mysql_select_db('car'); $q=mysql_query("select * from user where email='".$email."' and password='".$password."' ") or die(mysql_error()); $res=mysql_fetch_row($q); if($res) { header('location:welcome.php'); } else { echo' Please signin again as your user name and password is not valid'; } ?> </body> </html> Attached Files header.php 284bytes 0 downloads menu.php 308bytes 0 downloads Please, take a look to the following code.After clicking Next it goes to overview.php.Why when I click back on my browser to return to this page again, it is not returning back? When I click back I receive "Confirm Form Resubmission" message. After refreshing page it loads page. I guess problem is in "session_start();" part. Something to do with cookies. Please, help me it is very urgent for me. <?php session_start(); echo "<html> <head> <title>Hello World</title> <meta http-equiv='Content-Type' content='text/html; charset=Windows-1252'/> </head>"; require_once ('functions.inc'); if(!isset($_POST['userid'])) { echo "<script type='text/javascript'>"; echo "window.location = 'index.php'"; echo "</script>"; exit; }else{ session_register("userid", "userpassword"); $username = auth_user($_POST['userid'], $_POST['userpassword']); if(!$username) { $PHP_SELF = $_SERVER['PHP_SELF']; session_unregister("userid"); session_unregister("userpassword"); echo "Authentication failed " . "Please, write correct username or password. " . "try again "; echo "<A HREF=\"index.php\">Login</A><BR>"; exit; } } function auth_user($userid, $userpassword){ global $default_dbname, $user_tablename; $user_tablename = 'user'; $link_id = db_connect($default_dbname); mysql_select_db("d12826", $link_id); $query = "SELECT username FROM $user_tablename WHERE username = '$userid' AND password = '$userpassword'"; $result = mysql_query($query) or die(mysql_error()); if(!mysql_num_rows($result)){ return 0; }else{ $query_data = mysql_fetch_row($result); return $query_data[0]; } } echo "hello"; echo "<form method='POST' name='myform' action='overview.php'>"; echo "<input type='submit' value='Next'>"; echo "</form>"; ?> Hi guys,
The idea of this script is to check if the website is under maintenance, and if it is, direct the user to the maintenance page. If the user is signed in, and has privileges to bypass the maintenance page and continue to look at the website, then they won't be redirected, but I can't seem to get it to work? I've checked all the tables in database, I've been through the code multiple times. It's not displaying an error, it's just running through the code and then doing nothing?
(Maintenance has already been set to '1' in the database)
index.php
<?php
include "core.php";
?>
<?
$updatecounter = mysql_query("UPDATE webviews SET count = count+1 WHERE id = '1'");
if (!$updatecounter) {
die ("Can't update the counter : " . mysql_error());
}
?>
core.php
<?php
session_start();
include "config.php";
include "security.php";
$id = $_SESSION['userinfo']['id'];
if ($_SESSION['logged'] == true) {
$qry="SELECT * FROM fuserights WHERE userid='$id'";
$result=mysql_query($qry);
if($result) {
if(mysql_num_rows($result) == 1) {
$checks = mysql_fetch_assoc($result);
$access = $checks['bypassmaintenance'];
}
}
if($access == 1)
{
}else {
$result = mysql_query("SELECT * FROM maintenance") or die(mysql_error());
while($row = mysql_fetch_assoc($result)) {
if($row['check'] == 1) {
header('location:/maintenance/');
}
}
}
}
?>
config.php
<?php
$server = "***";
$username = "***";
$password = "***";
$db_name = "***";
$connect = mysql_connect($server, $username, $password) or die(mysql_error());
mysql_select_db($db_name, $connect) or die(mysql_error());
mysql_query("SET NAMES utf8");
?>
security.php
<?php
$array = array(
"union",
"sql",
"mysql",
"database",
"cookie",
"coockie",
"select",
"from",
"where",
"benchmark",
"concat",
"table",
"into",
"by",
"values",
"exec",
"shell",
"truncate",
"wget",
"/**/",
"1=1",
"xss"
);
foreach ($array as $d) {
$string = security($_SERVER['QUERY_STRING']);
if (strpos(strtolower($string), $d) != false) {
$ip = $_SERVER['REMOTE_ADDR'];
$loc = $_SERVER['PHP_SELF'];
$browseros = $_SERVER['HTTP_USER_AGENT'];
$oslanguage = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
$date = date("d.m.Y / H:i:s");
$file = security('' . $loc . '?' . $string . '');
$type = "SQL Injection";
$queryvalid = mysql_query("SELECT * FROM `hacker-attacks` WHERE file='$file' and type='SQL Injection' LIMIT 1");
$validator = mysql_num_rows($queryvalid);
if ($validator > "0") {
echo '<meta http-equiv="refresh" content="0;url=index.php" />';
exit();
} else {
$log = "INSERT INTO `hacker-attacks` (ip, date, file, type, browseros, oslanguage) VALUES ('$ip', '$date', '$file', '$type', '$browseros', '$oslanguage')";
$result = mysql_query($log);
echo '<meta http-equiv="refresh" content="0;url=index.php" />';
exit();
}
}
}
function security($input)
{
$input = mysql_real_escape_string($input);
$input = strip_tags($input);
$input = stripslashes($input);
return $input;
}
$guestip = $_SERVER['REMOTE_ADDR'];
$querybanned = mysql_query("SELECT * FROM `bans` WHERE ip='$guestip'");
$banned = mysql_num_rows($querybanned);
$row = mysql_fetch_array($querybanned);
$reason = $row['reason'];
if ($banned > "0") {
die("<center><font size='7' color='red'><b>You are banned</b></font><br>
Reason: $reason<br> <br /><img src='images/banned.png' /></center>");
}
?>
Any help would be appreciated!
Thanks.
Hello, I'm having trouble trying to redirect users after they've logged in. My site shows different types of adverts but some adv are restricted to registered users, on the home page they can see the the title of the adv but if they click on the title and are not logged in then they are taken to the log in page, Now my problem is how do i then re-direct them back to the adv they were trying to see? if i just redirect them to index.php that won't help because index shows few adv. I hope that makes sense. Any help much appreciated. Hi, I just want to put up a simple page that has an NDA to which someone can either "agree" or "disagree" and then automatically be forwarded to specific pages accordingly (google and yahoo are just there for testing). Problem is that I keep getting and "Undefined Index" for both "agree" and "disagree". What am I doing wrong? Here is my code: Code: [Select] <form id="nda" name="nda" method="post" action=""> <input type="submit" name="agree" value="I agree" /> <input type="submit" name="disagree" value="I disagree" /> </form> <?php if($_POST['agree']){ header("Location: http://www.google.com"); } else if ($_POST['disagree']){ header("Location: http://www.yahoo.com"); } ?> Thanks! I have a paypal shopping cart form. Right now the form submits to paypals normal site and works fine. But the problem is the user can use firebug and change the price before sending to paypal. So i want the form to submit to my php script, where ill whatever is in the session, not what was posted, create an NVP string from that post, then POST that to paypal. I thought i could do this with cURL, but cURL always responds, it never actually takes the user to paypal with post. Is there a way to mimic what a form submit does completely in PHP? OKKK! good day please i have little problem that is now a mighty one before me. I added a login form to a page using Iframe modal class i got from tinybox2. I have been able to login the user and in use the HEADER function to redirect the user to their user_page but the direction is done in the I-frame and not the parent window. Now my problem is how do i close the iframe and still redirect the user to the next page. I tried some javascript but all to no avail .
THE LOGIN AND I-FRAME PAGE SCRIPT
<?php
if(empty($errors)=== true){
$login=login($username, $password);
if($login === false){
$errors[]='INVALID LOGIN DETAILS.... PLEASE CHECK YOUR DETAILS AND TRY AGAIN.';
}
else{
$_SESSION["user_id"]=$login;
?>
<script> parent.window.close();</script>
<?php
header("location:user_page.php");
}
}
if(empty($errors)=== false){
$_SESSION["errors"]=$errors[0];
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Login</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<meta name="apple-mobile-web-app-capable" content="yes">
<link href="css/signin.css" rel="stylesheet" type="text/css">
</head>
<body>
<div class="account-container">
<div class="content clearfix">
<form action="#" method="post">
<h1>Member Login</h1>
<div class="login-fields">
<p>Please provide your details</p>
<div class="field">
<label for="username">Username</label>
<input type="text" id="username" name="username" value="" placeholder="Username" class="login username-field" />
</div> <!-- /field -->
<div class="field">
<label for="password">Password:</label>
<input type="password" id="password" name="password" value="" placeholder="Password" class="login password-field"/>
</div> <!-- /password -->
</div> <!-- /login-fields -->
<input class="login-fields_submit" type="submit" name="login" value="Log In">
</form>
<?php if(isset($_SESSION["errors"])){?>
<h1 style="background:darkred;margin-bottom:-27px;font-size:9px !important;">
<?php echo $_SESSION["errors"]; unset($_SESSION["errors"]);?></h1><?php }?>
</div> <!-- /content -->
</div> <!-- /account-container -->
</body>
</html>
Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta Securing my upload folder “upl”
The upl folder is used to store anything that is uploaded by the user for their needs that is not a part of the back end, as such all content in this folder is subject to being locked down and and supplied after checking credentials.
The upl folder has an .htaccess file that locks down all remote access. order deny,allow deny from all
When something is needed from this directory we jump that wall with the help of apache after credentials are verified.
I think this is straight forward so far.
For images something like; <img src=”downloader.php?app=1&id=20&type=thumb”>
For files something like; <a href=”downloader.php?app=1&id=20&type=file&fileid=1212”>
After we check creds, we use similar to below to get data from that locked down folder.
$size = filesize($file);
header ( 'Content-Description: File Transfer' );
header("Content-Type: application/force-download");
header ( 'Content-Type: application/octet-stream' );
header ( "Content-Disposition: attachment; filename=\"".basename($file)."\"");
header ( 'Expires: 0' );
header ( 'Cache-Control: must-revalidate' );
header ( 'Pragma: public' );
header ( 'Content-Length: ' . filesize ( $file ) );
ob_clean();
flush();
readfile ( $file );
exit();
seems to work pretty swimmingly for the most part. My problem is (or at lease a mild nuisance) is that it seems that these images loaded in this manner are not subject to the cache system of a browser? It looks like they reload every time a page is visited. Is there a way around this?
i'm new to php and don't really know where to start here... i'm automating a system that scrapes a site for a particular pdf download link (got this far), downloads it, parses the pdf, etc... problem is that you must be logged in (while viewing in the browser) in order to access the pdf... if you're not logged in, you are redirected and the download fails... i do have a proper login... how would i go about utilizing my login in order automate the pdf download? is there a way to send the login with the url request? or open a stream, login, and retry the download? thanks I have the following code. Before back button was working. Now don't understand what happend but when I click Back button I receive "Webpage has expired" window in my browser. What may be the reason? Code: [Select] <html> <head> <title>Økern Frukt og Grønt</title> <link href="calendar/calendar.css" rel="stylesheet" type="text/css" /> <script language="javascript" src="calendar/calendar.js"></script> <style type="text/css"> textarea { resize: none; } </style> <meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"/> </head> <?php if(!isset($_POST['userid'])) { echo "<script type='text/javascript'>"; echo "window.location = 'login.html'"; echo "</script>"; exit; } require_once ('functions.inc'); require_once('calendar/classes/tc_calendar.php'); global $default_dbname; $link_id = db_connect($default_dbname); mysql_select_db("okern", $link_id); $letters1 = array ("A1", "B1", "C", "D","E", "F", "G", "H","I", "J", "K", "L", "M", "N", "O", "P","Q", "R", "S", "T","U", "V", "W", "X", "Y", "Z", "&#198", "&#216", "&#197"); $letters = array_merge(range("A", "Z"), array("&#38;#198", "&#38;#216", "&#38;#197")); echo "<table border='0' align='center'> <tr> <td colspan=3><b><center>Du har valgt f&#248lgende produkter</center></b></td> </tr> <tr> <th align=left>Produkt</th> <th align=left>Antall</th> <th align=left>Enhet</th> </tr>"; echo "<form method='POST' action='order.php'>"; $userid = $_POST['userid']; echo "<INPUT TYPE='hidden' NAME='userid' VALUE='$userid'>"; foreach($letters as $letter) { if(isset($_POST[$letter])) { $selected = $letter . '1'; $antall = $letter . '2'; $enhet = $letter . '3'; echo "<tr>"; echo "<td>" . "<INPUT TYPE='hidden' NAME='$selected' VALUE='$_POST[$selected]'>" . "$_POST[$selected]" . "</td>"; echo "<td>" . "<INPUT TYPE='hidden' NAME='$antall' VALUE='$_POST[$antall]'>" . "$_POST[$antall]" . "</td>"; echo "<td>" . "<INPUT TYPE='hidden' NAME='$enhet' VALUE='$_POST[$enhet]'>" . "$_POST[$enhet]" . "</td>"; echo "</tr>"; } } for ($i = 1; $i < 400; $i++) { if (isset($_POST[$i])){ $selected = 'a' . $i; $antall = 'antall' . strval($i); $enhet = 'enhet' . strval($i); echo "<tr>"; echo "<td>" . "$_POST[$selected]" . "</td>"; echo "<td>" . "$_POST[$antall]" . "</td>"; echo "<td>" . "$_POST[$enhet]" . "</td>"; echo "</tr>"; } } echo "<tr height=10></tr> <tr><td colspan=2>Velg dato for bestillingen:</td> <td colspan=1>"; $myCalendar = new tc_calendar("date5", true, false); $myCalendar->setIcon("calendar/images/iconCalendar.gif"); $myCalendar->setDate(date('d'), date('m'), date('Y')); $myCalendar->setPath("calendar/"); $myCalendar->setYearInterval(2000, 2015); $myCalendar->dateAllow('2008-05-13', '2015-03-01'); $myCalendar->setDateFormat('j F Y'); $myCalendar->setAlignment('left', 'bottom'); $myCalendar->setSpecificDate(array("2011-04-01", "2011-04-04", "2011-12-25"), 0, 'year'); $myCalendar->writeScript(); echo "<INPUT TYPE='hidden' NAME='date' VALUE='this.form.date5.value'>"; echo "</td></tr>"; echo "<tr height=10></tr><tr> <td colspan=3>Skrive din melding nedenfor:</td> </tr>"; echo "<tr> <td colspan=3><textarea name='melding' cols='50' rows='5' resize=none></textarea></td> </tr>"; echo "<tr> [b]<td><center><input type='button' value='Tilbake' onClick='history.go(-1)'></center></td>[/b] <td colspan=2><center><input type='submit' value='Bestil'></center></td> </tr>"; echo "</form>"; echo "</table>"; ?> </html> Hi, I have a, let's call it, Main page, and it refreshes every 5 seconds to check the database... If it finds a result, it kills the refresh function and allows a DIV to call a page into itself via another function on the Main page, which refreshes every second, it's a timer count down clock... The problem is, that if the timer runs down to zero, I have it do a lot of things, but then I need it to either refresh the Main page, redirect the Main page, or close the Main page entirely... Does anyone know how I could perform either 3 of those actions from within the page that's inside of the DIV? Which is better? Why and why not? An image is secured in the root directory, to be displayed to customer in html document.
This image can be displayed as a link to a php readfile page Thank you. An image is secured in the root directory, to be displayed to customer in html document.
This image can be displayed as a link to a php readfile page Which is better? Why and why not? Thank you. Edited yesterday at 01:15 PM by ChenXiuOk i have a question about a dynamic website.. What i have is a site that takes content from the MySQL database and load it into the index.php file. And i know how to change the content of the page when i move around in the navigation, e.g when i click on the "HOME" tab, the content for the home page is shown and when i click on "ABOUT", the information about my site is shown and so on.. Now for my question! I want the content too move everyday automaticly. For example, today i type in some content in the MySQL database that i want to be shown on my website for today. But tomorrow i want the content to have been moved to page 2, and the next day page 3 and so on.. So that everyday i can type in new content, and all the old pages get pushed back one page if that makes sense? Sorry but I have no actuall code for this cause i don't know how to start, but i guess you could use dates and "if else" statements to determine when the pages should be moved and not. Example code would be greatly appriciated! And when i say moved between pages, i mean like this: Today: www.mywebsite.com/index.php?pageid=1 - example 2 www.mywebsite.com/index.php?pageid=2 - example 1 www.mywebsite.com/index.php?pageid=3 - empty Tomorrow: www.mywebsite.com/index.php?pageid=1 - example 3 www.mywebsite.com/index.php?pageid=2 - example 2 www.mywebsite.com/index.php?pageid=3 - example 1 This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=321154.0 Hello everyone. I am writing this order/feedback form using a php script.
Every time i hit submit, the html page (that has the form inside) just reloads and does not perform the script
could anyone give me some pointers in my code the form/php?
I have made sure they are linked verbatim
I am a nube so please forgive my inexperience
Here is the form in the html , down below it is the corresponding php code for the form
when the user clicks the submit button from a html form, it needs to go back two pages with that loaded page refreshed. for the javascript i only have history.go(-2); with php, I have tried cookies and sessions which i discovered that neither will work because the loaded page is not refreshed. I could do a html body onload but that would break the w3c validator. what are my options?
|
|||||||