|
PHP - Login Security Issue
i just discovered a hole in my scripts relating to access .
1. have a simple login form 2. based on the type of user , he is directed to a page for his options . 3. I now realise that altho each page therefter checks for sessions of the user , he can easily change the url to that of another user and there is no way to prevent it. 4. How can i make sure that each time a page is accessed it is only by the user whom it is meant for. Relevant code snippets below . Thanks ! Swati login.php --------- <?php //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); //Process this if statement only if form was submitted if($_POST['submit']){ session_start(); $username=$_POST['username']; $password=$_POST['password']; include ("link.php"); // contains db info //Test for login success $sql = "SELECT * FROM Users WHERE Username='$username' AND Password = '$password'"; $result = mysql_query($sql); if ($myrow = mysql_fetch_assoc($result)){ // echo $sql; $login_success = 'Yes'; $userid = $myrow["Userid"]; $usertype = $myrow["UTID"]; $status = "On"; $url = $PHP_SELF."?".$_SERVER['QUERY_STRING'];; $logout = 'logout.php'; $_SESSION['id']=session_id(); $_SESSION['userid']=$userid; $_SESSION['usertype']=$usertype; $sql2= "insert into Log (Sessionid,Userid,IP,Date,File, Status) values('$_SESSION[id]','$userid','$ip','$tm', '$url', '$status')"; $result2 = mysql_query($sql2) or die ('no access to database: ' . mysql_error()); // echo mysql_error(); } } } ?> Each subsequent page has this header ============================== <? header("Cache-Control: public"); include ("log.php"); //db info for DB along with session start if(!isset($_SESSION['userid'])){ echo "<center><font face='Calibri' size='2' color=red>Sorry, Please login and use this page </font></center>"; exit;} ?> The url of each page : Code: [Select] www.abc.com/example/type1.php?Userid=USER1ID and such a user can easily change the url to Code: [Select] www.abc.com/example/type2.php?Userid=USER1ID and access all the options of type2.php Similar TutorialsCan someone please help to find the most important login precautions in terms of security. For example, I'think the most important is: 1. string escaping, prevent SQL injections 2. 3. ... I know It's hard to find and consider all of them, that's why I'd like to have a list of the most important. I am a bit concerned about using this code here, is there anyway of better authenticating a user? Just concerned about the usual ones like session hijacking, not really SQL injection (as I have put mysql_real_escape_string function below), but also XSS attacks etc, how would I go about improving this script? <?php ini_set('display_errors', 0); require_once 'header.html'; require_once 'db.functions.php'; require_once 'config.php'; $message = 'To login please enter your user information below'; $database = dbConnect($host, $username, $password, $database); // should output 1 or nothing at all! if($database == true) { if(array_key_exists('submit',$_POST)) { if($_POST['username'] != '' && $_POST['password'] != '') { // carry on with logging in process: $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string(sha1($_POST['password'])); $sql = "SELECT username, password FROM users WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql); if($result) { // query worked now try and log them in: $result = mysql_num_rows($result); if($result == 1) { // do a query to retrieve users information: $sql = "SELECT username, password FROM users WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql); $user = mysql_fetch_array($result); session_start(); $_SESSION['login'] = 1; $_SESSION['username'] = $user[0]; header("location: index.php"); } else { $message = 'You entered a wrong username or password please try again'; } } else { $message = 'Could not query database for some reason, please try again later'; } } else { // output an error message to the user: $message = 'You did not enter all the required fields to login, please retry'; } } } else { $message = 'Could not connect to database, please try again later'; } printf("<p>%s</p>",$message); echo <<<USER_LOGIN <form id="login" name="login" method="post" action="{$_SERVER['PHP_SELF']}"> <p><label for="username">Username: </label> <input type="text" id="username" name="username" value="{$username}" /> </p> <p><label for="password">Password: </label> <input type="password" id="password" name="password" value="" /> </p> <input type="submit" id="submit" name="submit" value="Login" /> </form> USER_LOGIN; require_once 'footer.html'; Works quite well to be honest, but just wondered if there's anything I can do to improve my example blogs security, any suggestions are helpful, Jez. I'm trying to create a simple session on a form page that determines if you've signed in. If you haven't, it kicks you to the login page. But for some reason, what I have isn't doing that. When I open the page, it loads, but only prints the url on a blank page, instead of actually going to the url. Code: [Select] <html> <title>form</title> <link rel="stylesheet" type="text/css" href="style.css"> <body> <?php session_start(); if(isset($_SESSION['id']) && is_numeric($_SESSION['id'])) { if (isset($_POST['submitted'])) { $errors = array(); if (empty($_POST['scientific_name'])) { $errors[] = 'you forgot to enter the scientific name'; } else { $sn = trim($_POST['scientific_name']); } if (empty($_POST['common_name_english'])) { $errors[] = 'you forgot to enter the common name'; } else { $cne = trim($_POST['common_name_english']); } $description4 = trim($_POST['common_names_spanish']); $description5 = trim($_POST['common_names_french']); $description6 = etc. etc. if (empty($errors)) { require_once ('3_z_mysq1_c0nn3ct.php'); $query = "INSERT INTO plantae (scientific_name, common_name_english, etc.) VALUES ('$sn', '$cne', '$description4', '$description5', '$description6', '$description7', etc.)"; $result = @mysql_query ($query); if ($result) { if(isset($_POST['scientific_name'])) { $plant_id=mysql_insert_id(); } exit(); } else { echo 'system error. No plant added'; echo '<p>' . mysql_error() . '<br><br>query:' . $query . '</p>'; exit(); } mysql_close(); } else { echo 'error. the following error occured <br>'; foreach ($errors as $msg) { echo " - $msg<br>\n"; } } // end of if } // end of main submit conditional echo '<form action="insertaplant1.php" method="post"><fieldset><legend><b>Enter your new plant here</b></legend> form fields here. </form>'; } else { $url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); if((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr($url, 0, -1); } $url .= '/login.php'; echo $url; exit(); } ?> I have a login system that uses a flat file database. The flat file is in a directory outside the public_html. My questions; 1- Is is still possible to hack into that file? Currently I do not encrypt the passwords as I have been told that having the file outside the public_html makes the file unavailable to the public. This allows me the advantage of sending the Username and Password to the user in an email if they forget there password or username. Otherwise- I would have to set up a more complicated method to allow them to change their password to re-gain access to the site. I have an SSL on the site also so I am not worried about packet sniffing. Thanks If you are a PHP expert, then I really your help. I have a question regarding PHP sessions and their security. So here is my story ... I created a login script (login.php) for my website. When a user goes to the login.php page, they see a login form that they must fill with their username and password to login to the members' area and view their profile, etc. On that login page, when the user enters their username and password and then clicks the "Login" button, my script filters the data, sends MySQL query and checks if the login is valid. If the login is NOT valid, then they get a "Login Failed" message. If the login is valid, I register their username and the password in sessions and redirect them to the members.php page. Here is some of my code for my login.php page after mysql confirms the login is valid <?php $query = mysql_query('SELECT * FROM `users` WHERE username='$user' AND password='$pass'"); $numRows = mysql_num_rows($query); if ( $numRows ) { // login is valid $_SESSION['username'] = $user; $_SESSION['pass'] = $pass; // redirect user to members area header('Location: /members.php'); } else { // login is invalid echo "Login failed"; } ?> My question is ... is this login script secured? I mean, I am not generating any session id or any cookie. I am just storing the username and the password in two session variables and those are the things that i will use to display the user's profile, etc. Can attackers attack this script? Is this secured or is there any other way I can make it stronger? triple posted for some reason. Hi, i am running an online ecommerce store where i let people list and sell their items. Howerver the security is to weak. when people click the buy button on a product they are taken to process.php where a session is set to true, and then they are redirected to paypal to complete tehir orders. after their payment is completed they are redirected to success.php where they collect their download from a link to the download url posted by the user who listed the product. now the problem is that all that is required to get access to file download is for the session to be "true", this means that someone could just navigate to process.php and then skip paypal and navigate directly to success.php. Here is what i want to do: instead of the link beeing displayed in the success.php file, i want paypal to navigate directly to the file download instead... Here is my php files: http://www.mediafire.com/?383u89twj197bjg Thank you all for helping me... i would be forever happy if any of you could have a look at the script and correct it as mentioned above, and please send the files back to : vallandepost@gmail.com ... thank you very much! Hi I run versions of sites on a local server. For these the path to a mysql connection script is pretty simple: mysql_connec.php On my live server, I put things out of the public directory - so this time the path is ../mysql_connect.php I therefore have to have sections like this in my files = and whilst not complex, its a pain having to uncomment/comment lines depending on which server I am working because I keep forgetting! Code: [Select] // require_once('../../workRecord/mysql_connect.php'); //online require_once('mysql_connect.php'); //local Is there some way I can identify which server I am on so I don't keep having to do this. I was thinking of using something like this: Code: [Select] if ($_SERVER['DOCUMENT_ROOT']=="c:/web_root/blah/blah"){ require_once('mysql_connect.php'); }else{ require_once('../../workRecord/mysql_connect.php'); } I am pretty sure this would work, but does this method present any security issues??? Hi folks, a few days back, we enabled SSL on our office server and the intranet migrated to https. Everything is ok on the intranet. On the public internet, we noticed today that the page on our website, which connects to our office server to fetch and display data was throwing an error, which I presumed was a Security Certificate issue... An area that's like the Dark Side of the Moon for me.. the webpage - https://liveconnections.in/hotjobs.php This is the error from the logs PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed PHP Warning: file_get_contents(): Failed to enable crypto PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Anycase, the internet was willing to help and so I updated the code to a curl function. The Data is not displaying still... Here's the code... where am i going wrong ?
<?php
//error_reporting(E_ERROR | E_PARSE | E_ALL);
$page="jobs-listing";
?>
<header class="section background-livec text-center">
<h3 class="text-white margin-bottom-0 text-size-40 text-thin text-line-height-1">Current & Hot Jobs</h3>
</header>
<?php
$industry = $_GET['industry'];
$location = $_GET['location'];
$expMin = $_GET['expMin'];
$expMax = $_GET['expMax'];
$sortBy = $_GET['sortBy'];
$cpg = $_GET['page'];
if(empty($cpg) || $cpg==1)
$npl = 1;
else {
//$npl = (($cpg+1)*10) - 9;
$npl = $_GET['startingRowNo'];
}
$industry = str_replace(' ', '%20', $industry);
$location = str_replace(' ', '%20', $location);
$url = "https://xx.xxx.xxx.xxx/WebService/rest/";
function file_get_contents_curl($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //Set curl to return the data instead of printing it to the browser.
curl_setopt($ch, CURLOPT_URL, $url);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
if(!empty($sortBy)) {
$json = file_get_contents_curl($url.'getHeadersBySearch?industry='.$industry.'&location='.$location.'&expMin='.$expMin.'&expMax='.$expMax.'&sortBy='.$sortBy.'&startingRowNo='.$npl.'&noOfRows=1000000');
$data = json_decode($json);
} else if(!empty($industry) || !empty($location) || !empty($expMin) || !empty($expMax)) {
$json = file_get_contents_curl($url.'getHeadersBySearch?industry='.$industry.'&location='.$location.'&expMin='.$expMin.'&expMax='.$expMax.'&sortBy=&startingRowNo='.$npl.'&noOfRows=1000000');
$data = json_decode($json);
} else {
//$json = file_get_contents_curl($url.'getOnlineWebPosting');
$json = file_get_contents_curl($url.'getHeadersBySearch?industry='.$industry.'&location='.$location.'&expMin='.$expMin.'&expMax='.$expMax.'&sortBy=&startingRowNo='.$npl.'&noOfRows=1000000');
$data = json_decode($json);
//if (!$data) echo "Data Not Found" ;
}
if($sortBy=='DESC' || $sortBy=='') {
$aclass = 'down_arrow';
} else {
$aclass = 'up_arrow';
}
$json2 = file_get_contents_curl($url.'getSearchData');
$data2 = json_decode($json2);
$industry = str_replace('%20', ' ', $industry);
$location = str_replace('%20', ' ', $location);
if($industry=='F amp A - BPO') {
$industry = 'F & A - BPO';
}
if($industry=='OIL amp GAS') {
$industry = 'OIL & GAS';
}
?>
<div class="section background-white">
<div class="background-white">
<p class="text-padding-bot text-letter-spacing1">A cross-section of Jobs currently available. We recommend you to contact our Executives for further info. <br />
More details available when the Job is '<strong>View'</strong>ed. </p>
</div>
<?php
//$data='';
//if($data!=''){ ?>
<?php //if ($checkyear>2017) { ?>
<div class="subJobs">
<ul>
<li> Industry <br />
<select name="industry" id="industry" class="sel">
<option value="">Select Industry Name</option>
<?php for($i=0; $i<count($data2[0]); $i++) { ?>
<?php if(isset($industry) && $industry==$data2[0][$i]) { ?>
<option selected value="<?php echo $data2[0][$i];?>"><?php echo $data2[0][$i];?></option>
<?php } else { ?>
<option value="<?php echo $data2[0][$i];?>"><?php echo $data2[0][$i];?></option>
<?php }
} ?>
</select>
</li>
<li>Location<br />
<select name="city" id="city" class="sel">
<option value="">Select City Name</option
><?php $m=0; for($j=0; $j<count($data2[1]); $j++) { ?>
<?php $locat = explode(",",$location); ?>
<?php if($locat[$m]!="" && $locat[$m]==$data2[1][$j]) { ?>
<option selected value="<?php echo $data2[1][$j];?>"><?php echo $data2[1][$j];?></option>
<?php ++$m; } else { ?>
<option value="<?php echo $data2[1][$j];?>"><?php echo $data2[1][$j];?></option>
<?php }
} ?>
</select>
</li>
<li>Experience <br />
<select name="minyear" class="sel2" id="minyear">
<option value="">Min</option>
<?php for($ii=0; $ii<46; $ii++) { ?>
<?php if($expMin!="" && $expMin==$ii) { ?>
<option selected value="<?php echo $ii; ?>"><?php echo $ii; ?></option>
<?php } else { ?>
<option value="<?php echo $ii; ?>"><?php echo $ii; ?></option>
<?php }
} ?>
</select>
<select name="maxyear" class="sel2" id="maxyear" onchange="return select_max();">
<option value="">Max</option>
<?php for($ii=0; $ii<51; $ii++) { ?>
<?php if($expMax!="" && $expMax==$ii) { ?>
<option selected value="<?php echo $ii; ?>"><?php echo $ii; ?></option>
<?php } else { ?>
<option value="<?php echo $ii; ?>"><?php echo $ii; ?></option>
<?php }
} ?>
</select>
<!-- select name="" class="sel2" id="sort">
<option value="">Select</option>
<option value="ASC">ASC</option>
<option value="DESC">DESC</option>
</select -->
</li>
<li class="ser"><button type="button" onclick="search_by_category()" class="btn btn-default" style="margin-top:25px;"><i class="fa fa-search"></i> Search</button></li>
</ul>
</div>
<!-- Selected Jobs Headline Info -->
<div class="line">
<p class="text-dark text-center text-size-16">
<?php if($industry) echo 'Showing ' . '<b>' . $industry .'</b>' . ' Jobs' ; ?>
<?php if($location) echo ' at ' . '<b>' . $location .'</b>' ; ?>
<?php if($expMin) echo ' with Min ' . '<b>' . $expMin .'</b>' ; ?>
<?php if($expMax) echo ' to Max '. '<b>' . $expMax.'</b>' ; ?>
<?php if($expMin | $expMax) echo ' Years Experience' ;?>
</p>
</div>
<!-- Jobs Table -->
<table id="example" class="display" cellspacing="0" width="100%">
<thead>
<tr>
<th class="jobs_noshow text-center" width="5%">S.No</th>
<th class="text-center" width="15%">Posted On</th>
<th class="text-center" width="30%">Job Title</th>
<th class="jobs_noshow text-center" width="15%">Level</th>
<th class="jobs_noshow text-center" width="15%">Location</th>
<th class="jobs_noshow text-center" width="15%">Job Code</th>
<th class="text-center" width="5%">Action</th>
</tr>
</thead>
<tbody>
<?php $ri=1; foreach($data as $kk=>$d) { ?>
<?php
$date_posted = $d->postedDate; // get the Posted Date
$date_posted_year=date("Y",strtotime($date_posted)); // Get the Year from the date and store in a variable
if ($date_posted_year>$jobs_restrict_year) { // Show only Jobs posted after this year ?>
<tr>
<td class="jobs_noshow text-center"><?php echo $ri; ?></td>
<td class="text-center"><?php echo $d->postedDate; ?></td>
<td><?php echo $d->title; ?></td>
<td class="jobs_noshow ctext notreq"><?php echo $d->level; ?></td>
<td class="jobs_noshow text-center notreq"><?php echo $d->location; ?></td>
<td class="jobs_noshow text-center"><?php echo $d->requirementID; ?></td>
<td class="text-center"><a class="button background-livec border-radius text-white" style="color:white" data-fancybox="ajax" href="?contentid=jobs-detail&requirementID=<?php echo $d->requirementID; ?>&requirementSeqNo=<?php echo $d->requirementSeqNo; ?>" data-type="ajax">View</a></td>
</tr>
<?php } ?>
<?php $ri=$ri+1; } ?>
</tbody>
</table>
<script type="text/javascript">
$(document).ready(function () {
var table = $('#example').DataTable( {
"pageLength": 25,
"sPaginationType":"full_numbers",
"oLanguage": {
"sInfo": 'Showing _START_ to _END_ of _TOTAL_ Jobs.',
"sInfoEmpty": '',
"sEmptyTable": "No Jobs found currently",
}
});
$('#example').removeClass( 'display' ).addClass('table table-striped table-bordered');
});
</script>
<style> .dataTables_filter { display: none; } </style>
<!-- End of Table -->
</div>
<?php // } else { ?>
<div style="margin: 20px 0 40px 0px;height:200px;text-align:center;">
<h1 style="font-size:16px;">Server is unavailable at the moment. Please try after some time.</h1>
</div>
<?php //}?>
</div>
<!--jobs end-->
<script type="text/javascript">
function search_by_category() {
industry = $('#industry option:selected').val();
//city1 = $('#city option:selected').val();
minyear = $('#minyear option:selected').val();
maxyear = $('#maxyear option:selected').val();
//sortBy = $('#sort option:selected').val();
var city = $('select#city').val();
var cur_pg = "<?php echo $cpg; ?>";
var tot = "<?php echo $total; ?>";
var tot_pgs = Math.ceil(tot/25);
//if(cur_pg=="")
cur_pg = 1;
var last_pg = tot_pgs - cur_pg;
if(last_pg==0)
records = tot - ((tot_pgs -1) * 25);
else
records = 25;
var strt_val = ((cur_pg-1) * 25) + 1;
if(industry=='F & A - BPO')
industry ='F amp A - BPO';
if(industry=='OIL & GAS')
industry ='OIL amp GAS';
city1 = document.getElementById("city").value;
if(city1=="" || city1=="null") {
city="";
}
if(industry!="" || city!="" || minyear!="" || maxyear!="") {
location.href="hotjobs.php?contentid=hotjobs&industry="+industry+"&location="+city+"&expMin="+minyear+"&expMax="+maxyear+"&sortBy=&startingRowNo=1"+"&noOfRows="+records+"&page="+cur_pg;
} else {
//alert("Please select any one of the fields");
location.href="hotjobs.php?contentid=hotjobs&industry="+industry+"&location="+city+"&expMin="+minyear+"&expMax="+maxyear+"&sortBy=&startingRowNo=1"+"&noOfRows="+records+"&page="+cur_pg;
}
}
function sort_by_location() {
var order = '<?php echo $sortBy; ?>';
industry = $('#industry option:selected').val();
city = $('#city option:selected').val();
minyear = $('#minyear option:selected').val();
maxyear = $('#maxyear option:selected').val();
city1 = document.getElementById("city").value;
if(industry=='F & A - BPO')
industry ='F amp A - BPO';
if(industry=='OIL & GAS')
industry ='OIL amp GAS';
if(city1=="") {
city="";
} else {
city = $('select#city').val();
}
if(order=="" || order=="DESC") {
location.href="hotjobs.php?contentid=hotjobs&industry="+industry+"&location="+city+"&expMin="+minyear+"&expMax="+maxyear+"&sortBy=ASC"+"&startingRowNo=1&noOfRows=10";
} else {
location.href="hotjobs.php?contentid=hotjobs&industry="+industry+"&location="+city+"&expMin="+minyear+"&expMax="+maxyear+"&sortBy=DESC"+"&startingRowNo=1&noOfRows=10";
}
}
function select_max() {
minyear = document.getElementById("minyear").value;
maxyear = document.getElementById("maxyear").value;
if(parseInt(maxyear)>=parseInt(minyear)) {
return true;
} else {
if(maxyear!="") {
alert("Maximum year must be equal or greater than minimum year");
$('#maxyear').val("");
return false;
}
}
}
</script>
Also, if i change the $url in my code to https:// , no data is displayed... I raised a Support request to the Hosting provider, but they seem to have vanished into the ozone.... Any help would be highly appreciated. Cheers - Murali
Hi experts,I have the following problem.I have a file login.php which is used to allow users to log in.When the form is submitted it is redirected to checkuserlogin.php.If the credentials are right he is redirected to main.php.But in main.php if the user clicks back browser button,he is redirected to login.php and in login.php if he presses forward button,he is redirected to main.php.Can any one tell he how to make sure the application is not redirected to main.php when user presses forward button and how to make sure the application is not redirected to login.php when user presses back button.
In my login form I'm getting the error Code: [Select] Notice: Use of undefined constant Errors - assumed 'Errors' in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 91 Warning: Cannot modify header information - headers already sent by (output started at /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php:91) in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 91 Warning: Cannot modify header information - headers already sent by (output started at /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php:91) in /home/content/n/a/t/nathanwatson/html/admin/YBK/post.php on line 92 //if the name exists it gives an error if ($check2 != 0) { //Line 85 $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Sorry, the username is already in use."; $error .="</span>"; setcookie(Errors, $error, time()+20); //Line 91 header('Location: /YBK/'); //Line 92 exit; } I have a pretty basic PHP log in code connected to a database of register users. However, it's not allowing any users to enter? Could someone please review the code and let me know if you find any errors? //Create query $qry="SELECT * FROM customers WHERE username='$login' AND password='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['fname']; $_SESSION['SESS_LAST_NAME'] = $member['lname']; session_write_close(); header("location: key_catalog.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Hi all I have the below login scripts which works great, I need to add a line in to give the user a message if the 'live' entry in the database is 0. Here's my code: Code: [Select] <?php if(isset($_POST['submit'])) { $error = false; $user_login = ($_POST['user_login']); $pass_login = ($_POST['pass_login']); if(!empty($user_login) && !empty($pass_login)) { $check_details=mysql_query("SELECT * FROM `members` WHERE email='".$user_login."' AND password='".sha1($pass_login)."' AND live = 1"); $getdetails=mysql_fetch_array($check_details); $status=mysql_num_rows($check_details); if($status >= "1") { $error = false; $_SESSION['wmmadmin_loggedin'] = "1"; $_SESSION['wmmadmin_email'] = "".$user_login.""; $_SESSION['wmmadmin_username'] = "".$getdetails['name'].""; $_SESSION['wmmadmin_country'] = "".$getdetails['country'].""; $date = date('l jS \of F Y h:i:s A'); mysql_query(" INSERT INTO `logs` SET user = '".$getdetails['name']."', date = '".$date."'" ); header("Location: index.php"); } if(!$status || $status == "0") { $error = true; echo "<div class=\"error\">Error! Login details were incorrect. </div>\n"; echo "<div class=\"error\">Forgot your password? Click the below link: </div>\n"; } } if(empty($user_login) || empty($pass_login)) { $error = true; echo "<div class=\"error\"><strong>Please enter your username and password. </div>\n"; echo "<div class=\"error\">Forgot your password? Click the below link: </div>\n"; } } ?> Many thanks for your help. Pete I have a problem with login issue that when i loggin as student from index.php it should bring me to student_home php.. but it doesnt show anything and just bring me to index.php back.. i mixed up about header and session part..
index.php
<?php
include('header.php');
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['id']);
?>
<body>
<?php include('navhead.php'); ?>
<div class="container">
<div class="row-fluid">
<div class="span3">
<div class="hero-unit-3">
<div class="alert-index alert-success">
<i class="icon-calendar icon-large"></i>
<?php
$Today = date('y:m:d');
$new = date('l, F d, Y', strtotime($Today));
echo $new;
?>
</div>
</div>
<div class="hero-unit-1">
<ul class="nav nav-pills nav-stacked">
<li class="nav-header">Links</li>
<li class="active"><a href="#"><i class="icon-home icon-large"></i> Home
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="sitemap.php"><i class="icon-sitemap icon-large"></i> Site Map
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="contact.php"><i class="icon-envelope-alt icon-large"></i> Contact Us
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a>
</li>
<li class="nav-header">About US</li>
<li><a href="#mission" role="button" data-toggle="modal"><i class="icon-book icon-large"></i> Mission
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="#vision" role="button" data-toggle="modal"><i class="icon-book icon-large"></i> Vision
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
<li><a href="history.php"><i class="icon-list-alt icon-large"></i> History
<div class="pull-right">
<i class="icon-double-angle-right icon-large"></i>
</div>
</a></li>
</ul>
</div>
<br>
</div>
<div class="span9">
<section class="main">
<div class="custom-calendar-wrap">
<div id="custom-inner" class="custom-inner">
<div class="custom-header clearfix">
<nav>
<span id="custom-prev" class="custom-prev"></span>
<span id="custom-next" class="custom-next"></span>
</nav>
<h2 id="custom-month" class="custom-month"></h2>
<h3 id="custom-year" class="custom-year"></h3>
</div>
<div id="calendar" class="fc-calendar-container"></div>
</div>
</div>
</section>
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Head Up!</strong> Welcome to Morpheus.
</div>
<div class="slider-wrapper theme-default">
<?php include('slider.php'); ?>
</div>
<!-- end slider -->
</div>
</div>
</div>
<!---------------->
<div class="container">
<div class="row-fluid">
<div class="span12">
<div class="row-fluid">
<div class="span9">
<div class="alert alert-success"><i class="icon-file icon-large"></i> <strong>Mission</strong></div>
<div class="hero-unit-2">
Announcements
</div>
</div>
<div class="span3">
<div class="alert alert-info">
<i class="icon-building icon-large"></i> Faculty
</div>
<div class="hero-unit-3">
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
<p><a href=""><i class="icon-sign-blank"></i> Faculty</a></p>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="alert alert-success"><i class="icon-file icon-large"></i> <strong>Project</strong></div>
<div class="hero-unit-2">
Project
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>
navhead.php
<div class="row-fluid">
<div class="span12">
<div class="navbar navbar-fixed-top navbar-inverse">
<div class="navbar-inner">
<div class="container">
<a class="btn btn-navbar" data-toggle="collapse" data-targer=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<div class="nav-collapse collapse">
<i class="icon-facebook-sign icon-large" id="color_white"></i>
<i class="icon-twitter icon-large" id="color_white"></i>
<i class="icon-google-plus icon-large" id="color_white"></i>
<i class="icon-github-alt icon-large" id="color_white"></i>
<i class="icon-linkedin-sign icon-large" id="color_white"></i>
<div class="pull-right">
<form class="navbar-search pull-left">
<i class="icon-search icon-large" id="color_white"></i>
<input type="text" class="search-query" placeholder="Search">
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="hero-unit-header">
<div class="container">
<div class="row-fluid">
<div class="span12">
<div class="row-fluid">
<div class="span6">
<img src="admin/images/head.png">
</div>
<div class="span6">
<div class="pull-right">
<!--- login button -->
<div class="btn-group">
<button class="btn btn-success"><i class="icon-signin icon-large"></i> Login</button>
<button class="btn dropdown-toggle" data-toggle="dropdown">
<span class="caret"></span>
</button>
<ul class="dropdown-menu">
<li><a href="#student" role="button" data-toggle="modal"><i class="icon-user icon-large"></i> Student</a></li>
<li><a href="#teacher" role="button" data-toggle="modal"><i class="icon-user-md icon-large"></i> Teacher</a></li>
</ul>
</div>
<!-- end login -->
<?php include('student_modal.php'); ?>
<?php include('teacher_modal.php'); ?>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
student_modal.php
<div id="student" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-header">
</div>
<div class="modal-body">
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Login Student!</strong> Please Enter the Details Below.
</div>
<form class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label" for="inputEmail">Username</label>
<div class="controls">
<input type="text" name="username" id="inputEmail" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<input type="password" name="password" id="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" name="login" class="btn btn-info"><i class="icon-signin icon-large"></i> Sign in</button>
</div>
</div>
<?php
if (isset($_POST['login'])) {
function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$query = mysql_query("select * from student where username='$username' and password='$password'") or die(mysql_error());
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query);
if ($count > 0) {
session_start();
session_regenerate_id();
$_SESSION['id'] = $row['student_id'];
header('location:student_home.php');
session_write_close();
exit();
} else {
header('error_login.php');
?>
<?php
}
}
?>
</form>
<!-- teacher -->
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true"><i class="icon-remove-sign icon-large"></i> Close</button>
</div>
</div>
login_student.php
[php]<?php
include('header.php');
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['id']);
?>
<body>
<?php include('navhead.php'); ?>
<div class="container">
<div class="row-fluid">
<div class="span10">
<ul class="breadcrumb">
<li class="active">Login<span class="divider">/</span></li>
<li><a href="login_student.php"><i class="icon-group icon-large"></i> Teacher</a><span class="divider">/</span></li>
<li class="active"><i class="icon-group icon-large"></i> Student</li>
<div class="pull-right">
<li>
<i class="icon-calendar icon-large"></i>
<?php
$Today = date('y:m:d');
$new = date('l, F d, Y', strtotime($Today));
echo $new;
?>
</li>
</div>
</ul>
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Login Student!</strong> Please Enter the Details Below.
</div>
<form class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label" for="inputEmail">Username</label>
<div class="controls">
<input type="text" name="username" id="inputEmail" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<input type="password" name="password" id="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" name="login" class="btn btn-info"><i class="icon-signin"></i> Sign in</button>
</div>
</div>
<?php
if (isset($_POST['login'])) {
function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$query = mysql_query("select * from user where username='$username' and password='$password'") or die(mysql_error());
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query);
if ($count > 0) {
session_start();
session_regenerate_id();
$_SESSION['id'] = $row['user_id'];
header('location:student_home.php');
session_write_close();
exit();
} else {
session_write_close();
?>
<div class="pull-right">
<button type="button" class="close" data-dismiss="alert">×</button>
<div class="alert alert-danger"><i class="icon-remove-sign"></i> Access Denied</div>
</div>
<?php
exit();
}
}
?>
</form>
</div>
<div class="span2">
<div class="hero-unit-1">
<ul class="nav nav-pills nav-stacked">
<li class="nav-header">Links</li>
<li><a href="index.php"><i class="icon-home icon-large"></i> Home</a></li>
<li><a href="#"><i class="icon-file-alt icon-large"></i> New And Events</a></li>
<li><a href="#"><i class="icon-sitemap icon-large"></i> Site Map</a></li>
<li><a href="#"><i class="icon-envelope-alt icon-large"></i> Contact Us</a></li>
<li class="nav-header">About US</li>
<li><a href="#"><i class="icon-book icon-large"></i> Mission</a></li>
<li><a href="#"><i class="icon-book icon-large"></i> Vision</a></li>
<li><a href="#"><i class="icon-list-alt icon-large"></i> History</a></li>
</ul>
</div>
</div>
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>
login_student.php
<?php
include('header.php');
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['id']);
?>
<body>
<?php include('navhead.php'); ?>
<div class="container">
<div class="row-fluid">
<div class="span10">
<ul class="breadcrumb">
<li class="active">Login<span class="divider">/</span></li>
<li><a href="login_student.php"><i class="icon-group icon-large"></i> Teacher</a><span class="divider">/</span></li>
<li class="active"><i class="icon-group icon-large"></i> Student</li>
<div class="pull-right">
<li>
<i class="icon-calendar icon-large"></i>
<?php
$Today = date('y:m:d');
$new = date('l, F d, Y', strtotime($Today));
echo $new;
?>
</li>
</div>
</ul>
<div class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<strong>Login Student!</strong> Please Enter the Details Below.
</div>
<form class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label" for="inputEmail">Username</label>
<div class="controls">
<input type="text" name="username" id="inputEmail" placeholder="Username">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<input type="password" name="password" id="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" name="login" class="btn btn-info"><i class="icon-signin"></i> Sign in</button>
</div>
</div>
<?php
if (isset($_POST['login'])) {
function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$query = mysql_query("select * from user where username='$username' and password='$password'") or die(mysql_error());
$count = mysql_num_rows($query);
$row = mysql_fetch_array($query);
if ($count > 0) {
session_start();
session_regenerate_id();
$_SESSION['id'] = $row['user_id'];
header('location:student_home.php');
session_write_close();
exit();
} else {
session_write_close();
?>
<div class="pull-right">
<button type="button" class="close" data-dismiss="alert">×</button>
<div class="alert alert-danger"><i class="icon-remove-sign"></i> Access Denied</div>
</div>
<?php
exit();
}
}
?>
</form>
</div>
<div class="span2">
<div class="hero-unit-1">
<ul class="nav nav-pills nav-stacked">
<li class="nav-header">Links</li>
<li><a href="index.php"><i class="icon-home icon-large"></i> Home</a></li>
<li><a href="#"><i class="icon-file-alt icon-large"></i> New And Events</a></li>
<li><a href="#"><i class="icon-sitemap icon-large"></i> Site Map</a></li>
<li><a href="#"><i class="icon-envelope-alt icon-large"></i> Contact Us</a></li>
<li class="nav-header">About US</li>
<li><a href="#"><i class="icon-book icon-large"></i> Mission</a></li>
<li><a href="#"><i class="icon-book icon-large"></i> Vision</a></li>
<li><a href="#"><i class="icon-list-alt icon-large"></i> History</a></li>
</ul>
</div>
</div>
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>
I have this working code except I can't redirect to a thank you page when a new user registers. When they login it works without issue. I just don't know where or what to put for the registration part.
Here is my Code. Any help would be much appreciated.
<?php I am createing a simply quiz site, where in order to participate in the quiz, you must first be logged in. While working on my local machine, the code works perfectly. I use the followin to create a session ID; $_SESSION['SESS_ID'] = $member['id']; Then, on my main page where i want dynamic code i include the following; if(!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '')) { print (" <div style='float:left; width:400px; height:215px; margin-left:500px;'> <form class='login' method='post' action='login-form.php' style='float:right; margin-top:120px;' > <input type='submit' class='button' name='submit' value='Sign In' style='float:right ; margin-right:20px;'> </form> <p style=' margin-top:170px; margin-left:160px;'>New Member? Start <a href='register-form.php'>Here</a></p> </div> " ); } else { print "<h4 style='float:right; text-align: right; margin-top:150px; margin-right:50px;'>Welcome ". $_SESSION['SESS_NAME']. " <a href='logout.php' style='float:right; text-align:right;'>Sign Out</a></h4> "; For some reason, when the site is on the server, the session ID does not seam to get passed along. Any Ideas how to remediy this? the website is kingdomquiz.com if anybody is interested. Hi all, Sorry to be a pain, but I've been out of the php game for quite a few years and have just come back to it briefly to help someone out. I've been using an old admin auth script that I used to use a long time ago but it's not working, and I can't for the life of me work it out :/ I apologise for the noobishness of the code, but as I said, it's been a long time. Any and all help would be very greatly appreciated. Here is the code: <? require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; $member_userlevel = $data["level"]; if($member_pass == $admin_pass) { SetCookie("mgdwebby","$member_name:$member_pass:$member_userlevel"); } include("header.php"); ?> <? if($action=="login") { if($admin_login==""){ echo"Wrong info. "; } elseif($admin_pass==""){ echo"Wrong info. "; } else{ require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; if($member_pass == $admin_pass) { echo"<head><meta http-equiv=\"refresh\" content=\"2;URL=admin.php\"></head><br><center>Please Wait.</center><br>"; $auth = explode(":",$HTTP_COOKIE_VARS["mgdwebby"]); if(empty($auth[0]) || empty($auth[1])) { } else { echo"Welcome<br>"; include("admin_left.php"); } } else { echo"Wrong info. "; } } } else { echo"<form method='post' action='?action=login'> <table width='307' align='center' cellspacing='0' cellpading='0' border='0'> <tr> <td width='200'> Login : </td> <td> <input type='text' name='admin_login'></td> </tr> <tr> <td width='200'> Password : </td> <td> <input type='password' name='admin_pass'></td> </tr> <tr> <td colspan='2' align='center'><center><input type='submit' value='Login'></center></td> </table> "; } ?> <? include("footer.php"); ?> Could anyone help me making a login function that checks the txt document if user and pw exists/are correct? -and if they are, sends you to a logged in page. This is for a assignment which is why I have to store the information in a text document, I know it's unsafe. Also i know i should use $_Sessions but I'm not sure how to use it and where to put it.
So far I have created the form which has 2 buttons one for registering and one for logging in. I have also created the registration function which checks the text file if the username already exists if not it will register it.
<html lang="eng">
<head>
<link rel="stylesheet" href="style.css">
<title>name</title>
</head>
<body>
<div class="formdiv">
<h2>Log in or register</h2>
<form action="" method="post">
<p>Username<p style="color:black">*</p> <input type="text" name="user" placeholder="Type in your username" required>
<p>Password<p style="color:black">*</p> <input type="password" name="pw" placeholder="Type in your password" required>
<?php
if (isset($_POST['saveBtn'])){
$username = $_POST['user'];
$password = $_POST['pw'];
$error = register($username);
if ($error == '') {
echo "User: $username has been registered!<br/>";
}
else echo $error;
}
?>
<input type="submit" name="saveBtn" value="Save new user">
<input type="submit" name="loginBtn" value="Login">
</form>
</div>
<?php // Registration
function register($user){
$textError = '';
// Check and see if user exists
$UserPassTxt = fopen("userpwd.txt","a+"); // Opens text doc
rewind($UserPassTxt);
while (!feof($UserPassTxt)) {
$line = fgets($UserPassTxt);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
$textError = "Username already exists!";
break;
}
}
if ($textError == ''){
$hash = password_hash('', PASSWORD_DEFAULT);
fwrite($UserPassTxt, "\n$user: $hash");
}
fclose($UserPassTxt); // Closes txt doc
return $textError;
}
?>
<?php //Login
function login($user, $pass){
}
?>
</body>
///here's my best attempt at the function
<?php //Login
$error = '0';
if (isset($_POST['loginBtn'])){
$username = $_POST['user'];
$password = $_POST['pw'];
$error = login($username,$password);
}
function login($user, $pass){
$errorText = '';
$validUser = false;
$UserPassTxt = fopen("userpwd.txt","r");
rewind($UserPassTxt);
while (!feof($UserPassTxt)) {
$line = fgets($UserPassTxt);
$tmp = explode(':', $line);
if ($tmp[0] == $user) {
if (trim($tmp[1]) == trim(password_hash('', PASSWORD_DEFAULT))){
$validUser= true;
$_SESSION['user'] = $user;
}
break;
}
}
fclose($UserPassTxt);
if ($validUser != true) $errorText = "Not correct username or password";
if ($validUser == true) $_SESSION['validUser'] = true;
else $_SESSION['validUser'] = false;
return $errorText;
}
function logoutUser(){
unset($_SESSION['validUser']);
unset($_SESSION['user']);
}
function checkUser(){
if ((!isset($_SESSION['validUser'])) || ($_SESSION['validUser'] != true)){
header('Location: index.php');
}
}
?>
Hi All, I Have an issue validating and inserting the data in to the database. I am beginner and the error message is new to me however i have google it but unable to find hope any one can help Thanks in advanced. Error : "Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\signupck.php on line 32 Deprecated: Function eregi() is deprecated in C:\wamp\www\signupck.php on line 50 Welcome, You have successfully signed up Click here to login" Please find the Code Below: File name:signup.php Code: [Select] <!doctype html public "-//w3c//dtd html 3.2//en"> <html> <head> <title>Fast Fix Pro Signup</title> <script type="text/javascript"> function validate(form) { if(form1.userid.value == "") { alert('Please enter userid '); form1.userid.focus(); return false; } if(form1.userid.value == "") { alert('Please enter userid '); form1.userid.focus(); return false; } if(form1.password.value == "") { alert('Please enter password '); form1.password.focus(); return false; } if(form1.password2.value == "") { alert('Please renter the password '); form1.password2.focus(); return false; } if(form1.email.value == "") { alert('Please enter Email '); form1.email.focus(); return false; } if(form1.fname.value == "") { alert('Please enter First Name '); form1.fname.focus(); return false; } if(form1.lname.value == "") { alert('Please enter Last Name '); form1.lname.focus(); return false; } if (!document.form1.agree.checked) { alert("Please Read the guidlines and check the box below ."); return false; } return true; } </script> </head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000"> <br/> <br/> <table width='67%' height="454" border='0' align=center cellpadding='0' cellspacing='0'><form name="form1" method=post action="signupck.php" onsubmit='return validate(this)'><input type="hidden" name="todo" value=post> <tr bgcolor='#f1f1f1'><td align=center colspan=2><font face='Verdana' size='2' ><b>Signup</b></td></tr> <tr bgcolor='#f1f1f1'><td > <font face='Verdana' size='2' >User ID</td><td ><font face='Verdana' size='2'><input type=text name=userid></td></tr> <tr ><td > <font face='Verdana' size='2' >Password</td><td ><font face='Verdana' size='2'><input name=password type=password></td></tr> <tr bgcolor='#f1f1f1'><td > <font face='Verdana' size='2' >Re-enter Password</td><td ><font face='Verdana' size='2'><input name=password2 type=password></td></tr> <tr ><td ><font face='Verdana' size='2' > Email</td><td ><input type=text name=email></td></tr> <tr bgcolor='#f1f1f1'><td > <font face='Verdana' size='2' >First Name</td><td ><font face='Verdana' size='2'><input type=text name=fname></td></tr> <tr ><td > <font face='Verdana' size='2' >Last Name</td><td ><font face='Verdana' size='2'><input type=text name=lname></td></tr> <tr bgcolor='#f1f1f1' ><td > <font face='Verdana' size='2' >I agree to terms and conditions</td><td ><font face='Verdana' size='2'><input type=checkbox name=agree value='yes'></td></tr> <tr ><td align=center colspan=2><input type=submit value=Signup> <input name="Reset" type=reset value=Reset> <td colspan=2 align=left> </td></td></tr> </table> <center> <br><font face='Verdana' size='2' ><a href='login.php'>Already a member ? Please Login</a></font></center> </body> </html> File Name :signuppck.php Code: [Select] <?php include ("Connection.php");// database connection details stored here ?> <!doctype html public "-//w3c//dtd html 3.2//en"> <html> <head> <title>(Type a title for your page here)</title> <meta name="GENERATOR" content="Arachnophilia 4.0"> <meta name="FORMATTER" content="Arachnophilia 4.0"> </head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000"> <?php extract($_POST); //<---I don't recommand this really if(isset($todo) and $todo=="post") { $status = "OK"; $msg=""; // if userid is less than 3 char then status is not ok if(!isset($userid) or strlen($userid) <3) { $msg=$msg."User id should be =3 or more than 3 char length<BR>"; $status= "NOTOK"; } if(mysql_num_rows(mysql_query("SELECT userid FROM signup WHERE userid = '$userid LIMIT 1' "))) <-------------------(line 32) { $msg=$msg."Userid already exists. Please try another one<BR>"; $status= "NOTOK"; } if ( strlen($password) < 3 ) { $msg=$msg."Password must be more than 3 char legth<BR>"; $status= "NOTOK"; } if ( $password <> $password2 ) { $msg=$msg."Both passwords are not matching<BR>"; $status= "NOTOK"; } if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) <--------------- (Line 50) { $msg=$msg."enter valid email address<BR>"; $status= "NOTOK"; } if ($agree<>"yes") { $msg=$msg."You must agree to terms and conditions<BR>"; $status= "NOTOK"; } if($status<>"OK") { echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onClick='history.go(-1)'>"; }else{ // if all validations are passed. $query=mysql_query("INSERT INTO signup(userid,password,email,Fname,Lname) values('$userid','$password','$email','$fname','$lname')");; echo "<font face='Verdana' size='2' color=green>Welcome, You have successfully signed up<br><br><a href=login.php>Click here to login</a><br></font>"; } } ?> </body> </html> File Name :<include file> Code: [Select] <HTML> <HEAD> <TITLE>Connecting to Database</TITLE> </HEAD> <BODY> <?php $db = "quantas"; mysql_connect("localhost","root","") or die (mysql_error()); mysql_select_db($db); ?> </BODY> </HTML> Is there a way to get current logged in username and based on that redirect to a different page? I’m using the following secure PHP login without MySql as a login system: https://sourceforge.net/projects/phploginbyvallastech/ Now I’m looking to redirect each logged in user to their personalized page. But I can’t figure out how to A) fetch the current logged in user and B) redirect multiple users. This code redirects to the latter address, but the username based redirect is not working: <?php session_start(); if ($_SESSION["username"]==User1){ header("location: user1content.php"); exit; } else { header("location: generalcontent.php"); exit; } { ?> <?php } ?>
So it’s clearly not fetching the logged in user. Though <?php echo $login->username; ?> fetches the username just fine. |
|||||||