|
PHP - Php Authentication Page Executing Without Being Called
Hello all, I have been working with PHP for almost a year now, so somewhat still new to it all.
OK, this may be an Apache issue, but this involves a php script I wrote that tries to execute on pages that do NOT call it (via the include command). So, here is a little info on how I have set things up. I use WAMP Server to test php and MySQL code for myself (for fun and for practice) and for clients and their web sites. I run WAMP Server off of my laptop, so I can code on the go and because it is on my laptop, I decided to create a PHP & MySQL user authentication setup to keep out unwanted visitors, but allow trusted friends and fellow developers to view my work on client web sites. Let's say the authentication script is called "auth.php" and for all of the pages I want private, I include that script at the top of those pages, if the visitor is not logged in, redirect them to the login page, otherwise, let them view the page (provided their permission level is adequate). Now, for the client web sites that I am working on, I do not call auth.php anywhere on those pages. Now, the problem I notice is that when I visited a client's web site that I am working on (on my WAMP Server), I reviewed my Apache error log and it gave me a PHP error stating the following: Code: [Select] Maximum execution time of 60 seconds exceeded in E:\\wamp\\www\\assets\\auth.php on line 3, referer: http://192.168.1.4/Web_Projects/NCCCLP/home.php Of course I am able to view the client web site pages without having to login, however, the auth.php script tries to run nonetheless. So my question is, does anyone know why this is happening and if and how I can stop it? This is not a serious (urgent) issue, but it does clog up my error logs and so forth and I prefer to have as few errors as possible. Plus, I would just like to know why and how it is running without being called. Any and all help is greatly appreciated and if I need to provide anymore details or be more specific, please let me know. Also, if an issue like this has already been solved and I missed that thread, please let me know and have my apologies. Thanks in advance. Similar Tutorials
User Authentication Help By Using If Elseif And Else Statement And Redirect Page On 3 Differnet Urls
This might be more than just a php question but here goes anyways. I have designed a php chat room page on my home Apache server just for a few friends & family. The problem I have is the only way for me to know if anyone is on the chat room page is if I'm actually viewing the php page. Is there a way that I can have the page alert me when someone accesses it? I was thinking something like activating a popup in my browser or even a beep so as long as I'm at my computer with my browser open that I will know someone has accessed the page. hey guys im sure this is possible im wondering how a user can execute a mysql query by a click of a button but without the page reloading...thanks guys Looking to INSERT a row in a data table and keeping the User on the current page. Will it work like what I have below, or do I need to send it to its own page then return the User back to where he started? What I have below isn't inserting a row. No errors showing.
function bookmark_add () {
if (isset($_POST['submit'])) {
include("/home2/csi/public_html/resources/con.php");
$query = "INSERT INTO a_player_bookmark (bookmark)
VALUES ('1')";
$results = mysqli_query($con,$query);
echo mysqli_error($con);
}
$output = '<form name="bookmark_add" method="post" action="" class="bookmark-plus">';
$output .= '<span><input type="submit" name="Bookmark"></span>';
$output .= '</form>';
return $output;
}
What is the best way to display the next record on a web page, from a list of records, without executing the query over and over again each time you display the next record? For example, imagine my user has a list of messages displayed on a web page, and the user filters that list to display all messages with the title "Test", and let's say that returns 12 records. He then clicks on record 1 to read that message. Once he is done reading it, he then wants to read msg 2, and then msg 3 etc. He could hit the Back button in his browser and click on the next record from the list, but it would be more useful to just click on a link that says "Next" which displays the next message in the filtered list of messages (without having to go back to the list). A lot of web sites do this sort of thing, but what is the best way to do it? Do you have to run the original query again each time a new message is loaded, so you know which message is next, or can you somehow store the query to save the server from having to run the same query over and over again? If a user is viewing a list of pictures for example, they could be flicking through the pictures quite quickly, and I would not like to have the server running the same query over and over again every few seconds when it doesn't need to. Advice? (Thanks.) Hi, I know this has to be possible but I have been unable to get this to work properly. I have a page with two forms. The first form is a list of sources associated with a subject, with checkboxes, so that it is possible to remove these associations, like so: Code: [Select] $qs = "SELECT s.source_id, s.source_name from source s, source_subject ss, subject sb where s.source_id = ss.source_id and sb.subject_id = ss.subject_id and sb.subject_id = $subject_id order by source_name"; $rs = mysqli_query($dbc, $qs) or die ('Error querying database'); while($row = mysqli_fetch_array($rs)) { echo '<input type="checkbox" value="' . $row['source_id'] . '" name="markdelete[]">' . $row['source_name'] . '<br />' ; } The second form is a list of sources that are not associated with this subject, with checkboxes enabling the addition of more sources to this subject, like so: Code: [Select] $r = "SELECT source_id, source_name FROM source WHERE source_id NOT IN (select s.source_id from source s, source_subject ss where s.source_id = ss.source_id and ss.subject_id = '$subject_id')"; $r1 = mysqli_query($dbc, $r) or die ('Update Error: '.mysqli_error($dbc)); while ($row = mysqli_fetch_array($r1)) { echo '<input type="checkbox" id="source_id" name="source_id[]" ' ; echo 'value="'. $row['source_id'] .'"'; echo '> ' . $row['source_name'] . '<br />'; } The first form works fine... when the "remove" submit button is clicked, it successfully removes any selected sources and then shows the remaining sources still associated, and then automatically populates this source in the below list (form 2) as one that is not selected. On the second form, when adding a new source to the subject, it successfully enters the data into the database, and removes this source from the list of unselected sources, but it does not seem to re-populate in the first form. The data is correct on the tables, but the page needs to reload the first query... how do I get it to do this? I'd like to be able to make this page editable, and re-editable (in case someone makes a mistake) without having to go back and reload the entire page. Note, both forms call the page itself; not sure if this is part of it. Using this: Code: [Select] <form method="POST" action="<?php echo $_SERVER['PHP_SELF'].'?subject_id='.$subject_id ; ?>"> Does anyone have any ideas? Below code is working fine but i need to redirect on 3 different pages and its giving me error. My table structure is as
User table
Email Password
admin@yahoo.com 123
tariq@yahoo.com 987
bilal@yahoo.com 456
if user name is like; admin@yahoo.com the page should redirect on welcome.php
if user name is like; info@aiousoft.com the page should redirect to welcome2.php
and if user doesnot exist in database then give error as ELSE "user doesnot exist"
thanks
signin.php
<html><head><title>Sign In</title></head><body> <?php include 'header.php'; ?> <?php include 'menu.php'; ?> <center> <form method="post" action="checklogin.php"> <h3>Please Signin</h3> <table width="400" border="0"> <tr><td>Email</td> <td><input name="email" type="text" id="email"></td></tr> <tr><td>Password</td> <td><input name="password" type="password" id="password"></td></tr> </table> <p><label> <input type="submit" email="submit" value="Submit"> </label><input email="reset" type="reset"> </p> </form> </center> </body> </html> checklogin.php <html><head><title>Check Login</title></head><body> <?php include 'header.php'; include 'menu.php'; $email=$_POST['email']; $password=$_POST['password']; @ $db = mysql_pconnect('localhost', 'root', ''); if (!$db) { echo 'Error: Could not connect to database. Please try again later.'; exit;} mysql_select_db('car'); $q=mysql_query("select * from user where email='".$email."' and password='".$password."' ") or die(mysql_error()); $res=mysql_fetch_row($q); if($res) { header('location:welcome.php'); } else { echo' Please signin again as your user name and password is not valid'; } ?> </body> </html> Attached Files header.php 284bytes 0 downloads menu.php 308bytes 0 downloads Hi all, I have an authentication part on my website that checks every page through a session variable if a user is logged in and which user it is. When I test my code on my computer it works perfectly registration and login goes smooth but when someone on another computer tries it they get the acces denied page.... does anyone know why??? Greets Ryflex I am currently doing the following but wish to change to using JWTs. A webserver is running some CRM system which has its own authentication system and browsers can access public routes without logging and but must log on first to access private routes. All the routes on the webserver which are prefixed by "api" will be forwarded to specific REST API along with an "account" GUID in the header and the user's ID if it exists. For the routes that require a user to be logged in, the webserver will first check if a session exists, and if not make a preliminary GET request to the REST API which includes the GUID as well as the user's ID and encrypted password (both based on the webserver's CRM DB) in the URL. Not sure whether anything is possible by including the hashed password and am currently not doing anything with it. The REST API queries the DB using the GUID and webserver's user ID and returns the REST API's users ID and the webserver stores it in a session. The REST API receives the GUID and potentially the REST API's user ID and queries the DB to retrieve the account and potentially user before executing the route, and returns the response to the webserver which it returns it to the browser.The new approach might be something like the following: Before the webserver forwards any request to the REST API, it checks if a session is set, and if not performs a GET request to the REST API along with the GUID and if known user's credentials in the URL and receives a JWT which contains a payload including the account PK, and potentially the user PK, user's access level, etc. All future requests include this JWT in the header. The REST API no longer queries the DB to get the account ID and user authorized settings as it is provided in the JWT.A couple of questions: What should be done if a non-logged on user first accesses a public route, gets a JWT, and stores it in a session, but then later logs on and accesses a private route? The webserver thinks it has a valid JWT and will send it but the REST API will then decrypt it and find there is no user it. One option is for the webserver to use two sessions, but this sounds kludgy. Or maybe the REST API returns some header which instructs the webserver to re-authenticate, but not sure if even an option, and if so how to cleanly prevent some loop. Also, would it be necessary to issue a new JWT or can the payload in a JWT be changed? Is GET appropriate for requesting the JWT's or should I use some other method? Is it appropriate to include the user's access level in the JWT payload? Will one need to wait until the JWT has expired before their access level changes? Any ideas how to deal with using the user's password on the CRM to also authenticate on the REST API? The GUID is probably secret enough for the application and if an issue, can just use the GUID and username. Am I going down an reasonable path and anything else obvious I should be considering?Thanks! I've been trying to find tutorials/coding today related to controlling the ability to download files. The problem I think I'm having because I know it exists is I don't actually know what it's called. Below is kind of a basis for a tutorial or describing what I'm trying to do. I'm trying to find a tutorial or a how to on storing downloadable files either in a Mysql Database &/or on the file server system. I want to make it so that only users that are stored within the user database who have certain rights or a field can be able to download a file. Those users who don't have the proper permissions in the user table will not be able to and those who do when they go to download a file, will be able to. I know these scripts use PHP but am not really sure where to begin on my search because I don't even know what file permissions coding they are using. It's a little difficult for me to explain but, when a website loads another site (For example with Curl or something) How is the site able to keep a header or some part of original site 'attached' to the site they loaded..for example, say you're redirected, the site you redirected to loads, but you still see the site you redirected from header on at the top of the page. How is this done? What is it called? Do you need me to clear it up a bit better? I can try to find an example. I have the following query where $userid is about 100,000 userids separated by commas. Code: [Select] <? $getpostid=mysql_query("SELECT DISTINCT post.username,post.threadid,thread.threadid,thread.forumid from post,thread WHERE post.username='$username' AND post.threadid=thread.threadid AND post.userid IN ($userid) AND thread.forumid IN ($forumids)") or die (mysql_error()); ?>can i just print all the usernames from above result separated by ';' without looping it multiple times? Could someone help me out how to do above in an efficient manner? I'm new to this forum, and PHP in general. So, hello to everyone! I'm having a problem verifying whether or not my authentication script works. I'm not new to programming...just PHP. Here it is.. <?php //check if user is already logged in if(isset($_session['username'])) { //init database information $db_server = ""; $db_user = ""; $db_password = ""; $db_name = ""; //connect to the database $connection = mysql_connect($db_server, $db_user, $db_password); if(!$connection) { die('Failed to connect: ' . mysql_error()); } mysql_select_db($db_name, $connection); //verify login information $username = $_POST['username']; $password = $_POST['password']; $query = mysql_query("SELECT * FROM users WHERE username='$username'"); if($query) { $array = mysql_fetch_array($query); if($_POST['password'] = $array['password']) { $_session['username'] = $array['username']; $_session['email'] = $array['email']; $_session['user_level'] = $array['user_level']; $_session['ip'] = $array['ip']; $_session['date_registered'] = $array['date_registered']; echo $_session['username']; } else { echo 'Bad Login Information!'; } } else { die('Failed to login: ' . mysql_error()); } } ?> <form action="auth.php" method="post"> <input name="username" type="text" size="20" maxlength="16"> <input name="password" type="text" size="20" maxlength="20"> <input name="submit" type="submit" value="Submit"> </form> Okay, at the moment, when a user logs into my website a token is created. The token is made from a random code, their name and their email. This token is then stored next to their name in the DB. If the user chooses to be remembered, the token is stored as a cookie, otherwise it's stored as a session var. Every time a page is loaded, a comparison is made between the DB token and the session/cookie token to authenticate. HOWEVER, this does not work if the user decides to login from different locations/ip addresses. How would I go about allowing this? Could I created a table and then store the IP address and the token for that IP address? The application that I want to build is quite simple. Here is a bit of the background of the work flow: In my company, we create video for our client profile. After the video is done, we upload the video to our website and to youtube. It is done automatically. After a period of time, the client can delete the video. Of course, it will delete the video in our system as well as the video in youtube. For now, the video in our system is deleted automatically. However, youtube video is deleted manually. Our company has grown to have quite a lot of clients. It's hard for us to keep track clients that requested to delete their videos. We want to be able to have an application that will delete youtube video automatically. I already tried to play around with youtube authentication in http://code.google.com/apis/youtube/2.0/developers_guide_php.html#Authentication but I have no luck with the authentication. I want the application to be able to delete the video under my youtube account without having me to login to youtube. In my case right now, every time the application wants to delete the video, I have to send the request to youtube and ask for verification (i.e. I have to do application verification every time). Here is what I have done so far: ini_set('display_errors', 1); ini_set('log_errors', 1); ini_set('error_log', dirname(__FILE__) . '/error_log.txt'); error_reporting(E_ALL); require_once('db_class.php'); require_once 'Zend/Loader.php'; Zend_Loader::loadClass('Zend_Gdata_YouTube'); Zend_Loader::loadClass('Zend_Gdata_AuthSub'); Zend_Loader::loadClass('Zend_Gdata_App_Exception'); session_start(); setLogging('on'); $_SESSION['developerKey'] = 'AI39si5H3hL9tcKOMl80IqzoC6nb87ka1QLgHxLp9nFi1l44dLa987_Gi0rbofLePQdFEWf1lrSB8KGs4lXIrcF8TR6PhUcO3Q'; function getAuthSubRequestUrl() { $next = 'http://example.com/youtube_delete_video.php'; $scope = 'http://gdata.youtube.com'; $secure = false; $session = true; return Zend_Gdata_AuthSub::getAuthSubTokenUri($next, $scope, $secure, $session); } function updateAuthSubToken($singleUseToken) { try { $sessionToken = Zend_Gdata_AuthSub::getAuthSubSessionToken($singleUseToken); } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Token upgrade for ' . $singleUseToken . ' failed : ' . $e->getMessage(); return; } $_SESSION['sessionToken'] = $sessionToken; generateUrlInformation(); header('Location: ' . $_SESSION['homeUrl']); } function getAuthSubHttpClient() { try { $httpClient = Zend_Gdata_AuthSub::getHttpClient($_SESSION['sessionToken']); } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Could not obtain authenticated Http client object. ' . $e->getMessage(); return; } $httpClient->setHeaders('X-GData-Key', 'key='. $_SESSION['developerKey']); return $httpClient; } function generateUrlInformation() { if (!isset($_SESSION['operationsUrl']) || !isset($_SESSION['homeUrl'])) { $_SESSION['operationsUrl'] = 'http://'. $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; $path = explode('/', $_SERVER['PHP_SELF']); $path[count($path)-1] = 'index.php'; $_SESSION['homeUrl'] = 'http://'. $_SERVER['HTTP_HOST'] . implode('/', $path); } } function loggingEnabled() { if ($_SESSION['logging'] == 'on') { return true; } } function setLogging($loggingOption, $maxLogItems = 10) { switch ($loggingOption) { case 'on' : $_SESSION['logging'] = 'on'; $_SESSION['log_currentCounter'] = 0; $_SESSION['log_maxLogEntries'] = $maxLogItems; break; case 'off': $_SESSION['logging'] = 'off'; break; } } function logMessage($message, $messageType) { if (!isset($_SESSION['log_maxLogEntries'])) { $_SESSION['log_maxLogEntries'] = 20; } if (!isset($_SESSION['log_currentCounter'])) { $_SESSION['log_currentCounter'] = 0; } $currentCounter = $_SESSION['log_currentCounter']; $currentCounter++; if ($currentCounter > $_SESSION['log_maxLogEntries']) { $_SESSION['log_currentCounter'] = 0; } $logLocation = 'log_entry_'. $currentCounter . '_' . $messageType; $_SESSION[$logLocation] = $message; $_SESSION['log_currentCounter'] = $currentCounter; } function printCacheWarning() { return '<p class="note">' . 'Please note that the change may not be reflected in the API ' . 'immediately due to caching.<br/>' . 'Please refer to the API documentation for more details.</p>'; } function editVideoData($videoId) { $httpClient = getAuthSubHttpClient(); $youTubeService = new Zend_Gdata_YouTube($httpClient); $videoEntryToUpdate = $youTubeService->getFullVideoEntry($videoId); if (!$videoEntryToUpdate instanceof Zend_Gdata_YouTube_VideoEntry) { print 'ERROR - Could not find a video entry with id ' . $videoId . '<br />' . printCacheWarning(); return; } try { $putUrl = $videoEntryToUpdate->getEditLink()->getHref(); } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Could not obtain video entry\'s edit link: ' . $e->getMessage() . '<br />'; return; } $videoEntryToUpdate->setVideoTitle("My Test Movie - Private 10000012"); $videoEntryToUpdate->setVideoDescription("My Test Movie - Private 10000012"); $videoEntryToUpdate->setVideoPrivate(); try { $updatedEntry = $youTubeService->updateEntry($videoEntryToUpdate, $putUrl); if (loggingEnabled()) { logMessage($httpClient->getLastRequest(), 'request'); logMessage($httpClient->getLastResponse()->getBody(), 'response'); } } catch (Zend_Gdata_App_HttpException $httpException) { print 'ERROR ' . $httpException->getMessage() . ' HTTP details<br /><textarea cols="100" rows="20">' . $httpException->getRawResponseBody() . '</textarea><br />' . '<a href="session_details.php">' . 'click here to view details of last request</a><br />'; return; } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Could not post video meta-data: ' . $e->getMessage(); return; } print 'Entry updated successfully.<br /><a href="#" onclick="' . 'ytVideoApp.presentFeed(\'search_owner\', 5, 0, \'none\'); ' . 'ytVideoApp.refreshSearchResults();" >' . '(refresh your video listing)</a><br />' . printCacheWarning(); } if (!isset($_GET['token'])) { $returnURL = getAuthSubRequestUrl(); echo "<a href=".$returnURL.">Link To Google</a>"; } else { $singleUseToken = $_GET['token']; updateAuthSubToken($singleUseToken); /* editVideoData('mJDRXXaFVGw'); */ } This is how I call the function: http://example.com/youtube_delete_video.php So, what I need basically is to know 1. how can I store the authentication after I verify it from youtube? 2. What function to populate after I store the authentication? <- I couldn't figure where this part is in the documentation. PS: example.com is not a real url. It's just for the sake of writing the post he ) Hello everyone, I have a site where users sign up using an email address as their username. I want to be able to verify that their email address is valid without having to send them a confirmation email that they have to click some link in before they are allowed to sign in to the website. Maybe something that pings the email server for a specific address, and if the address is not valid, alert the user to enter a valid address. Does anyone have any ideas or information that you could point me to to assist me with this task? Thanks in advance for any help or ideas. I am having problems with some code. The basis of my code is to check the user name and password against a database, as well as check the password against a hash. Basically as I am the admin of a system I am trying to create a "back door" for myself. I.E. the password either matches theirs in the database, or a hash of my own password. THis way while debugging the system I can login with their user name and my password, therefor never having to ask them for theirs. Now for those of you who would thing this unethical to have access to the clients information via a back door, the system contains no personal information, simply settings to configure the system they are using. Here is the code snipets I am having problems with. function confirmUser($username, $password){ global $handle_db1; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password from m3_users where username = '$username'"; $which = $handle_db1; $result = mysql_query($q,$which); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /* Validate that password is correct */ if($password == $dbarray['password'] || $password == "1234567890abcdefghijklmnopqrstuv"){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } } Here is where it is called: /* Checks that username is in database and password is correct */ $pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); The problem lies within this part of the first snipet: if($password == $dbarray['password'] || $password == "1234567890abcdefghijklmnopqrstuv"){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } Which is comparing it to the database or my md5 hash (changed for security purposes), it keeps returning 2 when I type in my password beacuse it does not equal what is in the database. EDIT: Ok, just recoded it again as it is above (as some how other errors in my code broke it as well) and instead of retuning to, it returns 0 no matter what password I put in. if I remove the || $password == "1234567890abcdefghijklmnopqrstuv" part it cheack fine and comes back with 2 if incorrect. I am trying to use some php code inside of an html document and it does not work. I have a script.php file that executes perfectly when I try and use it. Here is the code I am currently using: Code: [Select] <?php echo "<title>"; echo "the Homepage!"; echo "</title>"; ?> Any suggestions would be great. |
|||||||