|
PHP - Logging In Problems - Need To Login Twice?
Hi guys, have a little problem here, when you login first it seems to work fine, and redirects back to index.php showing your username etc, but then when I click on another page which checks if session is set, it asks me to login again, so I do that, get redirected back to index.php again and click on the same page and then it works.. but almost every time it asks me to login twice.. and not sure why?
Logging in / creating the session : Code: [Select] <?php // Login session_start(); $_SESSION['username'] = htmlspecialchars($username); // htmlspecialchars() sanitises XSS header( 'Location: index.php' ) ; ?> then on index.php: Code: [Select] <?php include 'connect.php'; session_start(); $username = $_SESSION['username']; ?> And on another page: Code: [Select] <?php include 'connect.php'; include_once "markdown.php"; session_start(); if(!isset($_SESSION['username'])) { //code } ?> Similar TutorialsI am looking for some help or direction or maybe someone can point me to a tutorial some where. I am looking at adding a program to my website but it requires the user to also be logged in to use it. I would like to know how I can set it up so my users only have to log into my website once and it will automatically log them into this program using the same log in credentials. I am sure this is common and simple but I am a newbie programmer. Thank You for any advice. I have built a simple website to share photos with people at work. And it is based on code - known to work - from a larger website that I built a few years ago. When you land on the site, you have a login screen, and if the username/password match what is hardcoded, then I set $_SESSION['loggedIn'] = TRUE; and I redirect to the menu.php page. If your credentials do not match, then I redirect the user to an access-denied.php (403) page. Here is the problem... Occasionally, when you try to log in you will get routed to the access-denied page. But then if you try a second time you end on on the menu page. I uploaded my otherwise working code to my hosted webserver, and now I can never seem to log in. It seems to me that something is getting screwed up with the session variable? Any ideas what could be causing this strange behavior? I have a script that seems to work well to insert a bookmark into a users database when he/she is logged into the system but I am having a hard time figuring out how I would go about making a work-a-round for having an item selected before being logged in, and inserted after they have logged in or registered. For example, I would like a user to be able to select an Item to add to bookmark whether that user is logged in/registered or not and if they are not, they would be greeted with a login/registration form and after successful login the add bookmark script would be initiated on the item previously selected. What I've got this far: Simple form to add bookmark: <form name="bm_table" action="add_bms.php" method="post"> <input type="text" name="new_url" value="http://" /> <input type="submit" value="Add Bookmark"/> </form> Then I have the add bookmark script: BEGIN php $new_url = $_POST['new_url']; try { check_valid_user(); //cannot get past this part since it ends the script....code below if (!filled_out($_POST)) { throw new Exception('Form not completely filled out.'); } // check URL format if (strstr($new_url, 'http://') === false) { $new_url = 'http://'.$new_url; } // check URL is valid if (!(@fopen($new_url, 'r'))) { throw new Exception('Not a valid URL.'); } // try to add bm add_bm($new_url); echo 'Bookmark added.'; // get the bookmarks this user has saved if ($url_array = get_user_urls($_SESSION['valid_user'])) { display_user_urls($url_array); } } catch (Exception $e) { echo $e->getMessage(); } END php Checking valid user - the portion I cannot get past in the above script: function check_valid_user() { // see if somebody is logged in and notify them if not if (isset($_SESSION['valid_user'])) { echo "Logged in as ".$_SESSION['valid_user'].".<br />"; } else { // they are not logged in do_html_heading('Problem:'); echo 'You are not logged in.<br />'; do_html_url('login.php', 'Login'); do_html_footer(); exit; } } How would I go about modifying the script so that a user could fill in the form (later it would be a link...obviously they probably wouldn't be filling in a form that is log-in specific - but same concept I think) Thanks in advance for the help! tec4 Hi there I am having some issues with my site login. When a user logs in, it loads the page as a logged in user. But often when you click on a link inside the page, for some reason the user is logged out. After logging in again it sometimes does work, it's weird.. Also, even if you keep the page loaded in the browser yet you don't interact with it for a couple of minutes, and you click something, you're logged out again.. Here's my code, this is on the top of the page. When a user logs in, the $_POST['login'] is set. Code: [Select] <?php session_start(); setlocale(LC_ALL, 'nl_NL'); require_once('mysql_connect.inc.php'); date_default_timezone_set('Europe/Brussels'); $verbinding = mysql_connect(MYSQL_SERVER, MYSQL_GEBRUIKERSNAAM, MYSQL_WACHTWOORD) or die("Connection failed: " . mysql_error()); function CleanMyDirtyData($dirtydata){ return mysql_real_escape_string(htmlentities($dirtydata, ENT_QUOTES,'UTF-8')); } if(isset($_COOKIE['LoginCookie'])){ $hash = mysql_real_escape_string($_COOKIE['LoginCookie']); mysql_select_db('db'); $sql = "SELECT * FROM leden WHERE cookie_hash = '".$hash."'"; if($result = mysql_query($sql)){ $row = mysql_fetch_array($result); if(empty($row)){ setcookie('LoginCookie','',time()-3600); } if(mysql_num_rows($result) == 1){ $_SESSION['loggedin'] = true;//this is the parameter throughout the site that determines wether to show logged in data or not-logged in data. //extra parameters for identification $_SESSION['loggedinnick'] = $row['nick']; $_SESSION['loggedinvoornaam'] = $row['voornaam']; $_SESSION['loggedinachternaam'] = $row['achternaam']; $_SESSION['loggedinid'] = $row['id']; $_SESSION['loggedintype'] = $row['type']; } } } if(isset($_POST['login'])){ if(empty($_POST['username']) || empty($_POST['wachtwoord'])){ $_SESSION['melding'] = "You need to fill in both fields."; header('Location: index.php'); exit(); } $username = CleanMyDirtyData($_POST['username']); $wachtwoord = sha1(CleanMyDirtyData($_POST['wachtwoord'])); mysql_select_db('db'); $sqlmail = mysql_query("SELECT * FROM leden WHERE email='$username' AND wachtwoord = '$wachtwoord'"); $sqlnaam = mysql_query("SELECT * FROM leden WHERE nick='$username' AND wachtwoord = '$wachtwoord'"); if(mysql_num_rows($sqlmail) == 1 || mysql_num_rows($sqlnaam) == 1){ if(mysql_num_rows($sqlmail) == 1){ $row = mysql_fetch_array($sqlmail); }else{ $row = mysql_fetch_array($sqlnaam); } if(isset($_POST['remember'])){ $hash = sha1($whatev);//combination of 3 parameters; time, salt, and something else. setcookie('LoginCookie',$hash,time()+30000000); mysql_query("UPDATE leden SET cookie_hash='" . $hash . "' WHERE id='" . $row['id'] . "'")or die(mysql_error()); } $_SESSION['loggedin'] = true; $_SESSION['loggedinnick'] = $row['nick']; $_SESSION['loggedinvoornaam'] = $row['voornaam']; $_SESSION['loggedinachternaam'] = $row['achternaam']; $_SESSION['loggedinid'] = $row['id']; $_SESSION['loggedintype'] = $row['type']; $_SESSION['melding'] = "You have successfully logged in."; header('Location: index.php'); exit(); }else{ $_SESSION['melding'] = "Wrong combination."; header('Location: index.php'); exit(); } } ?> Hi Im doing a login for a website I've built and Im having troubles, The connection to the actual database works fine, no errors, but when trying to verify data in the database to log on and get to a secure area i just get the incorrect username or password that i created for when details are incorrect. heres the code where the problem lies Any help would be appreciated <?php session_start(); require("db_connect.php"); $username = $_POST['uname']; $password = $_POST['pword']; $sql = "SELECT * FROM login_details WHERE username='$username' AND password='$password'"; $results = mysql_query($sql, $connect); $numofrows = mysql_num_rows($results); if ($numofrows == 1) { $_SESSION['username'] = $row['username']; $_SESSION['loggedin'] = true; header ("Location: secure_page.php"); die(); } else { $_SESSION['error']= "Icorrect Username Or Password"; header("Location: login.php"); die(); } ?> Hello, I have a problem with my website, Admin login page (http://www.tranceprofile.com/storeadmin/admin_login.php I can not login to my Admin controle panel. Login information: Username: Mitch Password: schuur111 Username: Admin Password: poopoo Can someone help me ? Here is my admin_login.php source code. If you need some other source code in my /storeadmin folder please tell Code: [Select] <?php session_start(); if (isset($_SESSION["manager"])) { header("location: index.php"); exit(); } ?> <?php // Parse the log in form if the user has filled it out and pressed "Log In" if (isset($_POST["username"]) && isset($_POST["password"])) { $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters // Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 1) { // evaluate the count while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["manager"] = $manager; $_SESSION["password"] = $password; header("location: index.php"); exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin Log In </title> <link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> </head> <body> <div align="center" id="mainWrapper"> <?php include_once("../template_header.php");?> <div id="pageContent"><br /> <div align="left" style="margin-left:24px;"> <h2>Please Log In To Manage the Store</h2> <form id="form1" name="form1" method="post" action="admin_login.php"> User Name:<br /> <input name="username" type="text" id="username" size="40" /> <br /><br /> Password:<br /> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <br /> <input type="submit" name="button" id="button" value="Log In" /> </form> <p> </p> </div> <br /> <br /> <br /> </div> <?php include_once("../template_footer.php");?> </div> </body> </html> Hi. Link to project: www.smarttreff.moo.no Login user: admin login pw: 123 When i login the login form wont disapear. If i return to the index(Hjem) page without logging out, the loginform disapear. I am ussing session for the login So the basicly, i want the loginform do disapear at once when the user has pushed login button(Logg in) (dont laught at my "cut and past" for the include meny.. i just made the design and chopped it to bits and put it into includes) Index.php Code: [Select] <?php session_start(); include("css.php"); include("header.php"); include("meny.php"); ?> <td width="596" valign="top"><table width="100%" border="0" cellpadding="15"> <tr> <td class="tabell" valign="top" align="left"> Main </td> </tr> </table></td> </tr> </table> <?php include("footer.php"); ?> meny.php Code: [Select] <table width="800" border="0"> <tr> <td width="198" valign="top"><table width="100%" border="0" cellpadding="15"> <tr> <td align="left" valign="top" class="tabell"> <a href="index.php">Hjem</a> <br /> Når og hvor <br /> For hvem <br /> Spørsmål og svar<br /> Forum <br /> <br /> <br /> Samarbeidspartnere </td> </tr> </table> <br /> <table width="100%" border="0" cellpadding="15"> <tr> <td class="tabell" valign="top" align="left"> <?php if(isset($_SESSION['username'])) echo "Velkommen, " .$_SESSION['username']. "!<a href='innlogget.php'>Medlemsnyheter</a><br><a href='logout.php'>Log ut</a>"; else { include("loginform.php"); } ?> </td> </tr> </table></td> <td width="15"> </td> Hi, Having completed a site migration this am everything went well aside from issues with logging into and out of our site where two files are used and appear as white pages. When logging into our site, proc_login.php is used and when logging out proc_logout.php is used. Both processes result in a white "blank" page instead of the php files forwarding on. I've no idea about php generally and have been trying my best to find useful and similar information online to attempt to resolve the problem. I am now stuck. The site works perfectly on my local web server, and what is really baffling me is the site also works perfectly on Domain B on the exact same server I'm trying to get the site running under as Domain A. In other words as both Domain A & B are configured on the same host server I'm thinking all the inherited php/apache/mysql settings should be identical (or pretty much thereabouts) and therefore am more confused than ever! I simply don't know where to start therefore in resolving this problem. I've tried looking in the error log file and have also played around with turning on error enabling on those specific php files to try and follow any errors, however the "errors" generated are no different than the ones present on sites where the login/logout process works just fine. I've hopefully attached both files and if anyone could assist in helping me narrow down my search for a solution I'd be very appreciative. Thanks. I can seem to login it tells me to check my password and username but i dont know the username and password are correct
here is my whole code
<?php
//start the sessoin
session_start();
//connect to db
require "scripts/connect.php";
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($db,$username);
$password = mysqli_real_escape_string($db,$password);
if(isset($_POST['loginbtn'])){
if(!empty($username) && !empty($password)){
//sql command
$getstaff = "SELECT * FROM `users` WHERE `username` = '$username'";
//execute the query
$query = mysqli_query($db,$getstaff);
//get the number of rows
$num_rows = mysqli_num_rows($query);
if($num_rows != 0){
//get the info
$rows = mysqli_fetch_assoc($query);
//setting the data in indivaul variables
$dbusername = $rows['username'];
$dbpassword = $rows['password'];
//getting the password the user enter and making it hash
//in order for it to match in the database
$password = md5($password);
if($dbusername === $username && $dbpassword === $password){
//create the session
$_SESSION['username'] = $username;
//redircet them to the control panel
header("location: controlpanel.php");
}else
$msg = "Please check your username or password";
}else
$msg = "User does not exist";
}else
$msg = "Please enter your username and password";
}
?>
This is where it is giving me a hard time
if($dbusername === $username && $dbpassword === $password){
//create the session
$_SESSION['username'] = $username;
//redircet them to the control panel
header("location: controlpanel.php");
}else
$msg = "Please check your username or password";
Any ideas why its not letting me enter
After getting my site hacked, I'm not really up for learning PhP, so I'm trying to use uMScript.
On the demo site, and when I just load up the files on my server, it will redirect upon log in. But when I then use my styling, for some reason the login_submit.php gives me a blank page and does not redirect, nor does it log the user in. I don't change anything except the positioning of the forum and the container around it, no PhP or JS changes, weird? I can not seem to get a hold of the creator, nor can I find a user script that matches what I'm looking for. Heck, I'm so close to going mad, I'm even willing to pay someone to do the user PhP for me haha Has anyone used this script successfully? You can try it out he http://mod-universe.com/index.php Demo: http://www.ventureha.../demo/index.php (I couldn't get the demo credentials to log in, created a new user = Okriani, kieran09) First time poster so please bear with me. Is there a script that will show me the process of my php program as it runs, maybe log it to a log file each step so I can see what is happening. Fairly new to php so there maybe something that I can set there. I can read the code and follow it there but I'd like to see it in a log after each step or after each process completes. I have done this in the old days of dbase and it really helps with the errors that can develop. Thanks in advance and what a great forum. Hi guys, I got a little bit of an issue. I have a register page, which works fine and submits to itsself, however i also have a login page which currently has no errors but doesnt allow any1 to log in. If some1 can see why that will be great, as this is causing so many issues. This is the last step i cant get past. Here is the code Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Forensics E-learning Package</title> <script type="text/javascript" src="start.js"></script> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <div id="wrapper"> <div id="header"> <div id="toplinks"> </div> </div> <div id="menu"> <ul> <li><a class="selected" href="index.html">Home</a></li> <li><a href="index.php">Initial Quiz</a></li> <li><a href="about.php">About</a></li> <li><a href="member.php">Member Section</a></li> </ul> </div> <div id="content"> <div id="main"> <h1>Forensics E-Learning Package</h1><BR /></head> Login to the User Profiled E-Learning Course which is specifically aimed to raise awareness in computer forensics. <?php $submit =&$_POST['submit']; if(isset($submit)) { if($username && sha1($password)) { $username =&$_POST['username']; $password =&$_POST['password']; $_SESSION['$username'] = $username; $_SESSION['$password'] = sha1($password); $connect = mysql_connect("localhost","root", "") or die ("Couldn't Connect!"); mysql_select_db("userlogin", $connect) or die("Couldn't find db"); //$con = mysql_connect('userscores.db.7767668.hostedresource.com','userscores','L3tt3r09'); //mysql_select_db('userscores', $con); $query = mysql_query("SELECT * FROM users WHERE username=' $username'"); $numrows = mysql_num_rows($query); if ($numrows!=0) { //code to login while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; $dbscore = $row['score']; $dbdclty = $row['dclty']; $dbid = $row['id']; $dbnewdclty = $row['newdclty']; } $_SESSION['id'] = $dbid; $_SESSION['PreviousScore'] = $dbscore; $_SESSION['dclty'] = $dbdclty; $_SESSION['newdclty'] = $dbnewdclty; if ($username==$dbusername&&sha1($password)==$dbpassword) { $username==$dbusername; } else { echo ("Incorrect Password!"); } } else { echo("That user doesn't exist!"); } } else { echo("Please enter a username and password!"); } echo ("You Successfully Logged In!"); } else { ?><BR /><BR /><?php echo("Please Log In!"); } if ($submit) echo "Logged In Successfully!"; ?> <BR /><BR /> <form action='index.php' method='POST'> Username: <input type='text' name='username'><BR /> Password: <input type='password' name='password'><BR /> <input type='submit' value='Log In'> </form> <p><BR /><BR /> <a class="button" href='register.php'><span><button class="button" id="save">Register</button></span></a> </div> <div id="right"> <h2>Right Menu</h2> <div class="rightitem"> <ul> <li><a class="selected" href="index.html">Home</a></li> <li><a href="index.php">Initial Quiz</a></li> <li><a href="about.php">About</a></li> <li><a href="member.php">Members Area</a></li> <li><a href="contact.php">Leave Feedback</a></li> </ul> </div> </div> </div> <div class="clearbottom"></div> <div id="footer"></div></div> </body> </html> Thanks for any help Lance Hi, I've been semi-teaching myself curl, and I decided to try logging into Facebook with it. This is what I have so far... <?PHP $Email = strip_tags(str_replace(' ', '', $_POST['email'])); $Password = strip_tags(str_replace(' ', '', $_POST['password'])); $FBlogin = 'https://www.facebook.com/login.php?login_attempt=1'; $MoreData = "charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&lsd=u2nsf&locale=en_US&email=".urlencode($Email)."&pass=".urlencode($Password)."&default_persistent=0&charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&lsd=u2nsf"; $Cookie = "cookie.txt"; $fp = fopen($Cookie,'wb'); $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7"; //login to facebook $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$FBlogin); curl_setopt($ch, CURLOPT_USERAGENT, $agent); curl_setopt($ch, CURLOPT_COOKIEFILE, $Cookie); curl_setopt($ch, CURLOPT_COOKIEJAR, $Cookie); curl_setopt($ch, CURLOPT_REFERER, $FBlogin); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POSTFIELDS, $MoreData); $Excecute = curl_exec($ch); echo $Excecute; ?> Right now I have it echo'ing out to see what's going wrong. I'm getting cookie errors from facebook saying that "I must have cookies enabled". What could be wrong in my script that would trip such an error? Thanks. will the following code work to log any php errors i may have on the page this code is included? Code: [Select] ini_set('error_reporting', E_ALL); error_reporting(E_ALL); ini_set('log_errors',TRUE); ini_set('html_errors',FALSE); ini_set('error_log','./error_log.txt'); ini_set('display_errors',FALSE); i am trying to log out a user after account deletion by re-directing them. for some reason, the directories are not being removed, and i am not being redirected after that. Hey, i have a small problem with the logout part of my account system. When i click the logout link, it directs me to the index page with an error (custom error stuff i made). Heres my logout code <?php echo 'Behandler ...<br />'; if(isset($_SESSION['logged']) && isset($_SESSION['email']) && $_SESSION['logged'] == 1) { echo 'Logger ud, vent venligst...'; unset($_SESSION['logged']); unset($_SESSION['email']); header('location: index.php?p=success&ploca=login&pid=1'); exit(); } else { header('location: index.php?p=error&ploca=login&pid=5'); // This is where it jumps to directly. exit(); } ?> The weird thing is, that the sessions email and logged is set, as you can see here; //Printed with print_r($_SESSION); Array ( [psite] => index [logged] => 1 [email] => a@b.c ) Anyone sees my problem? As long as it's SQL injection proof, would it be alright for me to let non-members add comments to a post and give the Author the ability to delete them?
This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=353007.0 I am in the middle of creating an E-Commerce website in PHP (using EasyPHP) and I have run into some problems I have a file called Logout.php which is designed to log registered database users out of a session. However when I go to view the page, I get this ASP.NET IIS7 message: HTTP Error 500.24 - Internal Server Error An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode. This is obviously a php file I have developed, but I do not understand why it is doing this. I have attached the entire project to the message (once unzipped, look for "logout.php") to demonstrate what I am doing, help would be very appreciated please. Hi All I am building a website and I basically want to be able to log my own Error Logging. This could be anything from a usual PHP Notice, An SQL Query failing, a 404 page or a user reaching an activity they should not have (For example, hitting a default: on a switch when they shouldn't have) I have 3 options that I can think off 1) MySQL 2) Email 3) File Write All have pros and cons MySQL - Pro - I can build an admin script to read the errors and display them for me to handle and mark when completed. MySQL - CON - What is the Queries fail for what ever reason (too many connections), then the query to log the error would also fail, thus I would never know Email: PRO - Should always work, I will know straight away Email: CON - Getting the data from an email to a user friendly screen, instead of clogging up my email box File Write - PRO - I can put the data into MySQL at any point, Should near enough always work File Write - CON - Other people could possibly see the the errors, which could give away directories or weaknesses in the web project. Does anyone have any suggestions? |
|||||||