PHP - Major Issue With Logging In And Out
I am in the middle of creating an E-Commerce website in PHP (using EasyPHP) and I have run into some problems
I have a file called Logout.php which is designed to log registered database users out of a session. However when I go to view the page, I get this ASP.NET IIS7 message: HTTP Error 500.24 - Internal Server Error An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode. This is obviously a php file I have developed, but I do not understand why it is doing this. I have attached the entire project to the message (once unzipped, look for "logout.php") to demonstrate what I am doing, help would be very appreciated please. Similar TutorialsI can seem to login it tells me to check my password and username but i dont know the username and password are correct
here is my whole code
<?php //start the sessoin session_start(); //connect to db require "scripts/connect.php"; $username = $_POST['username']; $password = $_POST['password']; $username = mysqli_real_escape_string($db,$username); $password = mysqli_real_escape_string($db,$password); if(isset($_POST['loginbtn'])){ if(!empty($username) && !empty($password)){ //sql command $getstaff = "SELECT * FROM `users` WHERE `username` = '$username'"; //execute the query $query = mysqli_query($db,$getstaff); //get the number of rows $num_rows = mysqli_num_rows($query); if($num_rows != 0){ //get the info $rows = mysqli_fetch_assoc($query); //setting the data in indivaul variables $dbusername = $rows['username']; $dbpassword = $rows['password']; //getting the password the user enter and making it hash //in order for it to match in the database $password = md5($password); if($dbusername === $username && $dbpassword === $password){ //create the session $_SESSION['username'] = $username; //redircet them to the control panel header("location: controlpanel.php"); }else $msg = "Please check your username or password"; }else $msg = "User does not exist"; }else $msg = "Please enter your username and password"; } ?>This is where it is giving me a hard time if($dbusername === $username && $dbpassword === $password){ //create the session $_SESSION['username'] = $username; //redircet them to the control panel header("location: controlpanel.php"); }else $msg = "Please check your username or password";Any ideas why its not letting me enter Hi guys, I got a little bit of an issue. I have a register page, which works fine and submits to itsself, however i also have a login page which currently has no errors but doesnt allow any1 to log in. If some1 can see why that will be great, as this is causing so many issues. This is the last step i cant get past. Here is the code Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Forensics E-learning Package</title> <script type="text/javascript" src="start.js"></script> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <div id="wrapper"> <div id="header"> <div id="toplinks"> </div> </div> <div id="menu"> <ul> <li><a class="selected" href="index.html">Home</a></li> <li><a href="index.php">Initial Quiz</a></li> <li><a href="about.php">About</a></li> <li><a href="member.php">Member Section</a></li> </ul> </div> <div id="content"> <div id="main"> <h1>Forensics E-Learning Package</h1><BR /></head> Login to the User Profiled E-Learning Course which is specifically aimed to raise awareness in computer forensics. <?php $submit =&$_POST['submit']; if(isset($submit)) { if($username && sha1($password)) { $username =&$_POST['username']; $password =&$_POST['password']; $_SESSION['$username'] = $username; $_SESSION['$password'] = sha1($password); $connect = mysql_connect("localhost","root", "") or die ("Couldn't Connect!"); mysql_select_db("userlogin", $connect) or die("Couldn't find db"); //$con = mysql_connect('userscores.db.7767668.hostedresource.com','userscores','L3tt3r09'); //mysql_select_db('userscores', $con); $query = mysql_query("SELECT * FROM users WHERE username=' $username'"); $numrows = mysql_num_rows($query); if ($numrows!=0) { //code to login while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; $dbscore = $row['score']; $dbdclty = $row['dclty']; $dbid = $row['id']; $dbnewdclty = $row['newdclty']; } $_SESSION['id'] = $dbid; $_SESSION['PreviousScore'] = $dbscore; $_SESSION['dclty'] = $dbdclty; $_SESSION['newdclty'] = $dbnewdclty; if ($username==$dbusername&&sha1($password)==$dbpassword) { $username==$dbusername; } else { echo ("Incorrect Password!"); } } else { echo("That user doesn't exist!"); } } else { echo("Please enter a username and password!"); } echo ("You Successfully Logged In!"); } else { ?><BR /><BR /><?php echo("Please Log In!"); } if ($submit) echo "Logged In Successfully!"; ?> <BR /><BR /> <form action='index.php' method='POST'> Username: <input type='text' name='username'><BR /> Password: <input type='password' name='password'><BR /> <input type='submit' value='Log In'> </form> <p><BR /><BR /> <a class="button" href='register.php'><span><button class="button" id="save">Register</button></span></a> </div> <div id="right"> <h2>Right Menu</h2> <div class="rightitem"> <ul> <li><a class="selected" href="index.html">Home</a></li> <li><a href="index.php">Initial Quiz</a></li> <li><a href="about.php">About</a></li> <li><a href="member.php">Members Area</a></li> <li><a href="contact.php">Leave Feedback</a></li> </ul> </div> </div> </div> <div class="clearbottom"></div> <div id="footer"></div></div> </body> </html> Thanks for any help Lance Ok. So I have an HTML website with 14 pages and an external CSS. This website is for a movie rental place like BlockBuster, but local and much smaller. I have to update it everyday , http://brucegregory.net/westmorelandvt , and as you can see I will have to move every block down 1 to put a new movie up. What I think would help: 1. Change all my pages to PHP with an admin panel. 2.I need help with the admin panel and a code that makes my movies on the index page move to the right once or move down to the left once every time I add a new movie. Can someone please help? Here is my code so far... I can't login using this php, i am new to php and am trying my hardest to figure this out... i have been on this for 4 days and am about to pull all of my hair out... can anyone please help me... //******** start of login.php ******** <?php require_once('connectvars.php'); // Start the session session_start(); // Clear the error message // $error_msg = ""; // If the user isn't logged in, try to log them in if (!isset($_SESSION['user_id'])) { if (isset($_POST['submit'])) { // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (!$dbc) { die('Could not connect: ' . mysqli_error()); } echo 'Connected successfully'; // Grab the user-entered log-in data $user_email = mysqli_real_escape_string($dbc, trim($_POST['email'])); $user_pass = mysqli_real_escape_string($dbc, trim($_POST['password'])); if (!empty($user_email) && !empty($user_password)) { // Look up the username and password in the database $query = "SELECT tb_user_id, tb_user_email FROM tb_users WHERE tb_user_email = '$user_email' AND tb_user_password = SHA('$user_pass')"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 1) { // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page $row = mysqli_fetch_array($data); $_SESSION['user_id'] = $row['tb_user_id']; $_SESSION['email'] = $row['tb_user_email']; setcookie('user_id', $row['tb_user_id'], time() + (60 * 60 * 24 * 30)); // expires in 30 days setcookie('email', $row['tb_user_email'], time() + (60 * 60 * 24 * 30)); // expires in 30 days $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php'; header('Location: ' . $home_url); } else { // The username/password are incorrect so set an error message $error_msg = 'Sorry, you must enter a valid username and password to log in1.'; } } else { //*********** This is the error i keep getting // The username/password weren't entered so set an error message $error_msg = 'Sorry, you must enter your username and password to log in2.'; } } } // Insert the page header $page_title = 'Log In'; require_once('header.php'); // If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in if (empty($_SESSION['user_id'])) { echo '<p class="error">' . $error_msg . '</p>'; ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <fieldset> <legend>Log In</legend> <label for="email">Email Address:</label> <input type="text" name="email" value="<?php if (!empty($user_email)) echo $user_email; ?>" /><br /> <label for="password">Password:</label> <input type="password" name="password"/> </fieldset> <input type="submit" value="Log In" name="submit" /> </form> <?php } else { // Confirm the successful log-in echo('<p class="login">You are logged in as ' . $_SESSION['email'] . '.</p>'); } ?> <?php // Insert the page footer require_once('footer.php'); ?> First time poster so please bear with me. Is there a script that will show me the process of my php program as it runs, maybe log it to a log file each step so I can see what is happening. Fairly new to php so there maybe something that I can set there. I can read the code and follow it there but I'd like to see it in a log after each step or after each process completes. I have done this in the old days of dbase and it really helps with the errors that can develop. Thanks in advance and what a great forum. Hi, I've been semi-teaching myself curl, and I decided to try logging into Facebook with it. This is what I have so far... <?PHP $Email = strip_tags(str_replace(' ', '', $_POST['email'])); $Password = strip_tags(str_replace(' ', '', $_POST['password'])); $FBlogin = 'https://www.facebook.com/login.php?login_attempt=1'; $MoreData = "charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&lsd=u2nsf&locale=en_US&email=".urlencode($Email)."&pass=".urlencode($Password)."&default_persistent=0&charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&lsd=u2nsf"; $Cookie = "cookie.txt"; $fp = fopen($Cookie,'wb'); $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7"; //login to facebook $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$FBlogin); curl_setopt($ch, CURLOPT_USERAGENT, $agent); curl_setopt($ch, CURLOPT_COOKIEFILE, $Cookie); curl_setopt($ch, CURLOPT_COOKIEJAR, $Cookie); curl_setopt($ch, CURLOPT_REFERER, $FBlogin); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POSTFIELDS, $MoreData); $Excecute = curl_exec($ch); echo $Excecute; ?> Right now I have it echo'ing out to see what's going wrong. I'm getting cookie errors from facebook saying that "I must have cookies enabled". What could be wrong in my script that would trip such an error? Thanks. After getting my site hacked, I'm not really up for learning PhP, so I'm trying to use uMScript.
On the demo site, and when I just load up the files on my server, it will redirect upon log in. But when I then use my styling, for some reason the login_submit.php gives me a blank page and does not redirect, nor does it log the user in. I don't change anything except the positioning of the forum and the container around it, no PhP or JS changes, weird? I can not seem to get a hold of the creator, nor can I find a user script that matches what I'm looking for. Heck, I'm so close to going mad, I'm even willing to pay someone to do the user PhP for me haha Has anyone used this script successfully? You can try it out he http://mod-universe.com/index.php Demo: http://www.ventureha.../demo/index.php (I couldn't get the demo credentials to log in, created a new user = Okriani, kieran09) will the following code work to log any php errors i may have on the page this code is included? Code: [Select] ini_set('error_reporting', E_ALL); error_reporting(E_ALL); ini_set('log_errors',TRUE); ini_set('html_errors',FALSE); ini_set('error_log','./error_log.txt'); ini_set('display_errors',FALSE); Hi, I am having some major issues. My site provides sheet music available for downloading for free. When a user clicks on a sheet to download, a new window opens up. This user views our sponsor's website for 30 seconds. Once the time is up, they can download the free sheet. Now for the issues: I found a download script that I'm putting to the test. When clicking download, it asks where you want to save the file and downloads the file just fine. After some testing, i found that if the user tries to download the sheet again, my entire php/html code displays on the page, as well as a bunch of nonreadable characters (I'm guessing this is from the .pdf file that is supposed to be downloaded). I need to modify my code to stop this from happening. I've tried to exit() the code or die() after the sheet downloads, but I must be doing it wrong because nothing seems to work. I also tried a redirect to send them to a different page once they download the file. That doesn't work either. The next issue is the bottom page is supposed to display our sponsor's website, which it does. However, the frame that contains the website is not 100% in height as it is specified to be. Something in my code is causing it to stop extending all the way. If you would like to see exactly what is happening for yourself, you can go he http://www.sheetmusichaven.com/download.php?sheet=98%20Degrees-I%20Do%20Cherish%20You-SheetMusicHaven.pdf&artist=98%20Degrees&title=I%20Do%20Cherish%20You I'm using the latest version of Firefox, PHP 5. And for the code. I warn you it is ugly >< <?php session_start(); include_once('inc/connect.php'); $sheet = $_GET['sheet']; $artist = stripslashes($_GET['artist']); $title = stripslashes($_GET['title']); $hyphen = " - "; $url = "http://www.youtube.com"; $timetodownload = $_POST['timetodownload']; $todayquery = mysql_query("SELECT `todayviews` FROM `websites` WHERE `active`='yes'"); $todayresult = mysql_fetch_assoc($todayquery); $todayviews = $todayresult['todayviews']; $result = mysql_query("SELECT `url` FROM `websites` WHERE `active`='yes' && `dailyviews`>'$todayviews' && `credits`>0"); $i = 0; while($row = mysql_fetch_array($result)) { while($i<1){ $url = $row['url']; $i++; } } if(strlen($artist)+strlen($title)>80){ $artist = ""; $hyphen = ""; } $ip = $_SERVER['REMOTE_ADDR']; // Time Goes Here // $ipcheck = mysql_query("SELECT ip FROM downloading WHERE ip='$ip'"); // $ipcount = mysql_num_rows($ipcheck); // if ($ipcount!=0) // { // $error1 = "<div id='regerror'>Username already taken!</div>"; // } // $ipquery = "INSERT INTO downloading VALUES ('','$ip','$time')"; // mysql_query($ipquery); $timesdownloaded = 0; if(isset($timetodownload)&&$timesdownloaded<1){ ############################################################### # File Download 1.31 ############################################################### # Visit http://www.zubrag.com/scripts/ for updates ############################################################### # Sample call: # download.php?f=phptutorial.zip # # Sample call (browser will try to save with new file name): # download.php?f=phptutorial.zip&fc=php123tutorial.zip ############################################################### // Allow direct file download (hotlinking)? // Empty - allow hotlinking // If set to nonempty value (Example: example.com) will only allow downloads when referrer contains this text define('ALLOWED_REFERRER', ''); // Download folder, i.e. folder where you keep all files for download. // MUST end with slash (i.e. "/" ) define('BASE_DIR','admin/uploads/'); // log downloads? true/false define('LOG_DOWNLOADS',true); // log file name define('LOG_FILE','downloads.log'); // Allowed extensions list in format 'extension' => 'mime type' // If myme type is set to empty string then script will try to detect mime type // itself, which would only work if you have Mimetype or Fileinfo extensions // installed on server. $allowed_ext = array ( // archives 'zip' => 'application/zip', // documents 'pdf' => 'application/pdf', 'doc' => 'application/msword', // images 'gif' => 'image/gif', 'png' => 'image/png', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', ); #################################################################### ### DO NOT CHANGE BELOW #################################################################### // If hotlinking not allowed then make hackers think there are some server problems if (ALLOWED_REFERRER !== '' && (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false) ) { die("Internal server error. Please contact system administrator."); } // Make sure program execution doesn't time out // Set maximum script execution time in seconds (0 means no limit) set_time_limit(0); if (!isset($sheet) || empty($sheet)) { die("Please specify file name for download."); } // Nullbyte hack fix if (strpos($sheet, "\0") !== FALSE) die(''); // Get real file name. // Remove any path info to avoid hacking by adding relative path, etc. $fname = basename($sheet); // Check if the file exists // Check in subfolders too function find_file ($dirname, $fname, &$file_path) { $dir = opendir($dirname); while ($file = readdir($dir)) { if (empty($file_path) && $file != '.' && $file != '..') { if (is_dir($dirname.'/'.$file)) { find_file($dirname.'/'.$file, $fname, $file_path); } else { if (file_exists($dirname.'/'.$fname)) { $file_path = $dirname.'/'.$fname; return; } } } } } // find_file // get full file path (including subfolders) $file_path = ''; find_file(BASE_DIR, $fname, $file_path); if (!is_file($file_path)) { die("File does not exist. Make sure you specified correct file name."); } // file size in bytes $fsize = filesize($file_path); // file extension $fext = strtolower(substr(strrchr($fname,"."),1)); // check if allowed extension if (!array_key_exists($fext, $allowed_ext)) { die("Not allowed file type."); } // get mime type if ($allowed_ext[$fext] == '') { $mtype = ''; // mime type is not set, get from server settings if (function_exists('mime_content_type')) { $mtype = mime_content_type($file_path); } else if (function_exists('finfo_file')) { $finfo = finfo_open(FILEINFO_MIME); // return mime type $mtype = finfo_file($finfo, $file_path); finfo_close($finfo); } if ($mtype == '') { $mtype = "application/force-download"; } } else { // get mime type defined by admin $mtype = $allowed_ext[$fext]; } // Browser will try to save file with this filename, regardless original filename. // You can override it if needed. if (!isset($_GET['fc']) || empty($_GET['fc'])) { $asfname = $fname; } else { // remove some bad chars $asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']); if ($asfname === '') $asfname = 'NoName'; } // set headers header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Type: $mtype"); header("Content-Disposition: attachment; filename=\"$asfname\""); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . $fsize); // download // @readfile($file_path); $file = @fopen($file_path,"rb"); if ($file) { while(!feof($file)) { print(fread($file, 1024*8)); flush(); if (connection_status()!=0) { @fclose($file); die(); } } @fclose($file); } // log downloads if (!LOG_DOWNLOADS) die(); $f = @fopen(LOG_FILE, 'a+'); if ($f) { @fputs($f, date("m.d.Y g:ia")." ".$_SERVER['REMOTE_ADDR']." ".$fname."\n"); @fclose($f); } $timesdownloaded++; if(isset($timetodownload)==($_POST['timetodownload'])){ $timetodownload = ""; echo "<meta http-equiv=\"refresh\" content=\"0;url=index.php?letter=0\">"; } if($timesdownloaded>0){ header("Location: index.php"); } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta name="description" content="Free Piano Sheet Music - Sheet Music Haven" /> <meta name="keywords" content="free,piano,sheet,music,download,keyboard,haven,lyrics,notes,chords,score,top,modern,popular,jazz,classical,sheetmusichaven" /> <meta name="author" content="Sheet Music Haven - Free Piano Sheet Music. Download all types of piano sheet music for free. Popular sheets are added often" /> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1" /> <title>Downloading <?php echo $sheet; ?> - Sheet Music Haven</title> <link rel="stylesheet" type="text/css" href="styles/style.css" /> <style> iframe { padding: 0px; spacing: 0px; } body{ margin: 0px; color: #000000; } #bggreen{ width: 99%; height: 88%; background-color: #6aa504; margin-left: auto; margin-right: auto; text-align: center; } #countdown{ color: #4296ce; font-size: 18px; } .sheetbar a{color: #000000; font-family: "Arial", Helvetica, sans-serif; } #logo{ position: relative; width: 320px; height: 65px; text-align: center; float: left; top: 19px; } #timer{ position: relative; width: 65%; height: 59px; float: left; text-align: center; top: 3px; background-color: #ececec; border-style: solid; border-color: #93DB70; } </style> <script type="text/javascript"> var time = 2; function startCountdown(){ var t = setTimeout("countdown()", 1000); } function countdown(){ var sHeet = "<?php echo $sheet;?>"; var artist = "<?php echo $artist;?>"; var tItle = "<?php echo $title;?>"; --time; if(time == 0){ document.getElementById("countdown").innerHTML = "<form action='download.php?sheet=<?php echo $sheet; ?>' method='POST'><input type='image' src='img/download.png' alt='Download' name='timetodownload' value='Download'><\/form>"; }else{ document.getElementById("countdown").innerHTML = time; var t = setTimeout('countdown()', 1000); } } </script> </head> <body onload="startCountdown();" bgcolor="#343331"> <table width="100%" height="100%" cellspacing="0" cellpadding="0" border="0"> <?php echo "<tr><td style='background:#343331;height:80px;border-bottom:#aaaaaa solid 2px;'>"; echo "<div id='bggreen' class='sheetbar'> <div id='logo'><a href='index.php'><img src='img/logosmall.png'></a><br /> <a href='suggestions.php' style='color: #ececec; font-size: 14px;'>Report Errors</a></div> <div id='timer'> It is our sponsor's that keep this website running. Please view their website while you wait for:<br /> <span style='color: #6aa504;'>".ucwords($artist).$hyphen.ucwords($title)."</span> <br /> <div id='countdown'>2</div> </div> </div>".$error; echo "</td></tr>"; ?> <tr><td> <iframe src="<?php echo $url;?>" width="100%" height="100%" frameborder="0" marginwidth="0" marginheight="0"> <p>Your browser does not support iframes.</p> </iframe> </td></tr> </table> </body> </html> I have built a simple website to share photos with people at work. And it is based on code - known to work - from a larger website that I built a few years ago. When you land on the site, you have a login screen, and if the username/password match what is hardcoded, then I set $_SESSION['loggedIn'] = TRUE; and I redirect to the menu.php page. If your credentials do not match, then I redirect the user to an access-denied.php (403) page. Here is the problem... Occasionally, when you try to log in you will get routed to the access-denied page. But then if you try a second time you end on on the menu page. I uploaded my otherwise working code to my hosted webserver, and now I can never seem to log in. It seems to me that something is getting screwed up with the session variable? Any ideas what could be causing this strange behavior? As long as it's SQL injection proof, would it be alright for me to let non-members add comments to a post and give the Author the ability to delete them?
Hi all, My session is not destroy even after I have click 'log out' The user will only log out only when I have closed the browser. May I know what could have caused the problem? Below is my code My admin.php page Code: [Select] <?php // For logging out if (isset($_SESSION['username'])) { echo '<a href="admin_logout.php">Log Out (' . $_SESSION['username'] . ')</a>'; // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // Retrieve the user data from MySQL $query = "SELECT tutor_id, name FROM tutor_profile ORDER BY name ASC"; $data = mysqli_query($dbc, $query); // Loop through the array of user data, formatting it as HTML echo '<h4>Latest members:</h4>'; echo '<table>'; while ($row = mysqli_fetch_array($data)) { echo '<td><a href="viewprofile.php?tutor_id=' . $row['tutor_id'] . '">' . $row['name'] . '</a></td></tr>'; } echo '</table>'; mysqli_close($dbc); } else { echo '<a href="admin_login.php">Log In</a>'; } ?> My logout.php page Code: [Select] <?php // If the user is logged in, delete the session vars to log them out session_start(); if (isset($_SESSION['admin_id'])) { // Delete the session vars by clearing the $_SESSION array $_SESSION = array(); // Delete the session cookie by setting its expiration to an hour ago (3600) if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 3600); } // Destroy the session session_destroy(); } // Delete the user ID and username cookies by setting their expirations to an hour ago (3600) setcookie('admin_id', '', time() - 3600); setcookie('username', '', time() - 3600); // Redirect to the home page $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/admin_login.php'; header('Location: ' . $home_url); ?> This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=353007.0 I would like to create a script that can login to my account on xbox.com, check my messages, and store messages into my database (only messages that have not been stored yet). The purpose for this is: I want my users to register their accounts using their Xbox Live Username. To make them verify their Username they send a message to my Xbox Account with a message saying 'Verify" or something. My script will check my xbox account's messages for new messages with the body saying 'Verify' to verify the username, and store it in a database that it has been successfully verified. How do I go about doing this? i am trying to log out a user after account deletion by re-directing them. for some reason, the directories are not being removed, and i am not being redirected after that. Hi All I am building a website and I basically want to be able to log my own Error Logging. This could be anything from a usual PHP Notice, An SQL Query failing, a 404 page or a user reaching an activity they should not have (For example, hitting a default: on a switch when they shouldn't have) I have 3 options that I can think off 1) MySQL 2) Email 3) File Write All have pros and cons MySQL - Pro - I can build an admin script to read the errors and display them for me to handle and mark when completed. MySQL - CON - What is the Queries fail for what ever reason (too many connections), then the query to log the error would also fail, thus I would never know Email: PRO - Should always work, I will know straight away Email: CON - Getting the data from an email to a user friendly screen, instead of clogging up my email box File Write - PRO - I can put the data into MySQL at any point, Should near enough always work File Write - CON - Other people could possibly see the the errors, which could give away directories or weaknesses in the web project. Does anyone have any suggestions? Hey, i have a small problem with the logout part of my account system. When i click the logout link, it directs me to the index page with an error (custom error stuff i made). Heres my logout code <?php echo 'Behandler ...<br />'; if(isset($_SESSION['logged']) && isset($_SESSION['email']) && $_SESSION['logged'] == 1) { echo 'Logger ud, vent venligst...'; unset($_SESSION['logged']); unset($_SESSION['email']); header('location: index.php?p=success&ploca=login&pid=1'); exit(); } else { header('location: index.php?p=error&ploca=login&pid=5'); // This is where it jumps to directly. exit(); } ?> The weird thing is, that the sessions email and logged is set, as you can see here; //Printed with print_r($_SESSION); Array ( [psite] => index [logged] => 1 [email] => a@b.c ) Anyone sees my problem? Hi Guys. Really Stuck here. I am making a website, its basicall an online shop of sorts. I am making a login page for our customers and an admin page for us lot to upload new products to sql etc. Whats its meant to do is accept the username and pw then allow me to access the adminpage. Although its just saying that user doesnt exist all the time. I dont know why becuase the details are correct. admin_login page is the code below. <?php session_start(); if(isset($_SESSION["manager"])){ header("location:index.php"); exit(); } ?> <?php if(isset($_POST["username"])&&isset($_POST["password"])){ $manager = preg_replace('#[A-Za-z0-9]#i','',$_POST["username"]); $password = preg_replace('#[^A-Za-z0-9]#i','',$_POST["password"]); include"../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); $existCount = mysql_num_rows($sql); if($existCount == 1){ while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["manager"] = $manager; $_SESSION["password"] = $password; header("location: index.php"); exit(); }else{ echo 'That Information Is Incorrect. Try again <a href="index.php">Click Here</a>'; exit(); } } ?> and now the index.php which is what the admin see when they log in successfully. <?php session_start(); if(isset($_SESSION["manager"])){ header("location: admin_login.php"); exit(); } //Be Sure To Check That This Manager Session Value Is Infact In The DataBase $managerID = preg_replace('#[^0-9#i','',$_SESSION["id"]); $manager = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["manager"]); $password = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["password"]); include "../strorescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); $existCount = mysql_num_rows($sql); if($existCount == 0){ header("location:../index.php"); exit(); } ?> Hi guys, have a little problem here, when you login first it seems to work fine, and redirects back to index.php showing your username etc, but then when I click on another page which checks if session is set, it asks me to login again, so I do that, get redirected back to index.php again and click on the same page and then it works.. but almost every time it asks me to login twice.. and not sure why? Logging in / creating the session : Code: [Select] <?php // Login session_start(); $_SESSION['username'] = htmlspecialchars($username); // htmlspecialchars() sanitises XSS header( 'Location: index.php' ) ; ?> then on index.php: Code: [Select] <?php include 'connect.php'; session_start(); $username = $_SESSION['username']; ?> And on another page: Code: [Select] <?php include 'connect.php'; include_once "markdown.php"; session_start(); if(!isset($_SESSION['username'])) { //code } ?> I am looking for some help or direction or maybe someone can point me to a tutorial some where. I am looking at adding a program to my website but it requires the user to also be logged in to use it. I would like to know how I can set it up so my users only have to log into my website once and it will automatically log them into this program using the same log in credentials. I am sure this is common and simple but I am a newbie programmer. Thank You for any advice. |