|
PHP - Users Have To Login Twice To Get To Restricted Page
Hi,
I have a restricted area for my work's company. This is an area where registered users with their own user name and password can access to download technical documents etc. I am hearing some reports that users will have to login twice to get to the area - This happens in Chrome, IE 7/8 and some Firefox's. It has only happened to me once or twice. Does anyone know why this may be? Here is the HTML code from the login form on the index page: Code: [Select] <form name="login_form" method="post" action="log.php?action=login"> <p>Login:<br /> <input type="text" name="user" /> </p> <p>Password: <br /><input type="password" name="pwd" /> </p> <p class="submit"> <input type="submit" value="Submit" name="submit" class="submit" /> </p> </form> Here is the log.php File: (personal connection details edited) Code: [Select] <?php $hostname = "IP:3306"; $username = "user"; $password = "password"; $database = "db_name"; $link = MYSQL_CONNECT($hostname,$username,$password); mysql_select_db($database); ?> <?php session_name("MyWebsiteLogin"); session_start(); if($_GET['action'] == "login") { $conn = mysql_connect("IP:3306","user","password"); $db = mysql_select_db("db_name"); //Your database name goes in this field. $name = $_POST['user']; $ip=$_SERVER['REMOTE_ADDR']; $country = file_get_contents('http://api.hostip.info/country.php?ip='.$ip); $q_user = mysql_query("SELECT * FROM customer WHERE username='$name'"); ?> <?php $insert_query = ("INSERT INTO login(username, ip, country) VALUES ('$name','$ip','$country');"); mysql_query($insert_query) or die('Error, insert query failed'); ?> <?php if(mysql_num_rows($q_user) == 1) { $query = mysql_query("SELECT * FROM customer WHERE username='$name'"); $data = mysql_fetch_array($query); if($_POST['pwd'] == $data['password']) { session_register("name"); header("Location: http://#/download/index.php?un=$name"); // This is the page that you want to open if the user successfully logs in to your website. exit; } else { header("Location: login.php?login=failed&cause=".urlencode('Wrong Password')); exit; } } else { header("Location: login.php?login=failed&cause=".urlencode('Invalid User')); exit; } } ?> Any help or ideas would be greatly appreciated. Similar TutorialsMy login script wont take my users to the restricted page and im not quite sure why it must be the header because it echos"wrong username or password" when i put in the wrong username or password here is my code: if($count==1 & $row['flight']=="vulcan"){ session_start(vmyusername); session_start(vmypassword); header("location:/vulcan/index.php"); }else if($count==1 & $row['flight']=="valiant"){ session_start(myusernamev); session_start(mypasswordv); header("location:valiant/index.php"); }else { echo "Wrong Username or Password"; } } ?> Any help would be much appriciated Thanks, Blink359 I am trying to make a login and direct for my clients. I have all the login stuff working but can't figure out how to redirect specific clients to their pages only. Any help anyone can offer would be great. Code: [Select] <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Hi! I have read like crazy to find a tutorial on a login page without My_SQL. Anyway I am working on a easy login/logged out page with sessions. Here is the login page with tree users in an array.
The things that I need some hints to solve is, when clicking on login the error message don't show. Instead the script goes to the logged in page right away. And when you write the wrong password you get loged in anyway.
I am not sure how or if it's possible to write a varible to a file this way. But I tried and recived a parse error with the txt varible.
When searching for topics I get more confused with the My_SQL varibles. I am near a breaking point at cracking the first step on PHP, but need some advice.
<?php
$page_title = 'Logged in'; //Dynamic title
include('C:/wamp/www/PHP/includes/header.html');
?>
<?php
session_start();
//A array for the sites users with passwords
$users = array(
'Dexter'=>'meow1',
'Garfield'=>'meow2',
'Miro'=>'meow3'
);
//A handle to save the varible users to file on a new line from the last entry
$handle = fopen("newusers.txt, \n\r")
$txt = $users;
fclose($handle);
if(isset($_GET['logout'])) {
$_SESSION['username'] = '';
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(isset($_POST['username'])) {
if($users[$_POST['username']] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
}else {
echo "Something went wrong, Please try again";
}
}
?>
<?php
echo "<h3>Login</h3>";
echo "<br />";
?>
<!--A legend form to login-->
<fieldset><legend>Fill in your username and password</legend>
<form name="login" action="777log.php" method="post">
Username: <br />
<input type="text" name="username" value="" /><br />
Password: <br />
<input type="password" name="password" value="" /><br />
<br />
<input type="submit" name="submit" value="Login" />
</fieldset>
</form>
<?php //Footer include file
include('C:/wamp/www/PHP/includes/footer.html');
?>
The logged in page
<?php //Header
$page_title = 'Reading a file';
include('C:/wamp/www/PHP/includes/header.html');
?>
<?php
session_start();
//Use an array forthe sites users
$users = array(
'Dexter'=>'meow1',
'Garfield'=>'meow2',
'Miro'=>'meow3'
);
//
if(isset($_GET['logout'])) {
$_SESSION['username'] = '';
echo "You are now loged out";
//The user is loged out and returned to the login page
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(isset($_POST['username'])) {
//Something goes wrong here when login without any boxes filled
if($users[$_POST['username']] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
}else {
echo "Something went wrong, Please try again";
$redirect = "Location: 777.php";
}
}
?>
<?php if($_SESSION['username']): ?>
<p><h2>Welcome <?=$_SESSION['username']?></h2></p>
<p align="right"><a href="777.php">Logga ut</a></p><?php endif; ?>
<p>Today Ben&Jerrys Chunky Monkey is my favorite!</p>
<?php //Footer
include('C:/wamp/www/PHP/includes/footer.html');
?>
Hi guys I am new to PHP and need som help. I have set up a site that allows a user to log in through a simple form where the data is then send to checklogin.php. Here the data is checked up against my sql database and if the login is correct the user is transfered to the "secret" members only site. All this works fine. My question is then, how do I get the members site to greet the member with "Hello 'username'"; of course where the username changes depending on the login. This is the part where the username and password is checked: <?php $host="mydbb10.surftown.dk"; // Host name $username="****"; // Mysql username $password="****"; // Mysql password $db_name="****"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "korrekt.php" session_register("myusername"); session_register("mypassword"); echo "Tak fordi du loggede ind<br>Redirecter..."; header("location: ../forhandlerservice.php"); } else { echo "Forkert brugernavn eller password"; header("location: ../loginfejl.html"); } ?> and this is the first line of code on the members site: <? session_start(); if(!session_is_registered(myusername)){ header("location:login.html"); } ?> Sorry if I provided to much code, just want to make sure that I don't forget anything. Any help is appreciated. Thank you hi... I have a site that allows user to download some files. at present if i type http://www.abc.com/files/xyz.zip it allows all the users to access and download files. I want only the login users can access these files....... pls help how to do this. thanks in advance I have dynamic images that have the "Like" button, it's basically like a wishlist. The way I want it to work is that when a user is not logged in, the 'Like' button will navigate them to a login popup (which I already made). hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? So, I'm designing a website (who isn't?) and I created the basic framework for a users page from a tutorial I found. Using some previous knowledge I managed to make it display a few custom fields that are defined by the user. Everything works fine as is, but now I want to do a few things to it that I have not the slightest clue how to even begin... Here is my user page code so far... and oh yes I'm using WordPress which is why I made it check manually for page status in my Page.php file. <?php if ( is_page('Users')) { echo "<ul id=\"UsersList\">"; /* First we set how we'll want to sort the user list. You could sort them by: ------------------------ * ID - User ID number. * user_login - User Login name. * user_nicename - User Nice name ( nice version of login name ). * user_email - User Email Address. * user_url - User Website URL. * user_registered - User Registration date. */ $szSort = "user_nicename"; /* Now we build the custom query to get the ID of the users. */ $aUsersID = $wpdb->get_col( $wpdb->prepare("SELECT $wpdb->users.ID FROM $wpdb->users ORDER BY %s ASC", $szSort )); /* Once we have the IDs we loop through them with a Foreach statement. */ foreach ( $aUsersID as $iUserID ) : /* We use get_userdata() function with each ID. */ $user = get_userdata( $iUserID ); /* Here we finally print the details wanted. Check the description of the database tables linked above to see all the fields you can retrieve. To echo a property simply call it with $user->name_of_the_column. */ if($user->user_login != "Unknown") // don't show the placeholder for [unknown] author { echo '<a href="">' . get_avatar( $iUserID, $size = '45', $border='0') . '</a>'; echo '<li>' . ucwords( strtolower( $user->user_login ) ) . '</li>'; if($user->favorite_player != "") { echo '<li>' . $user->favorite_player . '</li>'; } if($user->player_name != "") { echo '<li>' . $user->player_name . '</li>'; } } /* The strtolower and ucwords part is to be sure the full names will all be capitalized. */ endforeach; // end the users loop. echo "</ul>"; }; ?> Problem one: This does NOT sort my name, despite the tutorial's insistence that it will. I have not even a guess as to why this is. Problem two: I would like to either sort this list into two columns or paginate it or both but I am not sure how to do either. Problem three: I want to insert some static text between the echo '<li>' and the . $user->player_name . '</li>'; so that it reads: o Player Name: USER'S VARIABLE ' PLAYER NAME' HERE Yes that 'o' is supposed to be the list item dot. I know how strings work, I just can't get my attempts to work out syntax-wise. Any help would be greatly appreciated! Tutorials, answers, suggestions, examples, anything. The extent of my previous coding knowledge is several years of UnrealScript, so you can see why this simple thing is baffling me. Frankly I'm surprised this much of it works. i have a mysql db, i have a form that i use to post data to db. i would like to have visitors to my site be able to post to db as well, but they would have to be registered and have their own profile. when logged in they could see and edit their own space and content that they posted to mysql. how would i go about creating something like this? can someone point me in the right direction ? thank you. Afternoon All. I wish to re-direct users to a 404 error page on my site if an article does not exist in my database. Here's my code: $SQL = "SELECT headline FROM news WHERE news_id=".mysql_real_escape_string($_GET['news_id']); $result = mysql_query($SQL) OR die(mysql_error()); $num = mysql_num_rows($result); //** Check that the entry exists otherwise send to error page if ($num > 0) { $row = mysql_fetch_array($result); $headline = $row['headline']; } else { echo "Why is this printed? - I should be leaving this page?"; header("Location: error.php"); exit; } Now the wierd thing is that when I enter a news_id for a value that does not exist it prints the message Why is this printed? - I should be leaving this page? so it's actually going to the ELSE statement which is good, but surely it should not do this as I ask the page to re-direct? Thank you I have a login script that pulls from a DB and in that i have a column called "Allowed" that either has a 0 for not allowed or a 1 for allowed. How would I implement that into a login script to either allow the login or die? Hi, I'm very new to php/mysql, but for a project I'm working on I need to create users that are admins, and normal users. The admins would be able to post news stories, and delete user accounts. Whereas the users would just be able to comment on the news stories. I'm just wondering how I would create a normal 'register' page for both, which has the same fields, but somehow creates some people as admins, and others as normal users... with the ability to limit who can become an admin, so not everyone can register as one. I'm not sure how I would achieve this, or even know how to do it. Does anyone know any tutorials or code on how to achieve this? Your help is greatly appreciated, Thanks. MySQL Version: 5.5.20 (<-- This is my WAMPServer version to test my program, my hosting has 5.1 though) PHP Version: 5.3.10 (My Hosting says its PHP 5 but not sure what version, i know its not the newest) What im trying to do is have my site have a page like "www.mysite.com/data.php?user=Nicholas&country=USA" Thing is, i dont know what to add in my data.php source code to make it work like that. What im trying to achieve is for my users to sign up for my page but I DO NOT want to add my MySQL user and pass in the page where it can be cracked and hacked. When the user goes to the page, a script will automatically put the user and country and then the page will automatically add the user and his country to the MySQL table on my database. Im also making a program that will work like this and that will have a higher chances of being hacked if i add my MySQL info into the program in order to add data. Can someone please provide me of a sample source i can try? I will not only be adding user and country but i want to test this out. Thanks! hi i was wondering how i would make a website that allowed a user to login and edit there website ... like im a hoster and they can have a webpage on my server... how would i do this? allow them to create a database , and use all types of code? please help me this is important , if i didnt explain good enough please tell me I have a Yahtzee system Code: [Select] session_start(); $_SESSION['Yahtzee']['totaltime'] =time(); echo $_SESSION['Yahtzee']['totaltime']; Now, Long STORY Short when somone finishes playing the Yahtzee, I update there username with the score they had, and I want to update how long they have been playing, and it will be for "Total Time Playing globally" no matter how many games. If I do this session and echo it out, it echo's out the time, but I need it to echo out seconds instead so I can just add that to my totaltime field in my database each time they finished a game. Hey guys, What im trying to do is get the users screen resolution and place it into a database so that i can call it up and place it onto a stats page. So far i get the idea that you have to use Javascript to get the resolution then use PHP to pull that information. What i want to do is pull the screen resolutions and place them into a database so that i can call upon them to place into a stats page So far i have the following getting certain bits of information and banging them into the database using the stats.inc.php then calling them up and placing them onto stats.php. the stats.inc.php is included on every page of my site so it can track where a users has been etc etc. Im assuming i can insert something into my headerLoggedin.inc.php file that will pull the users resolution then use some PHP in the stats.inc.php script to pull that information and then insert it into my database which i can then easily pull from and place into the stats.php page. I know this seems like a bit of a silly thing to be doing, its for a college assignment and im pretty stumped. Any help is appreciated thanks guys. headerLoggedin.php Code: [Select] <?php include('includes/security.inc.php'); ?> <?php include('includes/stats.inc.php');?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Language" content="en-us" /> <link rel="stylesheet" href="css/index.css" type="text/css"/> <title>############</title> </head> <body> <!-- Start of wrapper div--> <div id="wrapper"> <!-- Start of header div--> <div id="header"> <div id="logo"><img src="./images/logo.png" width="412" height="32" alt="Elite Recruitment Services" /></div> <div id="navigation"> <ul class="nav"> <li><a href="news.php">News Page</a></li> <li><a href="edit.php">Edit text file</a></li> <li><a href="upload.php">Upload text file</a></li> <li><a href="stats.php">Stats</a></li> <li><a href="logout.php">Logout</a></li> </ul> </div> </div> <!--End of header div--> <!--Start of loginContainer div--> <div id="formsContainer"> stats.inc.php Code: [Select] <?php $db_host = "localhost"; // Databases host name $db_username ="#######"; // Database Username $db_password ="#######"; // Database Password $db_name ="dannymit_stats"; // Databases name $db_table="statTracker"; // Database table where the logins are stored mysql_connect("$db_host", "$db_username", "$db_password"); // Connects to the database using the preset host, username and password mysql_select_db("$db_name"); // Selects the database. //collect information... $browser = $_SERVER['HTTP_USER_AGENT']; // get the browser name $curr_page = $_SERVER['PHP_SELF'];// get page name $ip = $_SERVER['REMOTE_ADDR']; // get the IP address $from_page = $_SERVER['HTTP_REFERER'];// page from which visitor came $page = $_SERVER['PHP_SELF'];//get current page $width = $_GET['width']; //Gets users screen width $height = $_GET[['height']; //Gets users screen height //Insert the data in the table... $query_insert = "INSERT INTO statTracker (browser,ip,thedate_visited,page,from_page) VALUES ('$browser','$ip',now(),'$page','$from_page')" ; $result=mysql_query ( $query_insert); if(!$result){ die(mysql_error()); } ?> stats.php Code: [Select] <?php // Header include include('includes/headerLoggedin.inc.php'); include('includes/stats.inc.php'); ?> <br/><br/> <?php $db_host = "localhost"; // Databases host name $db_username ="######"; // Database Username $db_password ="######"; // Database Password $db_name ="dannymit_stats"; // Databases name $db_table="statTracker"; // Database table where the logins are stored mysql_connect("$db_host", "$db_username", "$db_password"); // Connects to the database using the preset host, username and password mysql_select_db("$db_name"); // Selects the database. $sqlquery = "SELECT * FROM `$db_table`"; $result = mysql_query($sqlquery); $num = mysql_num_rows($result); mysql_close(); while ($row = mysql_fetch_array($result, MYSQL_NUM)) { printf ("Browser:<br/> %s<br/> IP Address:<br/> %s<br/> Date Visited:<br/> %s<br/> Page Visited:<br/> %s<br/> Paged Visited From:<br/> %s<br/>", $row[1], $row[2], $row[3], $row[4], $row[5]); echo "<br />"; } ?> <?php include('includes/footer.inc.php');?> Hello all...fairly new to this php/mysql thing... working on my final project thats due in about 24 hours... and i hit a rut... im making a pretty basic, online classifieds site. users can sign up, login, post new listings and view others listings by clicking on different categories. the problem i am having right now is this...When the user clicks on "My listings" i need it to pull only the listings that were created by that users user_id, which is the primary key in my user_info table...my professor suggested storing it in hidden field through the login submit button...very confused and frustrated... any help is much appreciated... Hi there, I have updated a webpage and it appears that some users are still seeing the older version of the page. Is there a way I can force the user's version of the page to display the latest content on the page? I have see I can add some meta tags which control the cache, but my site relies quite heavily on cookies, so I guess clearing the cache would reset/have an effect on the cookies? Does anyone have any ideas on how I can make users always see the latest content? Thanks! Hi all, I am trying to download a .zip file that is in a protected folder on an external server. If I put the URL directly to the .zip in the address bar and hit go, I am presented a basic http authentication popup for username and password (which I obv have). Could someone point me in the right direction on this one? I have tested and can download .zip files that are not protected with no problem, I guess I just need to figure out how to authenticate, then save the file in one process. Thanks for any and all help, Matt |
|||||||