PHP - User Only Links?

Hi,

I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them.

The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP.

The code for the script is here :

Code: [Select]
<?php

$mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase');


if (!$mysql) {
  die(mysql_error());
  $content = "<nobr></nobr>";
} else {
  
  $result = mysql_query('SELECT * FROM tblEventGroup'); 
  $content = "<nobr>";
  
  if ($result) {     
      while($row = mysql_fetch_assoc($result)) {
       $content .= "<span>";
       $content .= $row['GroupName'];
       $content .= "</span>";
       $content .= "<a href=\"../Event/EventSearch?groupid=";
       $content .= $row['GroupId'];
       $content .= "\" target=\"_blank\">Book here</a> ";
      }
  }
  
  mysql_close($mysql);
  $content .= "</nobr>";

}

?>
I cannot for the life of me understand what the problem is, the return error is

Access denied for user 'myuser'@'localhost' (using password: YES)

Hi guys,

I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else.

I have got the system to work up as far as:

1/ The user logs in
2/ Once logged in they are re-directed to their own page using 'theirusername.php'

Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page.

This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working!

Please find below the code I am using:


LOGIN

<?php
session_start();


function dbconnect()
{
    $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error());

}
?>

<?php
if(isset($_SESSION['loggedin']))
{
    header("Location:" . strtolower($username) . ".php");
if(isset($_POST['submit']))
{
   $username = mysql_real_escape_string($_POST['username']);
   $password = mysql_real_escape_string($_POST['password']);
   $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'");
   if(mysql_num_rows($mysql) < 1)
   {
     die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again");
   }   $_SESSION['loggedin'] = "YES";
   $_SESSION['username'] = $username;
 $_SESSION['name']
   header("Location:" . strtolower($username) . ".php");
}
?> 

HEADER ON EACH PHP PAGE

<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
    die(Access to this page is restricted without a valid username and password);
?>

---------------------------------------------------

Am I right in thinking it is something to do with the "loggedin" part?

The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php"

Any help would be greatly appreciated! 

Ta

Hallo everybody, i have the following code. but i get allways this error while the user exist in the database. User not found! what do i do wrong?   thank you very much for your help Rafal

<html>
<head>
<?php
$connection = mysql_connect("db.xyz.com", "username", "password")
or die ("connection fehler");
mysql_select_db("db0123456789")
or die ("database fehler");
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' ");
$chkuserare = mysql_num_rows($chkuser);
echo $email;
echo $pwd;
if ($chkuserare !=0)
{
$chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' ");
$pwddb = mysql_fetch_assoc($chkpwd);
if ($pwd != $pwddb["pwd"])
{
echo "password is wrong!";
}
else
{
echo "login successed";
}
}
else
{
echo "User not found!";
}
}
else
{
echo "Pleas enter your email and password!";
}
mysql_close($connection);
?>
</head>
<body>
<form action="login.php" method="post">
Email <input type="text" name="inp_email"><br>
Password <input type="text" name="inp_pwd"><br>
<input type="submit" name="submit" value="login">
</form>
</body>
</html>

Edited by rafal, 21 September 2014 - 04:33 PM.

Hello, i've got some shop script which has 2 payment modules which i'd like to use for something else, the payment modules only work if the user is logged in though, i tried to make them standalone scripts but that didn't work out too well.

So now i decided to go another way and just let everyone have the same session so everyone will be using the same username&password automatically.

the index file looks like this:
Code: [Select]
<?php
include('./inc/config.php');
include('./inc/functions.php');
include('./lang/'.$language.'.lng');
$id = addslashes($_REQUEST["id"]);
$user = addslashes($_REQUEST["username"]);
$pass = addslashes($_REQUEST["password"]);
$language = strtolower($language);
if(empty($id)) $id =1;
$file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"');
if(mysql_num_rows($file)>0)
$file = mysql_fetch_array($file);
else
$file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"'));

if(!empty($user) AND !empty($pass))
{$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"');
if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';}
else $error = 'Username oder Passwort ist falsch.';}

include('./designe/'.$designe.'/head.tpl');
include('./designe/'.$designe.'/navi.php');
include('./designe/'.$designe.'/middle.tpl');

if(file_exists('./pages/'.$file["file"]))
{echo'<h1>'.ucfirst($file["title"]).'</h1>';
include('./pages/'.$file["file"]);}
if(!empty($error)) echo '<font color="red">'.$error.'</font>'; 

include('./designe/'.$designe.'/foot.tpl');
?>

Now i tried alot of things including adding:
Code: [Select]
session_start();
$_SESSION["username"] = "peter";
$_SESSION["user"] = "peter";
$_SESSION["id"] = "1";
$_SESSION["pass"] = "peter";
$_SESSION["password"] = "peter";
or
Code: [Select]
$id = "1";
$user = "peter";
$username = "peter";
$pass = "peter";
$password = "peter";
also a combination of both, nothing works, but i don't understand why ? Any help is appreciated.

/Edit, i tried adding it to the paymentmodule .php aswell, but no luck.

Hallo everybody, the user is in the table, but i get error (user not found!).   thank you very much for your help Rafal

<!DOCTYPE html>
<html>
<head>
<title>index</title>
<meta http-EQUIV="CONTENT-LANGUAGE" content="en">
<?php
SESSION_START();
include("abc.php");
$link2 = mysqli_connect("$hoster", "$nameuser", "$password", "$basedata")
or die ("connection error" . mysqli_error($link2));
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysqli_query("SELECT email FROM $table2 WHERE email = '$email' ");
$chkuserare = mysqli_num_rows($chkuser);
if ($chkuserare !=0)
{
$chkpwd = mysqli_query("SELECT pwd FROM $table2 WHERE email = '$email'");
$pwddb = mysqli_fetch_assoc($chkpwd);
if (md5($pwd) != $pwddb["pwd"])
{
echo "Password is wrong!";
}
else
{
$_SESSION['username'] = $email;
header ('Location:list.php');
}
}
else
{
echo "user not found!";
}
}
else
{
echo "enter your Email and Password!";
}
mysqli_close($link2);
?>
</head>
<body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver">
<font color="black">
<br>
<form action="index.php" method="post">
<b>Login</b><br><br>
<table width="100%">
<tr><td>
Email:<br><input type="text" name="inp_email" style="width:98%; padding: 4px;"><br>
Password:<br><input type="password" name="inp_pwd" style="width:98%; padding: 4px;"><br>
<br>
<input type="submit" name="submit" value="Login" style="width:100%; padding: 4px;">
</td></tr>
</table>
</form>
</font>
</body>
</html>

So I have been working on my website for a while which all is php&mysql based, now working on the social networking part building in similar functions like Facebook has. I encountered a difficulty with getting information back from a link. I've checked several sources how it is possible, with title 'Facebook Like URL data Extract Using jQuery PHP and Ajax' was the most popular answer, I get the scripts but all of these scripts work with html links only. My site all with php extensions and copy&paste my site links into these demos do not return anything . I checked the code and all of them using file_get_contents(), parsing through the html file so if i pass 'filename.php' it returns nothing supposing that php has not processed yet and the function gets the content of the php script with no data of course. So my question is that how it is possible to extract data from a link with php extension (on Facebook it works) or how to get php file executed for file_get_contents() to get back the html? here is the link with code&demo iamusing: http://www.sanwebe.c...-php-and-jquery thanks in advance.

hello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance

Hi... I am really new to this. Please help me with this...  as part of a gallery, I have categories and a thumbnail. As of now the title/link to the gallery shows up on the side of the thumbnail. How can I place the link below the thumbnail?

Here is the code    Code: [Select]
$result_array[] = "<a href='viewgallery.php?cid=".$row[0]."'>".$row[1]."<img src='/photos/categoryimages/category".$row[0].".jpg' border=0 height='133px' width='200px' </a>";
Thank you for your help... 

ok so im trying to make a news website and i want to be able to include links inside me headline like most news website they talk about the stuff and include some links along the way how would i manage to do that. I would put all my story in the Release textarea

Code: [Select]
<form class="createheadline" action="createrelease.php" method="post" enctype="multipart/form-data">
<table>
<tr>
<td></td>
<td><?php echo $msg;?></td>
</tr>
<tr>
<td>Author:</td>
<td><input type="text" name="author" size="30"/></td>
</tr>
<tr>
<td>Date:</td>
<td><input type="text" name="date" /></td>
</tr>
<tr>
<td>Title:</td>
<td><input type="text" name="title" size="30"/></td>
</tr>
<tr>
<td>Main Picture</td>
<td><input type="file" name="picture" /></td>
</tr>
<tr>
<td>Release:</td>
<td><textarea name="release" cols="75" rows="27"></textarea></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submitbtn" /></td>
</tr>
</table>
</form>

I am trying to create a link with an ID from one of my MySQL records.

$data = mysql_query("SELECT * FROM USERS");
$info = mysql_fetch_array($data);
echo "<a href=a.php?'$info['id']'>hello</a>";

is what I am attempting, but this does not work. Any  ideas?

hello, is it possible to get the logged in user id when using windows authentication? 

Hey guys im making a script which allows a user to log in.
Then view some data from an SQL file, then click to a log out page and log out...
However i cant seem to destroy the session.
Any help?

Heres logout.php
<?php
$_SESSION['adminlogin'];
session_start();
$_SESSION = array();
session_destroy();
?>
<!DOCTYPE HTML>
<html lang="en-GB">
<head>
            <meta charset="utf-8">
            <!--Search Engine Meta Tags--> 
            <meta name="author" content="Worldwide Lighthouses">
            <meta name="keywords" content="Lighthouses,Lightships,Trinity House,Fog Signals,Fog Horns,Fresnel">
            <meta name="description" content="Worldwide Lighthouses is the number 1 source of information, pictures and videos on the Subject of Lighthouses and Lightships">
            <!--Stylesheets/Javascript-->
            <link rel="stylesheet" href="../../Page-Layout.css" media="screen and (min-width: 481px)">
            <link rel="stylesheet" href="../../Mobile-Page-Layout.css" media="only screen and (max-width:480px)">
            <!--Mobile Browser Support-->
            <meta name="viewport" content="width=320; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;">
            <!--IE Support-->
            <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script> <link rel="stylesheet" href="../Page-Layout.css"><![endif]-->
<meta name="application-name" content="Worldwide Lighthouses"> 
<meta name="msapplication-starturl" content="http://worldwidelighthouses.com/"> 
         <meta name="msapplication-tooltip" content="Worldwide Lighthouses: Your number one source of Lighthouse Information, Videos and Pictures"> 
         <meta name="msapplication-task" content="name=Lighthouses;action-uri=http://worldwidelighthouses.com/Lighthouses.php;icon-uri=http://worldwidelighthouses.com/IE9/Lighthouses.ico"> 
         <meta name="msapplication-task" content="name=Lightships;action-uri=http://worldwidelighthouses.com/Lightships.php;icon-uri=http://worldwidelighthouses.com/IE9/Lightships.ico"> 
<meta name="msapplication-task" content="name=Fog Signals;action-uri=http://worldwidelighthouses.com/Fog-Signals.php;icon-uri=http://worldwidelighthouses.com/IE9/Fog-Signals.ico"> 
        <meta name="msapplication-task" content="name=Glossary;action-uri=http://worldwidelighthouses.com/Glossary.php;icon-uri=http://worldwidelighthouses.com/IE9/Glossary.ico">
             <title>Mailing List Administration | Worldwide Lighthouses</title> 
            </head>
<body>
  <header>
  <h1 id="WWLH">Worldwide Lighthouses</h1>
<form method="get" action="http://www.worldwidelighthouses.com/Search/search.php" id="Search-Box">
<input type="search" placeholder="Search Worldwide Lighthouses" name="query" id="query" size="30" value="" autocomplete="off">
<input type="submit" value="Search">
            <input type="hidden" name="search" value="1"> 
   </form>
</header>  <nav>
   <ul id="Nav">
  <li class="MenuButton" id="Index"><a href="../Index.php"><p class="Nav">Home</p></a></li>
        <li class="MenuButton" id="Lighthouses"><a href="../Lighthouses.php"><p class="Nav">Lighthouses</p></a></li>
        <li class="MenuButton" id="Lightships"><a href="../Lightships.php"><p class="Nav">Lightships</p></a></li>
        <li class="MenuButton" id="FogSignals"><a href="../Fog-Signals.php"><p class="Nav">Fog Signals</p></a></li>
            <li class="MenuButton" id="Daymarks"><a href="../Daymarks.php"><p class="Nav">Daymarks</p></a></li>
            <li class="MenuButton" id="Buoys"><a href="../Buoys.php"><p class="Nav">Buoys</p></a></li>
        <li id="MenuButtonLast"><a href="../Glossary.php"><p class="Nav">Glossary</p></a></li>
</ul>
</nav>
<article>
<?php
echo '<h1 class="Title">Successfully Logged Out</h1>';
?>
</article>
    <footer>
    <ul>
     <li><a href="../About.php">About</a></li>
        <li><a href="../Contact-us.php">Contact</a></li>
        <li><a href="../Use-Our-Media.php">Use our media</a></li>
        <li><a href="../Search/search.php">Search</a></li>
        <li><a href="../Social-Networking.php">Social</a></li>
        <li><a href="#Top">Back to top</a></li>
    </ul>
    <br>
    <br>
     &#38;#169; Worldwide Lighthouses <?php echo date("Y"); ?>
</footer>
</body>

If you need any of the other files, ask and ill provide.
Thanks in advance.

Danny

Hi, I'm having some problems with this code. I have a password reset utility code which works and encrypts the password with md5 by using the password recovery page.
But in order for a user with a reset password to login I have to use this code in my page.
Code: [Select]
$username = addslashes($_POST['username']);
   $salt = 'random_stuff_15545';
       $password = md5($_POST['password'].$salt);
But when I have this code above the users that have NOT reset their passwords can NOT log in.

So for these users who have not reset their password i use this code[But with this code the users that reset their pass cannot log in]:
Code: [Select]
$username = addslashes($_POST['username']);
       $password = md5($_POST['password']);
How can I allow both types of users to log in? Cheers

I have a database which contains three users. But I can only access one of the user through PHP. When I try to enter other username I get a blank message. Anyone knows why??

Hi all,

Im sorry if this is in the wrong section.


But nonetheless, I use php to display my news:
I.e - news.php?id=1 that displays all the news on that id.



What I want to know is using php how can I get the URL from news.php?id=1 too something like /news/titleofthestory ?

Hope I've given enough detail.

Thanks!!