|
PHP - User Authentication Help By Using If Elseif And Else Statement And Redirect Page On 3 Differnet Urls
Below code is working fine but i need to redirect on 3 different pages and its giving me error. My table structure is as
User table
Email Password
admin@yahoo.com 123
tariq@yahoo.com 987
bilal@yahoo.com 456
if user name is like; admin@yahoo.com the page should redirect on welcome.php
if user name is like; info@aiousoft.com the page should redirect to welcome2.php
and if user doesnot exist in database then give error as ELSE "user doesnot exist"
thanks
signin.php
<html><head><title>Sign In</title></head><body>
<?php include 'header.php'; ?> <?php include 'menu.php'; ?> <center> <form method="post" action="checklogin.php"> <h3>Please Signin</h3> <table width="400" border="0"> <tr><td>Email</td> <td><input name="email" type="text" id="email"></td></tr> <tr><td>Password</td> <td><input name="password" type="password" id="password"></td></tr> </table> <p><label> <input type="submit" email="submit" value="Submit"> </label><input email="reset" type="reset"> </p> </form> </center> </body> </html> checklogin.php <html><head><title>Check Login</title></head><body> <?php include 'header.php'; include 'menu.php'; $email=$_POST['email']; $password=$_POST['password']; @ $db = mysql_pconnect('localhost', 'root', ''); if (!$db) { echo 'Error: Could not connect to database. Please try again later.'; exit;} mysql_select_db('car'); $q=mysql_query("select * from user where email='".$email."' and password='".$password."' ") or die(mysql_error()); $res=mysql_fetch_row($q); if($res) { header('location:welcome.php'); } else { echo' Please signin again as your user name and password is not valid'; } ?> </body> </html> Attached Files header.php 284bytes 0 downloads menu.php 308bytes 0 downloads Similar TutorialsHello everybody,
I am honestly quite a newb when it comes to mod_rewrite.
We run a small social media page with different areas and I would like to change the URLs to something more clean and professional.
User profiles look like this:
http://www.sky-mp3.com/index.php?action=cm&siteid=59&wahl=artists&tat=details&keyid=477siteid 59 is the artists list and the keyid at the end is the ID of the artist but should be like: http://www.sky-mp3.com/mischuraor in worse case like: http://www.sky-mp3.com/user/mischuraCMS pages look like this: http://www.sky-mp3.com/index.php?siteid=106but should be like: http://www.sky-mp3.com/charts(page name instead of siteid) What I know so far: - I have to add something to the .htaccess file - I need to change something in the code (but I don`t know where) Im good he? What would be the first step on the path to clean URLs for me? I found alot of infos here and there but found nothing yet for this specific case. Kind regards from and thx in advance from Cologne i'm having trouble with an elseif statement. its not displaying the result it should ?php if(isset($_COOKIE['ID_forum'])){ $username = $_COOKIE['ID_forum']; $query = "SELECT * FROM users WHERE username = '".$username."'"; $level = mysql_query($query) or die ("Select Error :" . mysql_error()); $userlevel = $level['user_level']; echo $userlevel; if ($userlevel == "1") { echo 'you are a member'; } elseif ($userlevel == "2") { echo 'you are a moderator'; } elseif ($userlevel == "3") { echo 'you are an administrator '; } else echo'you are not logged in'; } ?> it is echoing out 'you are not logged in', when it should be saying 'you are an administrator', as the value in the table is 3. i do know that the cookie 'ID_forum' is there, but i cant find why its not working properly. Any ideas would be great. Thanks I have this code which checks for the word "Big Ben" and if it's not there it outputs some html. I want t be able to make another statement to also check for the word "London Tower" and if it's not there then to check for the word "Canary Wharf", So far I've only managed one statement without the code breaking, how do I add the others in as well. <?php $astacker=get_post_meta($post->ID, 'thesite', true); if ( $astacker == [b]'Big Ben'[/b]) { ?> <?php include(TEMPLATEPATH."/feedsgrabstack.php");?> <?php }else { ?> <div id="splitter"><div class="clear"> <a href="<?php echo get_post_meta($post->ID, "linktosource", true);?>">Click Here To View Answers</a> <span style="float:right;"><a href="#related">See Related Questions</a></div></div> <?php } ?> Hi My PHP skills aren't that good but I know what I want to do as I have used other programming languages before. I run a WordPress website about a Church and its Cemetery. I have been researching the graves for the last 2 years and have added each grave to the website via a Custom Post Type with the buried occupants. In WordPress I have used a plugin called Advanced Custom Fields and have set each grave to allow at least 5 people buried there. So the following code below is used to check if the fields have any value which would represent each person in that grave and add it to the page. I don't know how to add it as a database table so this is the easiest way I could think of.
echo '<div id="section-grave">';
echo "<h3>Who's buried in this Grave?</h3>";
//echo '<p>Listed below, are the people buried in this grave.</p>';
if(get_field('is_burial_date_known')) {
// start For Loop
for ($x = 1; $x <= 5; $x += 1) {
$name_of_deceased = 'name_of_deceased_' . $x;
$burial_date = 'burial_date_' . $x;
$clergy_name = 'clergy_name_' . $x;
if(get_field($name_of_deceased)) {
echo '<p>' . $x . ') ' . get_field($name_of_deceased) . '</p>';
}
if(get_field($burial_date)) {
echo '<p>Burial Date: ' . get_field($burial_date) . '</p>';
}
if(get_field($clergy_name)) {
echo '<p>Buried By: ' . get_field($clergy_name) . '</p>';
echo '<hr>';
}
} // end For Loop
} else {
echo '<p>Nobody buried here.</p>';
}
echo '</div>';
I want to add a paragraph above which I have commented out to show how many people are buried in that grave. So if it was only one person then it should say 1 person as oppose to people. So I need a way of counting the names but I can't see a way how to do it. It will probably based on an IF...Elseif...Else statement and which ever condition is right it just displays the correct line or paragraph. I need a way of counting thetotal number of people per grave but outputting the total relies on the loop which is after the paragraph or line. I hope I have explained it properly so can anyone see how I can do it please? Colin Ok I have a new issue, and for the life of me, I cannot figure out where I went wrong, in my head it looks sound, but it does not seem to really work. I get no errors, but it does not work. if ($_REQUEST['postal'] != "" && $_REQUEST['lbs'] == "" && $_REQUEST['length'] != "" && $_REQUEST['width'] != "" && $_REQUEST['height'] != '') { } elseif ($_REQUEST['postal'] == "" && $_REQUEST['lbs'] != "" && $_REQUEST['length'] != "" && $_REQUEST['width'] != "" && $_REQUEST['height'] != '') { // THis is the problem right here.... // } elseif ($_REQUEST['postal'] == "" && $_REQUEST['lbs'] == "" && ($_REQUEST['length'] == "" || $_REQUEST['width'] == "" || $_REQUEST['height'] != '')) { } elseif ($_REQUEST['postal'] != "" && $_REQUEST['lbs'] != "" && $_REQUEST['length'] != "" && $_REQUEST['width'] != "" && $_REQUEST['height'] != "") { } else { } The Second elseif is the issue. If I enter the postal and weight, it should go to that if else and execute its code, because I left all the length, height and width blank. But in stead it goes to the last else. What I am looking to do is that if any of the length, width, or height is not entered, then it comes back with an error... But it does not seem to pick up on it. ANy help would be appreciated. [EDIT] I swear I looked at it 50 times and didn't see it... I go and make my post, re-read it and realize my operators were all wrong... [makes action of smaking slef in head] [/EDIT] I need some help with a form being successfully submitted redirecting to a secure page. I already have the form code working and just need the part to redirect within an else statement. Also need to redirect a user back to the form page if they try and visit the secure page without being a member. thanks in advance. I'm new to this forum, and PHP in general. So, hello to everyone! I'm having a problem verifying whether or not my authentication script works. I'm not new to programming...just PHP. Here it is.. <?php //check if user is already logged in if(isset($_session['username'])) { //init database information $db_server = ""; $db_user = ""; $db_password = ""; $db_name = ""; //connect to the database $connection = mysql_connect($db_server, $db_user, $db_password); if(!$connection) { die('Failed to connect: ' . mysql_error()); } mysql_select_db($db_name, $connection); //verify login information $username = $_POST['username']; $password = $_POST['password']; $query = mysql_query("SELECT * FROM users WHERE username='$username'"); if($query) { $array = mysql_fetch_array($query); if($_POST['password'] = $array['password']) { $_session['username'] = $array['username']; $_session['email'] = $array['email']; $_session['user_level'] = $array['user_level']; $_session['ip'] = $array['ip']; $_session['date_registered'] = $array['date_registered']; echo $_session['username']; } else { echo 'Bad Login Information!'; } } else { die('Failed to login: ' . mysql_error()); } } ?> <form action="auth.php" method="post"> <input name="username" type="text" size="20" maxlength="16"> <input name="password" type="text" size="20" maxlength="20"> <input name="submit" type="submit" value="Submit"> </form> Okay, at the moment, when a user logs into my website a token is created. The token is made from a random code, their name and their email. This token is then stored next to their name in the DB. If the user chooses to be remembered, the token is stored as a cookie, otherwise it's stored as a session var. Every time a page is loaded, a comparison is made between the DB token and the session/cookie token to authenticate. HOWEVER, this does not work if the user decides to login from different locations/ip addresses. How would I go about allowing this? Could I created a table and then store the IP address and the token for that IP address? I have had a problem with people attacking my site and trying to gain access to users accounts so i beefed up security, however now users are complaining they keep getting logged out. Here are the variables i use to validate the users and i dont want to strip them down any more can anyone give me any ideas for changing them so its still secure but not so strict as to keep logging the users out? 1. Username & password is encrypted into a cookie and verified on every page they visit. 2. There ip address is recorded on login and is checked against there current ip, on every page they visit via MySql. 3. When the user logs in a unix time stamp (mySql) is generated an updated of every page they visit and if it has not been updated in the last 60 mins the user is logged out. 4.I also generate a random key which is stored in the DB and is passed on every page via GET. 5.If a user tries to login and fails an email is sent to them and if 3 unsuccessful attempts user is locked out for 30mins. I currently have a User Authentication Script, which when the user successfully logs in generates a cookie, which is there password encrypted using MD5 which is then verified on every page they visit against there password which works great. I am thinking of adding another level of security, when the user logs in there current ip address is recorded then on every page they visit as well as there password been verified there ip is compared against the ip they had when they logged in. I know that if the user changes there IP they will be logged out, that is fine but is there any other problems which I have not foreseen? is there any reason i should not do this? Thanks for the help Hello Everyone, I wanted to check in with this amazing community and see if anyone knows how to fully hide all URLs (phases) in a redirection sequence. Basically, I do not want anything in between a click and a land to be visible. Thanks, Josh This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=334044.0 Hey here is my code im trying to redirect the index.php to index.php?id=1 the way i have done it doesn't look really good is there a better way to do it please? im trying to redirect to id=1 because otherwise i wont be able to echo out anything... id 1 is default category so is there a way to tell it if $id is empty echo from id 1? <?php $id = $_GET['id']; if($id == ''){ echo "<meta http-equiv=Refresh content=0;url=index.php?id=1>"; } $result = mysql_query("SELECT * FROM pages WHERE id='$id' ",$connect); while($row = mysql_fetch_assoc($result)) { echo $row['anything1']; echo $row['anything2']; } ?> Hi, Why doesn't this work? Driving me nuts! Thanks. <?php if($_SERVER[PHP_SELF] == 'somepage.php') { Header("Location: http://www.thissite.com"); } else { Header("Location: http://www.anothersite.com"); } ?> The code NEVER redirects to the first URL (thissite.com). It ALWAYS redirects to the second URL (anothersite.com). What the heck am I doing wrong? I want to display some specific data from my database (just data from a given date). I first created a page where the user picks the date. After the date is defined it is passed to the next page where the data from that date is displayed. That page includes a form where users can edit the data. The form data is then passed to a third page for processing. All of this works fine. Now I want the user to be taken back to the previous page with the assigned date. On the processing page I am using this statement: Code: [Select] header("Location: /teetimes/adminteetimes.php?teetimedate=$dateID");and on the display page I'm using Code: [Select] $dateID = $_REQUEST[teetimedate];The display page is using a SELECT...WHERE Date='$dateID' statement and $dateID is defined in the processing page. Problem is: I'm redirected from the processing page back to the display page but the date isn't passed, so the correct data isn't being displayed. Can anyone help me pass a variable using a header?? Or show me where my logic is lacking?? Thanks! Hello all, I have been working with PHP for almost a year now, so somewhat still new to it all. OK, this may be an Apache issue, but this involves a php script I wrote that tries to execute on pages that do NOT call it (via the include command). So, here is a little info on how I have set things up. I use WAMP Server to test php and MySQL code for myself (for fun and for practice) and for clients and their web sites. I run WAMP Server off of my laptop, so I can code on the go and because it is on my laptop, I decided to create a PHP & MySQL user authentication setup to keep out unwanted visitors, but allow trusted friends and fellow developers to view my work on client web sites. Let's say the authentication script is called "auth.php" and for all of the pages I want private, I include that script at the top of those pages, if the visitor is not logged in, redirect them to the login page, otherwise, let them view the page (provided their permission level is adequate). Now, for the client web sites that I am working on, I do not call auth.php anywhere on those pages. Now, the problem I notice is that when I visited a client's web site that I am working on (on my WAMP Server), I reviewed my Apache error log and it gave me a PHP error stating the following: Code: [Select] Maximum execution time of 60 seconds exceeded in E:\\wamp\\www\\assets\\auth.php on line 3, referer: http://192.168.1.4/Web_Projects/NCCCLP/home.php Of course I am able to view the client web site pages without having to login, however, the auth.php script tries to run nonetheless. So my question is, does anyone know why this is happening and if and how I can stop it? This is not a serious (urgent) issue, but it does clog up my error logs and so forth and I prefer to have as few errors as possible. Plus, I would just like to know why and how it is running without being called. Any and all help is greatly appreciated and if I need to provide anymore details or be more specific, please let me know. Also, if an issue like this has already been solved and I missed that thread, please let me know and have my apologies. Thanks in advance. Hi guys,
The idea of this script is to check if the website is under maintenance, and if it is, direct the user to the maintenance page. If the user is signed in, and has privileges to bypass the maintenance page and continue to look at the website, then they won't be redirected, but I can't seem to get it to work? I've checked all the tables in database, I've been through the code multiple times. It's not displaying an error, it's just running through the code and then doing nothing?
(Maintenance has already been set to '1' in the database)
index.php
<?php
include "core.php";
?>
<?
$updatecounter = mysql_query("UPDATE webviews SET count = count+1 WHERE id = '1'");
if (!$updatecounter) {
die ("Can't update the counter : " . mysql_error());
}
?>
core.php
<?php
session_start();
include "config.php";
include "security.php";
$id = $_SESSION['userinfo']['id'];
if ($_SESSION['logged'] == true) {
$qry="SELECT * FROM fuserights WHERE userid='$id'";
$result=mysql_query($qry);
if($result) {
if(mysql_num_rows($result) == 1) {
$checks = mysql_fetch_assoc($result);
$access = $checks['bypassmaintenance'];
}
}
if($access == 1)
{
}else {
$result = mysql_query("SELECT * FROM maintenance") or die(mysql_error());
while($row = mysql_fetch_assoc($result)) {
if($row['check'] == 1) {
header('location:/maintenance/');
}
}
}
}
?>
config.php
<?php
$server = "***";
$username = "***";
$password = "***";
$db_name = "***";
$connect = mysql_connect($server, $username, $password) or die(mysql_error());
mysql_select_db($db_name, $connect) or die(mysql_error());
mysql_query("SET NAMES utf8");
?>
security.php
<?php
$array = array(
"union",
"sql",
"mysql",
"database",
"cookie",
"coockie",
"select",
"from",
"where",
"benchmark",
"concat",
"table",
"into",
"by",
"values",
"exec",
"shell",
"truncate",
"wget",
"/**/",
"1=1",
"xss"
);
foreach ($array as $d) {
$string = security($_SERVER['QUERY_STRING']);
if (strpos(strtolower($string), $d) != false) {
$ip = $_SERVER['REMOTE_ADDR'];
$loc = $_SERVER['PHP_SELF'];
$browseros = $_SERVER['HTTP_USER_AGENT'];
$oslanguage = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
$date = date("d.m.Y / H:i:s");
$file = security('' . $loc . '?' . $string . '');
$type = "SQL Injection";
$queryvalid = mysql_query("SELECT * FROM `hacker-attacks` WHERE file='$file' and type='SQL Injection' LIMIT 1");
$validator = mysql_num_rows($queryvalid);
if ($validator > "0") {
echo '<meta http-equiv="refresh" content="0;url=index.php" />';
exit();
} else {
$log = "INSERT INTO `hacker-attacks` (ip, date, file, type, browseros, oslanguage) VALUES ('$ip', '$date', '$file', '$type', '$browseros', '$oslanguage')";
$result = mysql_query($log);
echo '<meta http-equiv="refresh" content="0;url=index.php" />';
exit();
}
}
}
function security($input)
{
$input = mysql_real_escape_string($input);
$input = strip_tags($input);
$input = stripslashes($input);
return $input;
}
$guestip = $_SERVER['REMOTE_ADDR'];
$querybanned = mysql_query("SELECT * FROM `bans` WHERE ip='$guestip'");
$banned = mysql_num_rows($querybanned);
$row = mysql_fetch_array($querybanned);
$reason = $row['reason'];
if ($banned > "0") {
die("<center><font size='7' color='red'><b>You are banned</b></font><br>
Reason: $reason<br> <br /><img src='images/banned.png' /></center>");
}
?>
Any help would be appreciated!
Thanks.
Hello, I'm having trouble trying to redirect users after they've logged in. My site shows different types of adverts but some adv are restricted to registered users, on the home page they can see the the title of the adv but if they click on the title and are not logged in then they are taken to the log in page, Now my problem is how do i then re-direct them back to the adv they were trying to see? if i just redirect them to index.php that won't help because index shows few adv. I hope that makes sense. Any help much appreciated. Hi, I just want to put up a simple page that has an NDA to which someone can either "agree" or "disagree" and then automatically be forwarded to specific pages accordingly (google and yahoo are just there for testing). Problem is that I keep getting and "Undefined Index" for both "agree" and "disagree". What am I doing wrong? Here is my code: Code: [Select] <form id="nda" name="nda" method="post" action=""> <input type="submit" name="agree" value="I agree" /> <input type="submit" name="disagree" value="I disagree" /> </form> <?php if($_POST['agree']){ header("Location: http://www.google.com"); } else if ($_POST['disagree']){ header("Location: http://www.yahoo.com"); } ?> Thanks! |
|||||||