|
PHP - Access Denied Page
I want to make it so public users cant access the index of/ page, how do I do that?
Thanks Similar TutorialsIm developing a registration script and using godaddy as my host. Im getting "Access denied for user 'headstyle1'@'%' to database 'users'" when running the registration script. Is there some kind of permission I have to set? I have just set up MAMP on my new MacBook Pro and I am having trouble getting my MySQL connection working. When I use the following code: Code: [Select] $mysqli = new mysqli('localhost', 'application', 'application', 'dorset'); if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (".$mysqli-errno.") ".$mysqli->connect_error; } I get this error: Failed to connect to MySQL: () Access denied for user 'application'@'localhost' (using password: YES) However if I use the old mysql_connect() function, it doesnt throw back any errors?! Any ideas? Hi, I found a tutorial in building a poll, however it detects IP, so people can't vote multiple times, so I dissected the code into sections while removing the IP blocking, while still inserting the IP address into the database, the problem is that I get: Access denied for user 'ODBC'@'localhost' for the second page, I don't know where I went wrong, could anyone help me? I also attached the code and .sql file so that people can hack it and check where it got wrong. Thanks here is the original poll code <link rel="stylesheet" href="css/style.css" type="text/css" media="screen" /> <?php //database settings $hostname = 'localhost'; $username = 'root'; $password = ''; $dbname = 'poll1'; $connect = mysql_connect($hostname, $username, $password); mysql_select_db($dbname); //Validation to check if the user has voted or not. If not yet voted, then insert the data to the database, otherwise //tell the user they voted if(isset($_POST['vote']) && isset($_POST['questions'])){ $query = mysql_query("SELECT questions.pid FROM responses, questions WHERE responses.qid=questions.id AND responses.ip='".$_SERVER['REMOTE_ADDR']."' AND pid=(SELECT pid FROM questions WHERE id='".$_POST['questions']."' LIMIT 1)"); if(mysql_num_rows($query) == 0){ $query = mysql_query("INSERT INTO responses (qid, ip) VALUES ('".$_POST['questions']."', '".$_SERVER['REMOTE_ADDR']."')"); } else { $error = 'You Already Voted'; } } else if(!isset($_POST['questions']) && isset($_POST['vote'])){ $error = 'Please select a response'; } ?> <?php //The poll script $query = mysql_query("SELECT * FROM poll ORDER BY id DESC LIMIT 1"); $rows = mysql_num_rows($query); if($rows > 0){ $poll = mysql_fetch_array($query); $title = $poll['name']; } else { $title = 'No Poll Yet'; } $me=array(); $query = mysql_query("SELECT COUNT(id) as hits FROM responses GROUP BY qid"); while($row = mysql_fetch_array($query)){ $me[] = $row['hits']; } $max = max($me); //echo "SELECT questions.pid FROM responses, questions WHERE responses.qid=questions.id AND responses.ip='".$_SERVER['REMOTE_ADDR']."' AND pid='".$poll['id']."'"; $query = mysql_query("SELECT questions.pid FROM responses, questions WHERE responses.qid=questions.id AND responses.ip='".$_SERVER['REMOTE_ADDR']."' AND pid='".$poll['id']."'"); if(mysql_num_rows($query) > 0){ $total = mysql_query("SELECT questions.pid FROM responses, questions WHERE responses.qid=questions.id AND pid='".$poll['id']."'"); $total = mysql_num_rows($total); ?> <table width="300" cellpadding="0" cellspacing="0" border="0" class="maintable" align="center"> <tr> <td valign="top" align="center" class="title"><h1><?php echo $title; ?></h1></td> </tr> <?php $query = mysql_query("SELECT * FROM questions WHERE pid='".$poll['id']."' ORDER BY id"); $questions = mysql_num_rows($query); if($questions > 0){ ?> <tr> <td valign="top" style="padding: 5px;"> <table width="100%" cellpadding="0" cellspacing="0" border="0" class="question"> <?php while($question = mysql_fetch_array($query)){ $responses = mysql_query("SELECT count(id) as total FROM responses WHERE qid='".$question['id']."'"); $responses = mysql_fetch_array($responses); if($total > 0 && $responses['total'] > 0){ $percentage = round(($responses['total'] / $max) * 100); } else { $percentage = 0; } $percentage2 = 100 - $percentage; ?> <tr> <td valign="top" nowrap="nowrap"><?php echo $question['question']; ?></td> <td valign="top" height="10" width="100%" style="padding: 0px 10px;"> <table width="100%" cellpadding="0" cellspacing="0" border="0"> <tr> <td valign="top" width="<?php echo $percentage ; ?>%" <?php if($percentage > 0){?>style="background: url('images/bar.jpg') repeat-x;"<?php } ?>><img src="images/dot.gif" width="1" height="19" /></td> <td valign="top" width="<?php echo $percentage2; ?>%"></td> </tr> </table> </td> <td valign="top"><?php echo $responses['total']; ?></td> </tr> <?php } ?> <tr> <td valign="top" colspan="3" align="center" style="padding: 10px 0px 0px 0px;">Total Votes: <?php echo $total; ?></td> </tr> </table> </td> </tr> <?php } ?> </table> <?php } else { ?> <table width="400" cellpadding="0" cellspacing="0" border="0" class="maintable" align="center"> <th>Declaration of Faith</th> <tr> <td valign="top" align="center" class="title"><?php echo $title; ?></td> </tr> <?php $query = mysql_query("SELECT * FROM questions WHERE pid='".$poll['id']."' ORDER BY id"); $questions = mysql_num_rows($query); if($questions > 0){ ?> <tr> <td valign="top" style="padding: 5px;"> <form name="poll" method="post" action=""> <table width="100%" cellpadding="0" cellspacing="0" border="0" class="question"> <?php if(isset($error)){ ?> <tr> <td valign="top" colspan="2" align="center" style="padding: 0px 0px 10px 0px;"><?php echo $error; ?></td> </tr> <?php } ?> <?php $x=0; while($question = mysql_fetch_array($query)){ ?> <tr> <?php if ($x==0){ ?> <td width="43%" rowspan=2 align="center"><span style="padding: 10px 0px 0px 0px;"> <input type="submit" id="submit" name="vote" value="Declare" /> </span></td> <?php }//if statement closing ?> <td valign="top" width="56%"><input type="radio" name="questions" value="<?php echo $question['id']; ?>" /><?php echo $question['question']; ?></td> </tr> <?php $x=$x+1; } ?> <tr> <td valign="top" align="center" style="padding: 10px 0px 0px 0px;"><br /></td> <td width="1%"> </td> </tr> <tr> <td colspan="2" align="center" id="note">Please answer only once per person</td> </tr> </table> </form> </td> </tr> <?php } ?> </table> <?php } ?> Here are the sectioned codes insert.php <link rel="stylesheet" href="css/style.css" type="text/css" media="screen" /> <?php include('config.php'); //Validation to check if the user has voted or not. If not yet voted, then insert the data to the database, otherwise //tell the user they voted if(isset($_POST['vote']) && isset($_POST['questions'])) { //insert the vote to the database $query = mysql_query("INSERT INTO responses (qid, ip) VALUES ('".$_POST['questions']."', '".$_SERVER['REMOTE_ADDR']."')"); } else if(!isset($_POST['questions']) && isset($_POST['vote'])) { echo 'Please select a response'; } include('results.php'); ?> results.php <?php //The poll script $query = mysql_query("SELECT * FROM poll ORDER BY id DESC LIMIT 1"); $rows = mysql_num_rows($query); if($rows > 0){ $poll = mysql_fetch_array($query); $title = $poll['name']; } else { $title = 'No Poll Yet'; } $me=array(); $query = mysql_query("SELECT COUNT(id) as hits FROM responses GROUP BY qid"); while($row = mysql_fetch_array($query)){ $me[] = $row['hits']; } $max = max($me); $query = mysql_query("SELECT questions.pid FROM responses, questions WHERE responses.qid=questions.id AND responses.ip='".$_SERVER['REMOTE_ADDR']."' AND pid='".$poll['id']."'"); if(mysql_num_rows($query) > 0){ $total = mysql_query("SELECT questions.pid FROM responses, questions WHERE responses.qid=questions.id AND pid='".$poll['id']."'"); $total = mysql_num_rows($total); ?> <table width="300" cellpadding="0" cellspacing="0" border="0" class="maintable" align="center"> <tr> <td valign="top" align="center" class="title"><h1><?php echo $title; ?></h1></td> </tr> <?php $query = mysql_query("SELECT * FROM questions WHERE pid='".$poll['id']."' ORDER BY id"); $questions = mysql_num_rows($query); //vote results ?> <tr> <td valign="top" style="padding: 5px;"> <table width="100%" cellpadding="0" cellspacing="0" border="0" class="question"> <?php while($question = mysql_fetch_array($query)){ $responses = mysql_query("SELECT count(id) as total FROM responses WHERE qid='".$question['id']."'"); $responses = mysql_fetch_array($responses); if($total > 0 && $responses['total'] > 0){ $percentage = round(($responses['total'] / $max) * 100); } else { $percentage = 0; } $percentage2 = 100 - $percentage; ?> <tr> <td valign="top" nowrap="nowrap"><?php echo $question['question']; ?></td> <td valign="top" height="10" width="100%" style="padding: 0px 10px;"> <table width="100%" cellpadding="0" cellspacing="0" border="0"> <tr> <td valign="top" width="<?php echo $percentage ; ?>%" <?php if($percentage > 0){?>style="background: url('images/bar.jpg') repeat-x;"<?php } ?>><img src="images/dot.gif" width="1" height="19" /></td> <td valign="top" width="<?php echo $percentage2; ?>%"></td> </tr> </table> </td> <td valign="top"><?php echo $responses['total']; ?></td> </tr> <?php } ?> <tr> <td valign="top" colspan="3" align="center" style="padding: 10px 0px 0px 0px;">Total Votes: <?php echo $total; ?></td> </tr> </table> </td> </tr> <?php } ?> </table> vote.php <?php include('config.php'); //vote starts here ?> <table width="400" cellpadding="0" cellspacing="0" border="0" class="maintable" align="center"> <th>Declaration of Faith</th> <tr> <td valign="top" align="center" class="title"><?php echo $title; ?></td> </tr> <?php $query = mysql_query("SELECT * FROM questions WHERE pid='".$poll['id']."' ORDER BY id"); $questions = mysql_num_rows($query); ?> <tr> <td valign="top" style="padding: 5px;"> <form name="poll" method="post" action="results.php"> <table width="100%" cellpadding="0" cellspacing="0" border="0" class="question"> <?php $x=0; while($question = mysql_fetch_array($query)){ ?> <tr> <?php if ($x==0){ ?> <td width="43%" rowspan=2 align="center"><span style="padding: 10px 0px 0px 0px;"> <input type="submit" id="submit" name="vote" value="Declare" /> </span></td> <?php }//if statement closing ?> <td valign="top" width="56%"><input type="radio" name="questions" value="<?php echo $question['id']; ?>" /><?php echo $question['question']; ?></td> </tr> <?php $x=$x+1; } ?> <tr> <td valign="top" align="center" style="padding: 10px 0px 0px 0px;"><br /></td> <td width="1%"> </td> </tr> <tr> <td colspan="2" align="center" id="note">Please answer only once per person</td> </tr> </table> </form> </td> </tr> </table> config.php <link rel="stylesheet" href="css/style.css" type="text/css" media="screen" /> <?php //database settings $hostname = 'localhost'; $username = 'root'; $password = ''; $dbname = 'poll1'; $connect = mysql_connect($hostname, $username, $password); mysql_select_db($dbname); $query = mysql_query("SELECT * FROM poll ORDER BY id DESC LIMIT 1"); $rows = mysql_num_rows($query); $poll = mysql_fetch_array($query); $title = $poll['name']; ?> My dad loves these frozen cheeseburgers from meijer so I was gonna write a little script I can run in cron that will check Meijer's website and txt or email or something if they go on sale. Whenever I run the below script I get an Access Denied response from the server instead of the html for the cheesburger page. I'm sure I just need a CURL option or something. Thank You in Advance
Hi everyone! I'm getting the error "Access denied for user ''@'localhost' to database 'crystalair'" (crystalair is the name of my database) whenever I submit my form which inserts a new row to the database table "order". The same happens when I try to retrieve data from the table using select query. However, I can successfully perform operations (select, insert) in my other pages which involves another database table "user". If this is a connection error, how can I successfully perform operations with another table? Also, my connection query does not return an error. I have also checked to make sure my user has been granted "All Privileges" in the phpmyadmin. I've run out of ideas. Can you please help? Thanks a lot. Please help me to solve this error Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in C:\wamp\www\shop-script-free\includes\database\mysql.php on line 13 Warning: mysql_get_server_info() expects parameter 1 to be resource, boolean given in C:\wamp\www\shop-script-free\includes\database\mysql.php on line 14 Access denied for user 'SYSTEM'@'localhost' (using password: NO) Thanks you very much config.php file does the problem lie here it wont seem to connect to the database and gives me the code above <?php define( "DB_DSN", "mysql: host=vega.soi.city.ac.uk;dbname=abhr428"); define( "DB_USERNAME", "abhr428" ); define( "DB_PASSWORD", " i have taken password out" ); define( "PAGE_SIZE", 5 ); define( "TBL_USERS", "users" ); define( "TBL_ACCESS_LOG", "accesslog" ); ?> Hi, I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them. The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP. The code for the script is here : Code: [Select] <?php $mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase'); if (!$mysql) { die(mysql_error()); $content = "<nobr></nobr>"; } else { $result = mysql_query('SELECT * FROM tblEventGroup'); $content = "<nobr>"; if ($result) { while($row = mysql_fetch_assoc($result)) { $content .= "<span>"; $content .= $row['GroupName']; $content .= "</span>"; $content .= "<a href=\"../Event/EventSearch?groupid="; $content .= $row['GroupId']; $content .= "\" target=\"_blank\">Book here</a> "; } } mysql_close($mysql); $content .= "</nobr>"; } ?> I cannot for the life of me understand what the problem is, the return error is Access denied for user 'myuser'@'localhost' (using password: YES) i have created an object in one page. it has a submit button which upon clicking opens a new page. is it possible to access that created object and its data members in that second page? here is the code for creating the object in the first page. $viewcart = new Cart(); $viewcart->GetProductCart($user); This has been an ongoing issue from the start. When I try to login I enter the username and password and click login, then get taken back to the login page to reenter the same details and the second time I click login I get logged in. Now if I then log out and close window and wait a few seconds, restart again and try to log in, I get in first time. I believe this could be a session issue but I thought unsetting the unset($_SESSION['admin']); would cause the session to be lost and have to start again. I just can not get my head around what is causing it. Can anyone tell me what I might be doing wrong ? I have a redirect to originating page, so if I was to view a previous page within the admin area I have to log in and then once loggeed in it will redirect to the page I was on before. Here are my scripts.
<?php
session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1);
define('site_title', 'Admin ');
define('pageTitle', 'Admin ');
$_SESSION['loginRedirect'] = "adminCreateCampaign.php";
include("functions-for-email.php");
$checkAdminStatus = checkAdminStatus($mysqli);
if(!isset($_SESSION['admin']) || $checkAdminStatus == "NOACCESS") {
$_SESSION['error'] = 'You must be logged in to view that page. (el.S1)';
//$_SESSION['loginRedirect'] = "showStats.php";
//echo("You must be logged in to view that page. (el.S1)<br>"); exit;
@mysqli_close($mysqli);
header('Location: ' . adminFullWebAddress . '/index.php'); exit;
} else {
if($_SESSION['admin']['account_type'] != 'admin') {
$_SESSION['error'] = 'You do not have the priviledges to view that page. (el.S2)';
@mysqli_close($mysqli);
header('Location: ' . adminFullWebAddress . '/index.php'); exit;
}
}
?>
<!DOCTYPE>
<html>
<head>
<link href="adminstyle.css" rel="stylesheet" type="text/css" />
<title><?php echo(site_title); ?></title>
</head>
<body>
<div id="container">
<div class="containerInner">
<div id="leftInner100">
<?php // start of leftInner ?>
<?php menu(); ?>
<h1 class="middleTitle">Admin </h1>
<?php
if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; unset($thisError); }
if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; unset($thisSuccess); }
?>
<br><br>
</div><?php // end of leftInner ?>
</div><?php // end of containerInner ?>
<div class="clearfix"></div>
</div><?php // container ?>
</body>
</html>
<?php @mysqli_close($mysqli); ?>
<?php
session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1);
include("functions.php");
$checkAdminStatus = checkAdminStatus($mysqli);
//$_SESSION['loginRedirect'] = adminFullWebAddress . "/index.php";
$fromlink4 = isset($_SERVER['REMOTE_ADDR']) ? (gethostbyaddr($_SERVER['REMOTE_ADDR'])) : "empty";
$ipAddress = $_SERVER['REMOTE_ADDR'];
if(isset($_POST['email'])) { $email = $_POST['email']; $email = strip_tags($email); } else { $email = ""; }
if(isset($_POST['pass'])) { $password = $_POST['pass']; $pass = $_POST['pass']; } else { $pass = ""; }
if(isset($_POST['login']) && trim($_POST['login']) == 'Login') {
$checkEmail = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1");
$checkBanned = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `suspended` = 'Yes' LIMIT 1");
$failedLoginCounter = 0;
if(!$email) {
$thisError = 'Please enter your e-mail address.';
} else if(! $checkEmail->num_rows) {
$thisError = 'Either the email address, password or both were not entered correctly.';
} else if(!$password) {
$thisError = 'Please enter your password.';
} else if($checkBanned->num_rows) {
$thisError = 'Your account has been suspended by Admin.';
} else {
$password = md5($password);
$checkAccount = db_query($mysqli, "SELECT * FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `password` = '" . $mysqli->real_escape_string($password) . "' LIMIT 1");
if($checkAccount->num_rows) {
$saveChanges = db_query($mysqli, "UPDATE `admins` SET `lastlogindatetime` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string($ipAddress) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1");
// set lastlogindatetime
$_SESSION['admin'] = $checkAccount->fetch_assoc();
$loginRedirect = isset($_SESSION['loginRedirect']) ? $_SESSION['loginRedirect'] : "";
$_SESSION['success'] = 'You are now logged in. (ok.L2) ' . $loginRedirect;
header('Location: ' . adminFullWebAddress . '/' . $loginRedirect); exit;
} else {
$thisError = 'Your e-mail address and/or password is incorrect.<br>If you still face issues, you can <a href="startresetpw.php">reset your password</a>';
$saveChanges = db_query($mysqli, "UPDATE `admins` SET `failedLoginCounter` = `failedLoginCounter` + 1, `lastloginfailedip` = '" . $mysqli->real_escape_string($ipAddress) . "', `lastlogindatetimeFailed` = '" . $mysqli->real_escape_string(datetimenow) . "' WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1"); // set lastlogindatetimeFailed
}
}
}
if(!isset($_SESSION['admin'])) {
define('site_title', 'Login');
define('pageTitle', 'Login');
} else {
define('site_title', 'Home');
define('pageTitle', 'Home');
}
?>
<!DOCTYPE>
<html>
<head>
<link href="adminstyle.css" rel="stylesheet" type="text/css" />
<title><?php echo(site_title); ?></title>
</head>
<body>
<div id="container">
<div class="containerInner">
<div id="leftInner100">
<?php // start of leftInner ?>
<div id="mainphoto"><?php //specialMessage($mysqli); mainPageImage(""); ?></div>
<div class="clear"></div><?php
if(isset($_SESSION['admin'])) {
menu();
}
if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; }
if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; }
unset($thisError); unset($thisSuccess);
if(!isset($_SESSION['admin'])) { ?>
<div style="width: 100%; margin: 0em auto; text-align: center;">
<form method="POST" action="index.php" style="width: 15em; text-align: center;">
<div class="field"> E-mail Address </div>
<div class="value"> <input type="text" name="email" value="<?php if(isset($_POST['email'])) { echo $email; } ?>" style="width: 12.5em;" title="email"> </div>
<div class="field"> Password<br><span style="font-size: 0.8em;"><?php
if (isset($_POST['pass'])) { echo('<strong style="color: red;">'); } ?>(Please note: your password may be CaSe SeNSitIvE)<?php if (isset($_POST['pass'])) { echo('</strong>'); } ?></span>
</div>
<div class="value"> <input type="password" name="pass" value="" style="width: 12.5em;" title="pass"> </div>
<div><br><input type="submit" name="login" value="Login"> <input type="reset" value="Clear"><br></div>
</form><br>
<div class="clearFloat"></div>
</div>
<?php
} else { ?>logged in<?php } ?>
<br><br>
</div><?php // end of leftInner ?>
</div><?php // end of containerInner ?>
<div class="clearfix"></div>
</div><?php // container ?>
</body>
</html>
<?php
@mysqli_close($mysqli); ?>
functions.php
<?php
define('showOutput', 0);
include("/home/****/db_login_functions.php");
define('db_table_name', 'clientList');
define('mailHost', 'mail.****.com');
define('mailUsername', 'noreply@****.com');
define('mailPW', '****');
define('bounce', 'bounce@****.com');
define('fullDomain', 'https://www.admin.****.com');
define('adminFullWebAddress', 'https://www.admin.****.com');
define('adminEmail', 'admin@****.com');
define('fromEmail', 'noreply@****.com');
define('fromName', 'DO NOT REPLY');
define('REMOTEADDR', isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '');
define('PHPSELF', $_SERVER['PHP_SELF']);
define('HTTPREFERER', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "not set");
define('unsub', 'https://www.****.com/unsub.php'); define('securityhash', 'abc'); // NEVER change this securityhash.
date_default_timezone_set('Europe/London');
define('datetimenow', date("Y-m-d H:i:s"));
/* check if user is allowed to access a certain page or not. */
function checkAdminStatus($mysqli) { $yesNo = "";
if(isset($_GET['action']) && $_GET['action'] == 'logout') {
unset($_SESSION['admin']);
$_SESSION['success'] = 'You have successfully logged out. (lo.1)';
header('Location: index.php'); exit;
}
if(isset($_SESSION['admin']) ) {
// need to add in code to check if logged in for more than 1 hour, if so log out on next refresh of page.
if ($_SESSION['admin']['lastAccessSinceLogin'] < date( 'Y-m-d H:i:s', strtotime("-5 minutes") )) { unset($_SESSION['admin']);
$_SESSION['error'] = 'You were logged out due to no activity, please login again to view that page. (lo.2)';
header('Location: index.php'); exit;
}
$checkBanned = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' AND `suspended` = 'Yes' LIMIT 1");
if($checkBanned->num_rows) { $yesNo = "NOACCESS"; //$_SESSION['error'] = 'You must be logged in to view that page.';
} else { $yesNo = "ACCESS"; // if logged in, update `users`.`lastAccessSinceLogin` with current datetime.
$updateLastAccessSinceLogin = db_query($mysqli, "UPDATE `admins` SET `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string(REMOTEADDR) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' LIMIT 1");
$_SESSION['admin']['lastAccessSinceLogin'] = datetimenow;
}
}
return $yesNo;
}
function menu() {
echo('<a href="index.php?action=logout">Log Out</a> ');
echo('
<a href="adminCreateCampaign.php">Create Campaign</a><br><br><br>');
}
?>
.htaccess (within the admin folder)
Header set Access-Control-Allow-Origin "*"
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly.
suPHP_ConfigPath /home/****/php.ini
.htaccess (within the root folder)
Header set Access-Control-Allow-Origin "*"
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly.
suPHP_ConfigPath /home/****/php.ini
the php.ini file allow_url_fopen = on allow_irl_include = on date.timezone = Europe/London safe_mode = off upload_max_filesize = 20M post_max_size = 20M upload_tmp_dir = "/home/****/tmp" session.save_path = "/home/****/sessions" session.use_only_cookies = on error_reporting = E_ALL log_errors = On display_errors = Off track_errors = On error_log = "/home/****/errors.log" sendmail_from = "server@****.com"
I have an MS Access Database that resides on the server that I will be hosting the pages I'm building. In my MS Access Database I have a query called "CheckedInEquipment" that I would like to have constantly display on a PHP page. It needs to be 'fluid', so the data is always up to date on the web page. (This is all in a sandbox XAMPP environment). Has anyone done this, can you lead me to examples or push me in the right direction? Carl I have a site, and there is an image with a link to another page, how can I make it so this is the only way to get to that page is by clicking on that image, and not by typing www.mywebsite.com/page.php into the address bar in a browser? Hello, Im making a little script to grab some data from a website but the data loads up a Javascript popup and unless you click the link from the page you came from you get a 404 error. Is there any ways to able me to load up the page using php so i can access some of the data on the page. The page im trying to access has the following code in the head, Does that have anything to do why you cant directly access it? Code: [Select] <META NAME="Robots" CONTENT="index,follow"> Hope this makes sense, If anyone knows a solution i would really appreciate it. Hi guys so i want to make page acces to certain ranks. So im thinking for something like this
rank1 -> home.php, admins.php So the ranks are in a database with the page names. So now when someone logs in they will get a certain rank. So now i need to make a function that will check if the rank has access to this page. $curPageName = substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1); This will detect the current page that the logged in person is at now. But now how do i check if the $_SESSION['rank']; (rank1) has the access to get in page admins.php, and obviously to make $_SESSION['rank'];(rank2) redirect from the page admins.php Could someone point me in the right direction? Do i select the ranks and page names from database then put it into a array? Thanks. Below is the screenshots and script for user page level access i have used it for one of my old projects. Code is working as it was intended. But it needs to be improvised. Users table
pages table , which has all the pages and links
Access level table. which has user id from users table and page id from pages table (for which user has access)
Once the user is created, admin gives access to the user on page basis, the permissions.php page looks like this The modules
Menus inside the modules
Pages in each menu
Here is my code for permission.php
<div id="demo2-html">
<ul id="demo2" class="mnav">
<li><a href="#">Sales</a>
<ul>
<li><a href="#">Lead</a>
<ul>
<table class="table table-bordered table-striped table-hover">
<?php
$s1 = mysqli_query($con, "SELECT pages.page_id as pid, pages.code, pages.page,
pages.href, access_level.aid, access_level.page_id as pgid,
access_level.user_id
FROM pages
LEFT JOIN access_level ON (pages.page_id=access_level.page_id
AND access_level.user_id=".$user."
) WHERE pages.code='led'") or die(mysqli_error($con));
while($s2 = mysqli_fetch_array($s1)) { ?>
<tr><li><td><?php echo $s2['page']; ?> </td><td><input type="checkbox" name="sn[]" value="<?php echo $s2['pid']; ?>" <?php if($s2['pgid'] === $s2['pid']) echo 'checked="checked"';?> />
<input type="hidden" value="<?php echo $s2['pid']; ?>" name="page_id[<?php echo $s2['pgid']; ?>]">
</td></li></tr>
<?php } ?>
</table>
</ul>
</li>
<li><a href="#">Customer</a>
<ul>
<table class="table table-bordered table-striped table-hover">
<?php
$s1 = mysqli_query($con, "SELECT pages.page_id as pid, pages.code, pages.page,
pages.href, access_level.aid, access_level.page_id as pgid,
access_level.user_id
FROM pages
LEFT JOIN access_level ON (pages.page_id=access_level.page_id
AND access_level.user_id=".$user."
) WHERE pages.code='cst'") or die(mysqli_error($con));
while($s2 = mysqli_fetch_array($s1)) { ?>
<tr><li><td><?php echo $s2['page']; ?> </td><td><input type="checkbox" name="sn[]" value="<?php echo $s2['pid']; ?>" <?php if($s2['pgid'] === $s2['pid']) echo 'checked="checked"';?> />
<input type="hidden" value="<?php echo $s2['pid']; ?>" name="page_id[<?php echo $s2['pgid']; ?>]">
</td></li></tr>
<?php } ?>
</table>
</ul>
</li>
//code goes for all the other modules
</ul>
</li>
</ul>
</div>
<input type="hidden" name="user" value="<?php echo $user; ?>" />
<div class="row" align="center">
<input type="submit" name="submit" class="btn btn-success" value="Save" />
</form>
// form Submission
if(isset($_POST['submit']))
{
$user = $_POST['user'];
$sql = "DELETE FROM access_level WHERE user_id = ".$user."";
$query = mysqli_query($con, $sql) or die (mysqli_error($con));
foreach($_POST['sn'] as $sn)
{
$sql = "insert into access_level (page_id, user_id) values (".$sn.", ".$user.")";
$query = mysqli_query($con, $sql) or die (mysqli_error($con));
}
if($query)
{
header("location:users.php?access=1");
}
}
So against each user i am storing all the page ids here. When i edit any of the users, it deletes all the records and again insers new records. Which i feel is not a proper way to do. And in codewise also, i am redirecting the user to no_access.php (as below) page if the user do not have access.
<?php
ob_start();
include("connect.php");
include("admin_auth.php");
$q1 = basename($_SERVER['REQUEST_URI'], '?' . $_SERVER['QUERY_STRING']);
$q2 = $_SERVER['REQUEST_URI'];
$var1 = "/".$q1;
$qa_path=explode('/', $q2);
$right_path = $qa_path[2].$var1;
$parsedUrl = parse_url($q2);
$curdir = dirname($_SERVER['REQUEST_URI'])."/";
$m4 = "select p.page_id, p.code, p.page, p.href, al.aid, al.page_id, al.user_id FROM pages p INNER JOIN access_level al ON p.page_id=al.page_id WHERE al.user_id=".$_SESSION['user_id']."";
$m5 = mysqli_query($con, $m4) or die (mysqli_error($con));
while($nk1 = mysqli_fetch_array($m5)) {
$href1[] = ($nk1['href']); }
if(in_array($right_path, $href1)) {
echo "<script type='text/javascript'> document.location = ".BASE_URL."/".$right_path."</script>";
}
else
{
echo "<script type='text/javascript'> document.location = '../no_access.php' </script>";
exit();
}
?>
I need help in improve and better/effective (structural) way to do this both in database and php script. I am using the debug_backtrace() php function to prevent direct access to admin files.
i simply place the code below at the top of a page eg config.php and direct access via the browser is prevented.
Is it a safe practice or is there a better way of doing it?
<?php
debug_backtrace() || die ("Direct access to this resource is forbidden");
?>
Thanks
Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta |
|||||||