PHP - Close Iframe And Redirect User To User_page
OKKK! good day please i have little problem that is now a mighty one before me. I added a login form to a page using Iframe modal class i got from tinybox2. I have been able to login the user and in use the HEADER function to redirect the user to their user_page but the direction is done in the I-frame and not the parent window. Now my problem is how do i close the iframe and still redirect the user to the next page. I tried some javascript but all to no avail .
THE LOGIN AND I-FRAME PAGE SCRIPT
<?php if(empty($errors)=== true){ $login=login($username, $password); if($login === false){ $errors[]='INVALID LOGIN DETAILS.... PLEASE CHECK YOUR DETAILS AND TRY AGAIN.'; } else{ $_SESSION["user_id"]=$login; ?> <script> parent.window.close();</script> <?php header("location:user_page.php"); } } if(empty($errors)=== false){ $_SESSION["errors"]=$errors[0]; } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Login</title> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <meta name="apple-mobile-web-app-capable" content="yes"> <link href="css/signin.css" rel="stylesheet" type="text/css"> </head> <body> <div class="account-container"> <div class="content clearfix"> <form action="#" method="post"> <h1>Member Login</h1> <div class="login-fields"> <p>Please provide your details</p> <div class="field"> <label for="username">Username</label> <input type="text" id="username" name="username" value="" placeholder="Username" class="login username-field" /> </div> <!-- /field --> <div class="field"> <label for="password">Password:</label> <input type="password" id="password" name="password" value="" placeholder="Password" class="login password-field"/> </div> <!-- /password --> </div> <!-- /login-fields --> <input class="login-fields_submit" type="submit" name="login" value="Log In"> </form> <?php if(isset($_SESSION["errors"])){?> <h1 style="background:darkred;margin-bottom:-27px;font-size:9px !important;"> <?php echo $_SESSION["errors"]; unset($_SESSION["errors"]);?></h1><?php }?> </div> <!-- /content --> </div> <!-- /account-container --> </body> </html> Similar Tutorials
User Authentication Help By Using If Elseif And Else Statement And Redirect Page On 3 Differnet Urls
Hello, I'm having trouble trying to redirect users after they've logged in. My site shows different types of adverts but some adv are restricted to registered users, on the home page they can see the the title of the adv but if they click on the title and are not logged in then they are taken to the log in page, Now my problem is how do i then re-direct them back to the adv they were trying to see? if i just redirect them to index.php that won't help because index shows few adv. I hope that makes sense. Any help much appreciated. Hi guys,
The idea of this script is to check if the website is under maintenance, and if it is, direct the user to the maintenance page. If the user is signed in, and has privileges to bypass the maintenance page and continue to look at the website, then they won't be redirected, but I can't seem to get it to work? I've checked all the tables in database, I've been through the code multiple times. It's not displaying an error, it's just running through the code and then doing nothing?
(Maintenance has already been set to '1' in the database)
index.php
<?php include "core.php"; ?> <? $updatecounter = mysql_query("UPDATE webviews SET count = count+1 WHERE id = '1'"); if (!$updatecounter) { die ("Can't update the counter : " . mysql_error()); } ?>core.php <?php session_start(); include "config.php"; include "security.php"; $id = $_SESSION['userinfo']['id']; if ($_SESSION['logged'] == true) { $qry="SELECT * FROM fuserights WHERE userid='$id'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { $checks = mysql_fetch_assoc($result); $access = $checks['bypassmaintenance']; } } if($access == 1) { }else { $result = mysql_query("SELECT * FROM maintenance") or die(mysql_error()); while($row = mysql_fetch_assoc($result)) { if($row['check'] == 1) { header('location:/maintenance/'); } } } } ?>config.php <?php $server = "***"; $username = "***"; $password = "***"; $db_name = "***"; $connect = mysql_connect($server, $username, $password) or die(mysql_error()); mysql_select_db($db_name, $connect) or die(mysql_error()); mysql_query("SET NAMES utf8"); ?>security.php <?php $array = array( "union", "sql", "mysql", "database", "cookie", "coockie", "select", "from", "where", "benchmark", "concat", "table", "into", "by", "values", "exec", "shell", "truncate", "wget", "/**/", "1=1", "xss" ); foreach ($array as $d) { $string = security($_SERVER['QUERY_STRING']); if (strpos(strtolower($string), $d) != false) { $ip = $_SERVER['REMOTE_ADDR']; $loc = $_SERVER['PHP_SELF']; $browseros = $_SERVER['HTTP_USER_AGENT']; $oslanguage = $_SERVER['HTTP_ACCEPT_LANGUAGE']; $date = date("d.m.Y / H:i:s"); $file = security('' . $loc . '?' . $string . ''); $type = "SQL Injection"; $queryvalid = mysql_query("SELECT * FROM `hacker-attacks` WHERE file='$file' and type='SQL Injection' LIMIT 1"); $validator = mysql_num_rows($queryvalid); if ($validator > "0") { echo '<meta http-equiv="refresh" content="0;url=index.php" />'; exit(); } else { $log = "INSERT INTO `hacker-attacks` (ip, date, file, type, browseros, oslanguage) VALUES ('$ip', '$date', '$file', '$type', '$browseros', '$oslanguage')"; $result = mysql_query($log); echo '<meta http-equiv="refresh" content="0;url=index.php" />'; exit(); } } } function security($input) { $input = mysql_real_escape_string($input); $input = strip_tags($input); $input = stripslashes($input); return $input; } $guestip = $_SERVER['REMOTE_ADDR']; $querybanned = mysql_query("SELECT * FROM `bans` WHERE ip='$guestip'"); $banned = mysql_num_rows($querybanned); $row = mysql_fetch_array($querybanned); $reason = $row['reason']; if ($banned > "0") { die("<center><font size='7' color='red'><b>You are banned</b></font><br> Reason: $reason<br> <br /><img src='images/banned.png' /></center>"); } ?>Any help would be appreciated! Thanks. Hi, I just want to put up a simple page that has an NDA to which someone can either "agree" or "disagree" and then automatically be forwarded to specific pages accordingly (google and yahoo are just there for testing). Problem is that I keep getting and "Undefined Index" for both "agree" and "disagree". What am I doing wrong? Here is my code: Code: [Select] <form id="nda" name="nda" method="post" action=""> <input type="submit" name="agree" value="I agree" /> <input type="submit" name="disagree" value="I disagree" /> </form> <?php if($_POST['agree']){ header("Location: http://www.google.com"); } else if ($_POST['disagree']){ header("Location: http://www.yahoo.com"); } ?> Thanks! Hi, I have a, let's call it, Main page, and it refreshes every 5 seconds to check the database... If it finds a result, it kills the refresh function and allows a DIV to call a page into itself via another function on the Main page, which refreshes every second, it's a timer count down clock... The problem is, that if the timer runs down to zero, I have it do a lot of things, but then I need it to either refresh the Main page, redirect the Main page, or close the Main page entirely... Does anyone know how I could perform either 3 of those actions from within the page that's inside of the DIV? I have a paypal shopping cart form. Right now the form submits to paypals normal site and works fine. But the problem is the user can use firebug and change the price before sending to paypal. So i want the form to submit to my php script, where ill whatever is in the session, not what was posted, create an NVP string from that post, then POST that to paypal. I thought i could do this with cURL, but cURL always responds, it never actually takes the user to paypal with post. Is there a way to mimic what a form submit does completely in PHP? I need some help with a form being successfully submitted redirecting to a secure page. I already have the form code working and just need the part to redirect within an else statement. Also need to redirect a user back to the form page if they try and visit the secure page without being a member. thanks in advance. Below code is working fine but i need to redirect on 3 different pages and its giving me error. My table structure is as
User table
Email Password
admin@yahoo.com 123
tariq@yahoo.com 987
bilal@yahoo.com 456
if user name is like; admin@yahoo.com the page should redirect on welcome.php
if user name is like; info@aiousoft.com the page should redirect to welcome2.php
and if user doesnot exist in database then give error as ELSE "user doesnot exist"
thanks
signin.php
<html><head><title>Sign In</title></head><body> <?php include 'header.php'; ?> <?php include 'menu.php'; ?> <center> <form method="post" action="checklogin.php"> <h3>Please Signin</h3> <table width="400" border="0"> <tr><td>Email</td> <td><input name="email" type="text" id="email"></td></tr> <tr><td>Password</td> <td><input name="password" type="password" id="password"></td></tr> </table> <p><label> <input type="submit" email="submit" value="Submit"> </label><input email="reset" type="reset"> </p> </form> </center> </body> </html> checklogin.php <html><head><title>Check Login</title></head><body> <?php include 'header.php'; include 'menu.php'; $email=$_POST['email']; $password=$_POST['password']; @ $db = mysql_pconnect('localhost', 'root', ''); if (!$db) { echo 'Error: Could not connect to database. Please try again later.'; exit;} mysql_select_db('car'); $q=mysql_query("select * from user where email='".$email."' and password='".$password."' ") or die(mysql_error()); $res=mysql_fetch_row($q); if($res) { header('location:welcome.php'); } else { echo' Please signin again as your user name and password is not valid'; } ?> </body> </html> Attached Files header.php 284bytes 0 downloads menu.php 308bytes 0 downloads I'm trying to put together a script that redirects visitors based on their IP, user agent and/or referral url. Basically I want the script to scan these three factors from the visitor, if any of them turn out to match my redirect-requirement it redirects the user. I know the code is horribly coded, I'm incredibly new to the php-scene and consider myself a complete noob. As you can see I want redirected visitors to go to google.com and un-redirected to msn.com(examples). Really thankful for all the help I can get! Right now nothing works, any suggestions? <?php function redirect($page) { Header( "HTTP/1.1 301 Moved Permanently" ); header('Location: ' . $page); exit; } $referrals=array('pitchingit.org','referral2'); $badAgents = array("useragent1", "useragent2"); $deny = array("78.105.191..*","100.101.103..*"); if (in_array($_SERVER['HTTP_REFERER'], $referrals, FALSE)) { header("Location: http://www.google.com"); } else { header("Location: http://www.msn.com"); } if(in_array($_SERVER['HTTP_USER_AGENT'],$badAgents)) { redirect("http://www.google.com/"); exit(); } $add=$_SERVER['REMOTE_ADDR']; foreach ($deny as $ip) { if (preg_match("^.$add.*^",$ip)) { redirect("http://www.google.com"); } } redirect("http://www.msn.com"); ?> hi, i have made a website where people resgister their details of them and products. they have to enter the following details in form Name of company name of the product company address email id password mobile number contact and brief details about their company
user can then login with email id and pwd. now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.
I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others. FIRST THE ONE script the member logges in here to the one table in MSQL: <?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $login = clean($_POST['login']); $password = clean($_POST['password']); if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ................................................. ................................ Now I need the person who logged in to the table above to be able to make multiple entries to the table below <? $ID=$_POST['ID']; $title=$_POST['title']; $cost=$_POST['cost']; $activity=$_POST['activity']; $ayear=$_POST['aday']; $aday=$_POST['ayear']; $seats=$_POST['special']; $special=$_POST['seats']; mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error()); mysql_select_db("xxxx") or die(mysql_error()); mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')"); Print "Your information has been successfully added to the database!" ?> Click <a href="member-profile.php">HERE</a> to return to the main menu <?php ?> Hi, so far I have managed to set up a somewhat basic login website with a mysql database backend. Once they have logged on they go to a "main menu" page. What I need to define is that user A sees button A but only that button, etc. (Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login). If anyone has any tutorials or sample code I would much appreciate it. Thanks, Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after Hi, I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them. The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP. The code for the script is here : Code: [Select] <?php $mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase'); if (!$mysql) { die(mysql_error()); $content = "<nobr></nobr>"; } else { $result = mysql_query('SELECT * FROM tblEventGroup'); $content = "<nobr>"; if ($result) { while($row = mysql_fetch_assoc($result)) { $content .= "<span>"; $content .= $row['GroupName']; $content .= "</span>"; $content .= "<a href=\"../Event/EventSearch?groupid="; $content .= $row['GroupId']; $content .= "\" target=\"_blank\">Book here</a> "; } } mysql_close($mysql); $content .= "</nobr>"; } ?> I cannot for the life of me understand what the problem is, the return error is Access denied for user 'myuser'@'localhost' (using password: YES) Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta How can one re-direct a visitor, without using a header re-direct? I'd like a page to show up, then after about 5 seconds I need the visitor sent to another page. How can I do this? Hello, i've got some shop script which has 2 payment modules which i'd like to use for something else, the payment modules only work if the user is logged in though, i tried to make them standalone scripts but that didn't work out too well. So now i decided to go another way and just let everyone have the same session so everyone will be using the same username&password automatically. the index file looks like this: Code: [Select] <?php include('./inc/config.php'); include('./inc/functions.php'); include('./lang/'.$language.'.lng'); $id = addslashes($_REQUEST["id"]); $user = addslashes($_REQUEST["username"]); $pass = addslashes($_REQUEST["password"]); $language = strtolower($language); if(empty($id)) $id =1; $file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"'); if(mysql_num_rows($file)>0) $file = mysql_fetch_array($file); else $file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"')); if(!empty($user) AND !empty($pass)) {$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"'); if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';} else $error = 'Username oder Passwort ist falsch.';} include('./designe/'.$designe.'/head.tpl'); include('./designe/'.$designe.'/navi.php'); include('./designe/'.$designe.'/middle.tpl'); if(file_exists('./pages/'.$file["file"])) {echo'<h1>'.ucfirst($file["title"]).'</h1>'; include('./pages/'.$file["file"]);} if(!empty($error)) echo '<font color="red">'.$error.'</font>'; include('./designe/'.$designe.'/foot.tpl'); ?> Now i tried alot of things including adding: Code: [Select] session_start(); $_SESSION["username"] = "peter"; $_SESSION["user"] = "peter"; $_SESSION["id"] = "1"; $_SESSION["pass"] = "peter"; $_SESSION["password"] = "peter"; or Code: [Select] $id = "1"; $user = "peter"; $username = "peter"; $pass = "peter"; $password = "peter"; also a combination of both, nothing works, but i don't understand why ? Any help is appreciated. /Edit, i tried adding it to the paymentmodule .php aswell, but no luck. Hallo everybody,
i have the following code.
but i get allways this error while the user exist in the database.
User not found!
what do i do wrong?
thank you very much for your help
Rafal
<html> <head> <?php $connection = mysql_connect("db.xyz.com", "username", "password") or die ("connection fehler"); mysql_select_db("db0123456789") or die ("database fehler"); $email = $_POST["inp_email"]; $pwd = $_POST["inp_pwd"]; if($email && $pwd) { $chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' "); $chkuserare = mysql_num_rows($chkuser); echo $email; echo $pwd; if ($chkuserare !=0) { $chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' "); $pwddb = mysql_fetch_assoc($chkpwd); if ($pwd != $pwddb["pwd"]) { echo "password is wrong!"; } else { echo "login successed"; } } else { echo "User not found!"; } } else { echo "Pleas enter your email and password!"; } mysql_close($connection); ?> </head> <body> <form action="login.php" method="post"> Email <input type="text" name="inp_email"><br> Password <input type="text" name="inp_pwd"><br> <input type="submit" name="submit" value="login"> </form> </body> </html> Edited by rafal, 21 September 2014 - 04:33 PM. Hallo everybody,
the user is in the table, but i get error (user not found!).
thank you very much for your help
Rafal
<!DOCTYPE html> <html> <head> <title>index</title> <meta http-EQUIV="CONTENT-LANGUAGE" content="en"> <?php SESSION_START(); include("abc.php"); $link2 = mysqli_connect("$hoster", "$nameuser", "$password", "$basedata") or die ("connection error" . mysqli_error($link2)); $email = $_POST["inp_email"]; $pwd = $_POST["inp_pwd"]; if($email && $pwd) { $chkuser = mysqli_query("SELECT email FROM $table2 WHERE email = '$email' "); $chkuserare = mysqli_num_rows($chkuser); if ($chkuserare !=0) { $chkpwd = mysqli_query("SELECT pwd FROM $table2 WHERE email = '$email'"); $pwddb = mysqli_fetch_assoc($chkpwd); if (md5($pwd) != $pwddb["pwd"]) { echo "Password is wrong!"; } else { $_SESSION['username'] = $email; header ('Location:list.php'); } } else { echo "user not found!"; } } else { echo "enter your Email and Password!"; } mysqli_close($link2); ?> </head> <body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver"> <font color="black"> <br> <form action="index.php" method="post"> <b>Login</b><br><br> <table width="100%"> <tr><td> Email:<br><input type="text" name="inp_email" style="width:98%; padding: 4px;"><br> Password:<br><input type="password" name="inp_pwd" style="width:98%; padding: 4px;"><br> <br> <input type="submit" name="submit" value="Login" style="width:100%; padding: 4px;"> </td></tr> </table> </form> </font> </body> </html> Hi,
Ive been trying to come up with a simple solution.
I run a scheduled task every 1 minute, it checks for a certain message in a MySQL DB.
If the message is there then i need to access a link such as:
https://www.somedoma...00000&body=This is the SMS to be sent&plaintext=1
This essentially sends an SMS to a user.
both the recipient and the body need to be a variable.
Is there a way then to get PHP to load/run the link without actually opening a browser?
ive been trying to check out allow_url_fopen but i cant seem to find any examples of how this works.
Any info or pointers would be great thanks.
Is this necessary? mysql_close($link); $query = "SELECT * FROM db_one WHERE field1 = '".$MyVar."'"; $results = mysql_query($query); while($line = mysql_fetch_array($results)) { echo $line["a"].",,"; echo $line["b"].",,"; echo $line["c"].",,"; echo $line["d"].",,"; echo $line["e"].",,"; echo $line["f"].",,"; echo $line["g"].",,"; echo $line["h"].",,"; echo $line["i"].",,"; echo $line["j"].",,"; echo $line["k"].",,"; echo $line["l"].",,"; } mysql_close($link); |