Learn VBA & Macros in 1 Week!

PHP - Having To Login Twice To Access Page ?

Full Excel VBA Course - Beginner to Expert

Having To Login Twice To Access Page ?	View Content

This has been an ongoing issue from the start.

When I try to login I enter the username and password and click login, then get taken back to the login page to reenter the same details and the second time I click login I get logged in. Now if I then log out and close window and wait a few seconds, restart again and try to log in, I get in first time. I believe this could be a session issue but I thought unsetting the unset($_SESSION['admin']); would cause the session to be lost and have to start again.

I just can not get my head around what is causing it. Can anyone tell me what I might be doing wrong ?

I have a redirect to originating page, so if I was to view a previous page within the admin area I have to log in and then once loggeed in it will redirect to the page I was on before.

Here are my scripts.

adminCreateCampaign.php

<?php
session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1);

define('site_title', 'Admin ');
define('pageTitle', 'Admin ');
$_SESSION['loginRedirect'] = "adminCreateCampaign.php";

include("functions-for-email.php");

$checkAdminStatus = checkAdminStatus($mysqli);
  if(!isset($_SESSION['admin']) || $checkAdminStatus == "NOACCESS") {
    $_SESSION['error'] = 'You must be logged in to view that page. (el.S1)';
    //$_SESSION['loginRedirect'] = "showStats.php";
//echo("You must be logged in to view that page. (el.S1)<br>"); exit;
    @mysqli_close($mysqli);
    header('Location: ' . adminFullWebAddress . '/index.php'); exit;
  } else {
    if($_SESSION['admin']['account_type'] != 'admin') {
      $_SESSION['error'] = 'You do not have the priviledges to view that page. (el.S2)';
      @mysqli_close($mysqli);
      header('Location: ' . adminFullWebAddress . '/index.php'); exit;
    }
  }
?>
<!DOCTYPE>
<html>
<head>
<link href="adminstyle.css" rel="stylesheet" type="text/css" />
<title><?php echo(site_title); ?></title>
</head>
<body>
    <div id="container">

                                <div class="containerInner">
                                <div id="leftInner100">
                                <?php // start of leftInner ?>

<?php menu(); ?>

                    <h1 class="middleTitle">Admin </h1>
                    <?php
                    if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; unset($thisError); }
                    if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; unset($thisSuccess); }
                    ?>

                    
                    <br><br>
                                </div><?php //    end of leftInner ?>
                                </div><?php // end of containerInner ?>

        <div class="clearfix"></div>

    </div><?php // container ?>
</body>
</html>
<?php @mysqli_close($mysqli); ?>

index.php

<?php
session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1);
include("functions.php");
$checkAdminStatus = checkAdminStatus($mysqli);
//$_SESSION['loginRedirect'] = adminFullWebAddress . "/index.php";
$fromlink4 = isset($_SERVER['REMOTE_ADDR']) ? (gethostbyaddr($_SERVER['REMOTE_ADDR'])) : "empty";
$ipAddress = $_SERVER['REMOTE_ADDR'];

    if(isset($_POST['email'])) { $email = $_POST['email']; $email = strip_tags($email); } else { $email = ""; }
    if(isset($_POST['pass'])) { $password = $_POST['pass']; $pass = $_POST['pass']; } else { $pass = ""; }
    if(isset($_POST['login']) && trim($_POST['login']) == 'Login') {
            $checkEmail        = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1");
            $checkBanned    = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `suspended` = 'Yes' LIMIT 1");
            $failedLoginCounter    = 0;

            if(!$email) {
                $thisError = 'Please enter your e-mail address.';
            } else if(! $checkEmail->num_rows) {
                $thisError = 'Either the email address, password or both were not entered correctly.';
            } else if(!$password) {
                $thisError = 'Please enter your password.';
            } else if($checkBanned->num_rows) {
                $thisError = 'Your account has been suspended by Admin.';
            } else {
                    $password = md5($password);
                    $checkAccount = db_query($mysqli, "SELECT * FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `password` = '" . $mysqli->real_escape_string($password) . "' LIMIT 1");
                        if($checkAccount->num_rows) {
                        $saveChanges = db_query($mysqli, "UPDATE `admins` SET `lastlogindatetime` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string($ipAddress) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1");
                        // set lastlogindatetime
                        $_SESSION['admin'] = $checkAccount->fetch_assoc();
                        $loginRedirect = isset($_SESSION['loginRedirect']) ? $_SESSION['loginRedirect'] : "";
                        $_SESSION['success'] = 'You are now logged in. (ok.L2) ' . $loginRedirect;
                              header('Location: ' . adminFullWebAddress . '/' . $loginRedirect); exit;
                        } else {
                                $thisError = 'Your e-mail address and/or password is incorrect.<br>If you still face issues, you can <a href="startresetpw.php">reset your password</a>';
                                $saveChanges = db_query($mysqli, "UPDATE `admins` SET `failedLoginCounter` = `failedLoginCounter` + 1, `lastloginfailedip` = '" . $mysqli->real_escape_string($ipAddress) . "', `lastlogindatetimeFailed` = '" . $mysqli->real_escape_string(datetimenow) . "' WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1"); // set lastlogindatetimeFailed
                                 }
                    }
    }
if(!isset($_SESSION['admin'])) {
define('site_title', 'Login');
define('pageTitle', 'Login');
} else {
define('site_title', 'Home');
define('pageTitle', 'Home');
}
?>
<!DOCTYPE>
<html>
<head>
<link href="adminstyle.css" rel="stylesheet" type="text/css" />
<title><?php echo(site_title); ?></title>
</head>
<body>
    <div id="container">
            <div class="containerInner">
            <div id="leftInner100">
            <?php // start of leftInner ?>

                <div id="mainphoto"><?php //specialMessage($mysqli); mainPageImage(""); ?></div>
                <div class="clear"></div><?php

                    if(isset($_SESSION['admin'])) {
                        menu();
                    }

                    if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; }
                    if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; }
                    unset($thisError); unset($thisSuccess);

                        if(!isset($_SESSION['admin'])) { ?>
                                <div style="width: 100%; margin: 0em auto; text-align: center;">
                                    <form method="POST" action="index.php" style="width: 15em; text-align: center;">
                                      <div class="field"> E-mail Address </div>
                                      <div class="value"> <input type="text" name="email" value="<?php if(isset($_POST['email'])) { echo $email; } ?>" style="width: 12.5em;" title="email"> </div>
                                          <div class="field"> Password<br><span style="font-size: 0.8em;"><?php
                                          if (isset($_POST['pass'])) { echo('<strong style="color: red;">'); } ?>(Please note: your password may be CaSe SeNSitIvE)<?php if (isset($_POST['pass'])) { echo('</strong>'); } ?></span>
                                          </div>
                                      <div class="value"> <input type="password" name="pass" value="" style="width: 12.5em;" title="pass"> </div>
                                      <div><br><input type="submit" name="login" value="Login"> <input type="reset" value="Clear"><br></div>
                                    </form><br>
                                  <div class="clearFloat"></div>
                                </div>
                        <?php
                        } else { ?>logged in<?php } ?>

            <br><br>
            </div><?php //    end of leftInner ?>
            </div><?php // end of containerInner ?>
        <div class="clearfix"></div>
    </div><?php // container ?>
</body>
</html>
<?php
@mysqli_close($mysqli); ?>

functions.php

<?php
define('showOutput', 0);

include("/home/****/db_login_functions.php");
define('db_table_name', 'clientList');
define('mailHost', 'mail.****.com');
define('mailUsername', 'noreply@****.com');
define('mailPW', '****');

define('bounce', 'bounce@****.com');

define('fullDomain', 'https://www.admin.****.com');
define('adminFullWebAddress', 'https://www.admin.****.com');
define('adminEmail', 'admin@****.com');
define('fromEmail', 'noreply@****.com');
define('fromName', 'DO NOT REPLY');
define('REMOTEADDR', isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '');
define('PHPSELF', $_SERVER['PHP_SELF']);
define('HTTPREFERER', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "not set");

define('unsub', 'https://www.****.com/unsub.php'); define('securityhash', 'abc'); // NEVER change this securityhash.

date_default_timezone_set('Europe/London');
define('datetimenow', date("Y-m-d H:i:s"));

/*        check if user is allowed to access a certain page or not.    */
function checkAdminStatus($mysqli) { $yesNo = "";

    if(isset($_GET['action']) && $_GET['action'] == 'logout') {
        unset($_SESSION['admin']);
        $_SESSION['success'] = 'You have successfully logged out. (lo.1)';
        header('Location: index.php'); exit;
    }
    if(isset($_SESSION['admin']) ) {
        //            need to add in code to check if logged in for more than 1 hour, if so log out on next refresh of page.
        if ($_SESSION['admin']['lastAccessSinceLogin'] < date( 'Y-m-d H:i:s', strtotime("-5 minutes") )) {        unset($_SESSION['admin']);
        $_SESSION['error'] = 'You were logged out due to no activity, please login again to view that page. (lo.2)';
        header('Location: index.php'); exit;
        }
    $checkBanned    = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' AND `suspended` = 'Yes' LIMIT 1");
        if($checkBanned->num_rows) {        $yesNo = "NOACCESS";        //$_SESSION['error'] = 'You must be logged in to view that page.';
        } else {        $yesNo = "ACCESS";        // if logged in, update        `users`.`lastAccessSinceLogin`        with current datetime.
        $updateLastAccessSinceLogin = db_query($mysqli, "UPDATE `admins` SET `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string(REMOTEADDR) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' LIMIT 1");
        $_SESSION['admin']['lastAccessSinceLogin'] = datetimenow;
        }
    }

return $yesNo;
}

function menu() {
echo('<a href="index.php?action=logout">Log Out</a>&nbsp;&nbsp;&nbsp;&nbsp;');
echo('
<a href="adminCreateCampaign.php">Create Campaign</a><br><br><br>');
}
?>

.htaccess (within the admin folder)

Header set Access-Control-Allow-Origin "*"

RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly.
suPHP_ConfigPath /home/****/php.ini

.htaccess (within the root folder)

Header set Access-Control-Allow-Origin "*"

RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly.
suPHP_ConfigPath /home/****/php.ini

the php.ini file

allow_url_fopen = on
allow_irl_include = on
date.timezone = Europe/London
safe_mode = off
upload_max_filesize = 20M
post_max_size = 20M
upload_tmp_dir = "/home/****/tmp"
session.save_path = "/home/****/sessions"
session.use_only_cookies = on
error_reporting = E_ALL
log_errors = On
display_errors = Off
track_errors = On
error_log = "/home/****/errors.log"
sendmail_from = "server@****.com"

Full Excel VBA Course - Beginner to Expert

After Login ...access Danied

Similar Tutorials

View Content

Access Level From Database To Login In Myphpadmin

Similar Tutorials

View Content

We have setup a member login page in CS5 using a myphpadmin database. We want to give members access to particular areas of our site depending on what username and password they enter. ie member 1 only requires access to specific documents/webpages - member 2 requires access to other documents/webpages. Not sure how to do this.

Php Login Form With Odbc Connection Toms Access

Similar Tutorials

View Content

So I'm doing a project and I need to make a successful login form, where it checks in MS Access if the username and password are correct, and if they are the user is taken to a new page. If they are wrong, a message comes up and they stay on the same page.

The user should first just see a blank form, but after submit is pressed, it should check if the username and password are correct. IF they are should be taken to a new page.

It's been a while since I used php last, so I wasn't quite sure how to tackle this issue. I was wondering if someone could please help me? here is my code.

Code: [Select]
<html>
<head>
<style type="text/css">

</style>
</head>
<body style="text-align:center">

<div id='title'>

</div>

<?php

print_r ($_POST) ;

if (isset($_POST['submit'])) {

if(isset($_POST['username'])){
$username= $_POST['username'] ;
}
if(isset($_POST['password'])){
$TABLE= $_POST['password'] ;
}

$username  = null ;
$password  = null ;

$connection = odbc_connect('Olympics', '', '');

if (!$connection)
{exit("Conection Failed: " . $connection);}

$username = stripslashes($username);
$password = stripslashes($password);

$sql = "select * from users where users = '$username' and passwords = '$password'";

$rs=odbc_exec($connection,$sql);

$count=odbc_num_rows($rs);

if ($count == 1) {
     $_SESSION['loggedIn'] = "true";
     header("Location: searchpage.php");
} else {
     $_SESSION['loggedIn'] = "false";
    header("Location: index.php");
echo "Login failed" ;
}

}

echo "<form action='index.php' method='post'> \n" ;
echo" Please enter your username and password if you wish. <br/> \n" ;
echo "Username: <input type='text' name='username' > \n " ;
echo "Password: <input type='password' name='password' > \n" ;
echo "<input type='submit' value='Login' name='submit'> <br/> \n" ;
echo "<input type='submit' value='You may also continue you as a guest.'> \n" ;

?>
</body>
</html>

Php Login Form Verifying Username With Odbc Connect To Access

Similar Tutorials

View Content

So basically my project is one where the user can log onto my website, and the page then checks if the ID and password are in my table in my microsoft access file.

If the username and password are the same, the user continues, if it isnt, then it stays on the same page and says something like "username and/or password are incorrect" or something along the lines of that.

the problem is right now im not sure how to make it say "ERROR username and/or password is incorrect" if the username and password dont match. Can someone help me with this? and also make sure if the username and password are correct that it goes to the next page, entitled searchpage.php

here is the code Code: [Select]
<html>
<head>
<style type="text/css">

</style>
</head>
<body style="text-align:center">

<div id='title'>

</div>

<?php

print_r ($_POST) ;

if

if (isset($_POST['Login'])) {

if(isset($_POST['username'])){
$username= $_POST['username'] ;
}
if(isset($_POST['password'])){
$TABLE= $_POST['password'] ;
}

$username  = null ;
$password  = null ;

$connection = odbc_connect('Olympics', '', '');

if (!$connection)
{exit("Conection Failed: " . $connection);}

$username = stripslashes($username);
$password = stripslashes($password);

$sql = "select * from users where users = '$username' and passwords = '$password'";

$rs=odbc_exec($connection,$sql);

$count=odbc_num_rows($rs);

if ($count == 1) {
     $_SESSION['loggedIn'] = "true";
     header("Location: searchpage.php");
} else {
     $_SESSION['loggedIn'] = "false";
    header("Location: index.php");
echo "Login failed" ;
}

}

echo "<form action='index.php' method='post'> \n" ;
echo" Please enter your username and password if you wish. <br/> \n" ;
echo "Username: <input type='text' name='username' > \n " ;
echo "Password: <input type='password' name='password' > \n" ;
echo "<input type='submit' value='Login' name='Login'> <br/> \n" ;
echo "<input type='submit' value='You may also continue you as a guest.'> \n" ;
echo "</form>" ;

?>
</body>
</html>

Login Form - Member And Admin Page After Login

Similar Tutorials

View Content

hi

i need help an idea how can i separate members from admins
since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something)
how what i want to do is separate members and admins because admin need more rights to do
now i have idea but dont know will it work like that
what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work?
and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag?

Access An Object Created In One Page In Another Page

Similar Tutorials

View Content

i have created an object in one page. it has a submit button which upon clicking opens a new page. is it possible to access that created object and its data members in that second page?

here is the code for creating the object in the first page.

$viewcart = new Cart();
$viewcart->GetProductCart($user);

Access Denied Page

Similar Tutorials

View Content

I want to make it so public users cant access the index of/ page, how do I do that?
Thanks

File_get_contents To Access Javascript Page ?

Similar Tutorials

View Content

Hello,

Im making a little script to grab some data from a website but the data loads up a Javascript popup and unless you click the link from the page you came from you get a 404 error.

Is there any ways to able me to load up the page using php so i can access some of the data on the page.

The page im trying to access has the following code in the head, Does that have anything to do why you cant directly access it?

Code: [Select]
<META NAME="Robots" CONTENT="index,follow">

Hope this makes sense, If anyone knows a solution i would really appreciate it.

Getting Image Link To Be The Only Way To Access A Page

Similar Tutorials

View Content

Make A Link The Only Way To Access A Certain Page

Similar Tutorials

View Content

I have a site, and there is an image with a link to another page, how can I make it so this is the only way to get to that page is by clicking on that image, and not by typing www.mywebsite.com/page.php into the address bar in a browser?

Access To Page For Certain Pages Via Mysql

Similar Tutorials

View Content

Hi guys so i want to make page acces to certain ranks.

So im thinking for something like this

rank1 -> home.php, admins.php
rank2 -> home.php
rank3 -> home.php
rank4 -> home.php

So the ranks are in a database with the page names. So now when someone logs in they will get a certain rank. So now i need to make a function that will check if the rank has access to this page.

$curPageName = substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1);

This will detect the current page that the logged in person is at now. But now how do i check if the $_SESSION['rank']; (rank1) has the access to get in page admins.php, and obviously to make $_SESSION['rank'];(rank2) redirect from the page admins.php

Could someone point me in the right direction? Do i select the ranks and page names from database then put it into a array?

Thanks.

Displaying Ms Access Query In Php Page

Similar Tutorials

View Content

I have an MS Access Database that resides on the server that I will be hosting the pages I'm building.

In my MS Access Database I have a query called "CheckedInEquipment" that I would like to have constantly display on a PHP page.
It needs to be 'fluid', so the data is always up to date on the web page.
(This is all in a sandbox XAMPP environment).

Has anyone done this, can you lead me to examples or push me in the right direction?

Carl

Need Help Adding Rules/exceptions So That Php Page Works With A Login Page

Similar Tutorials

View Content

Hi,

I am a php newbie, who has a page that relies on some php scripts, and to which I am trying to add a login page written in php. I took the example from he

http://www.howtodothings.com/computers-internet/how-to-make-a-login-system-for-your-website

Basically it consists of adding:

<?
require("log.php");
?>

to the top of any page I want to protect, a log.php file which performs the actions of the form, linking to a mySQL database, and a login.php file which contains the form.

I have the login working fine, but it breaks one of the PHP scripts on the page that is protected. It is an upload script, called Weaverbox, based on FancyUpload. The uploads which are handled by a file called upload.php, aren't happening. The progress shows that they are being uploaded, but nothing is uploaded, and there is no success message. As soon as I remove the code from the top of the page requiring log.php all works fine again.

I think I may have to add some rules/extensions to resolve this conflict, but I don't know how to go about this. Would someone be able to help me get it sorted?

Thanks

Nick

Blank Page When I Click Login Button, Also, Need To Set Error Page

Similar Tutorials

View Content

Can someoneplease help, I need to setup an error page like IF Username and Password are wrong then show an error also if there is no username or password in the fields and I just click LOGIN, I get a blank page?!

Can someone please help me here or point me to a relevant tutorial?

thanks

here is my page:
http://www.retroandvintage.co.uk/default.php

here is my code:
Code: [Select]
<?php
session_start();
include_once("config.php");

$ebits = ini_get('error_reporting');
error_reporting($ebits ^ E_NOTICE);
/*
Login script:
This script does the following:

Checks that the user is NOT already logged in - if they are they
are redirected to the members page by the 'checkLoggedIn()' function.

Checks if the login form has been submitted - if so, the 'login' and
'password' fields are checked to ensure they are of the correct format and length.
If there are any problems here an error is added to the $messages array and
then the script executes the 'doIndex()' function - this function basically
outputs the main 'index' page for this script - ie the login form.

If there are no problems with the previous step, the 'login' and 'password'
field data is passed to the 'checkPass' function to check that an entry
exists in the 'users' table for that login/password pair.
If nothing is returned from the 'checkPass()' function, an error is
added to the $messages array and the 'doIndex()' function is called as above.

If a row of data is returned from the 'users' table, the data is passed to
the 'cleanMemberSession()' function - which initializes session variables and
logs the user in.  The user is then forwarded to the members page.

If the form hasn't yet been submitted, then the 'doIndex()' function is called
and the login page is displayed.
*/
// Check user not logged in already:
checkLoggedIn("no");

// Page title:
$title="Member Login Page";

// if $submit variable set, login info submitted:
if(isset($_POST["submit"])) {
//
// Check fields were filled in
//
// login must be between 4 and 15 chars containing alphanumeric chars only:
field_validator("rsUser", $_POST["rsUser"], "alphanumeric", 4, 15);
// password must be between 4 and 15 chars - any characters can be used:
field_validator("rsPass", $_POST["rsPass"], "string", 4, 15);

// if there are $messages, errors were found in validating form data
// show the index page (where the messages will be displayed):
if($messages){
doIndex();
// note we have to explicity 'exit' from the script, otherwise
// the lines below will be processed:
exit;
}

// OK if we got this far the form field data was of the right format;
// now check the user/pass pair match those stored in the db:
/*
If checkPass() is successful (ie the login and password are ok),
then $row contains an array of data containing the login name and
password of the user.
If checkPass() is unsuccessful however, $row will simply contain
the value 'false' - and so in that case an error message is
stored in the $messages array which will be displayed to the user.
*/
    if( !($row = checkPass($_POST["rsUser"], $_POST["rsPass"])) ) {
// login/passwd string not correct, create an error message:
        $messages[]="Incorrect login/password, try again";
    }

/*
If there are error $messages, errors were found in validating form data above.
Call the 'doIndex()' function (which displays the login form) and exit.
*/
if($messages){
doIndex();
exit;
}

/*
If we got to this point, there were no errors - start a session using the info
returned from the db:
*/
cleanMemberSession($row["rsUser"], $row["rsPass"]);

// and finally forward user to members page (populating the session id in the URL):
header("Location: main.php");
} else {
// The login form wasn't filled out yet, display the login form for the user to fill in:
doIndex();
}

/*
This function displays the default 'index' page for this script.  This consists of just a simple
login form for the user to submit their username and password.
*/
function doIndex() {
/*
Import the global $messages array.
If any errors were detected above, they will be stored in the $messages array:
*/
global $messages;

/*
also import the $title for the page - note you can normally just declare all globals on one line
- ie:
global $messages, $title;
*/
global $title;
}
// drop out of PHP mode to display the plain HTML:
?>
<!doctype html>
<html>
<head>
<title>List of Pubs and Bars in the UK</title>
<meta name="description" content="Pubs and bars in the UK, nightlife for food and drink" />
<meta name="keywords" content="Pubs, bars, List, uk, nightlife, drinking, drinks, beer, lager, food" />
<meta name="Content-Language" content="en-gb" />
<meta name="robots" content="FOLLOW,INDEX" />
<meta name="revisit-after" content="2 days" />
<meta name="copyright" content="jbiddulph.com" />
<meta name="author" content="John Biddulph - Professional web site design and development in the south of england mainly worthing and brighton" />
<meta name="distribution" content="Global" />
<meta name="resource-type" content="document" />
<link rel="stylesheet" type="text/css" href="css/reset.css" />
<link rel="stylesheet" type="text/css" href="css/ui-lightness/jquery-ui-1.8.6.custom.css" title="default" />
<link rel="alternate stylesheet" type="text/css" href="css/south-street/jquery-ui-1.8.6.custom.css" title="1" />
<link rel="alternate stylesheet" type="text/css" href="css/redmond/jquery-ui-1.8.6.custom.css" title="2" />
<script type="text/javascript" src="js/stylechanger.js"></script>
<script type="text/javascript" src="js/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="js/jquery-ui-1.8.6.custom.min.js"></script>
<script type="text/javascript">
$(function(){

// Accordion
$("#accordion").accordion({ header: "h3" });

// Tabs
$('#tabs').tabs();

// Dialog
$('#dialog').dialog({
autoOpen: false,
width: 600,
buttons: {
"Ok": function() {
$(this).dialog("close");
},
"Cancel": function() {
$(this).dialog("close");
}
}
});

// Dialog Link
$('#dialog_link').click(function(){
$('#dialog').dialog('open');
return false;
});

// Datepicker
$('#datepicker').datepicker({
inline: true
});

//hover states on the static widgets
$('#dialog_link, ul#icons li').hover(
function() { $(this).addClass('ui-state-hover'); },
function() { $(this).removeClass('ui-state-hover'); }
);

});
</script>
<script type="text/javascript">
function lookup(inputString) {
if(inputString.length == 0) {
// Hide the suggestion box.
$('#suggestions').hide();
} else {
$.post("rpc.php", {queryString: ""+inputString+""}, function(data){
if(data.length >0) {
$('#suggestions').show();
$('#autoSuggestionsList').html(data);
}
});
}
} // lookup

function fill(thisValue) {
$('#inputString').val(thisValue);
setTimeout("$('#suggestions').hide();", 200);
}
</script>
</head>
<body>
<?php if($messages) { displayErrors($messages); }?>
<header>
<div id="title">
<h1>My Pub Space
<a href="#" onClick="setActiveStyleSheet('default'); return false;"><img src="images/0.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('1'); return false;"><img src="images/1.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('2'); return false;"><img src="images/2.gif" width="15" height="15" border="0" alt="css style" /></a>
<span>
<form method="post" class="textbox" action="search.php">
Town/City: <input type="text" size="26" class="searchbox" value="" name="rsTown" id="inputString" onKeyUp="lookup(this.value);" onBlur="fill();" />

<div class="suggestionsBox" id="suggestions" style="display: none;">
<img src="images/upArrow.png" style="position: relative; top: -36px; left: 105px; z-index:1;" alt="upArrow" />
<div class="suggestionList" id="autoSuggestionsList">
  </div>
</div>
<input type="image" src="images/go.png" height="30" with="30" value="GO" />
</form>
</span>
</h1>
</div>
</header>
<nav>
<ul>
<li class="selected"><a href="default.php">Home</a></li>
<li><a href="#">Pubs</a></li>
<li><a href="#">Members</a></li>
<li><a href="#">Events</a></li>
<li><a href="register.php">Register</a></li>
</ul>
</nav>
<section id="intro">
<header>
<h2>Your social guide to going down the pub, online!</h2>
</header>
<p>Stuck in town with nowhere to go? Not sure if up the road or down the street is best? Need to be somewhere warm, cosy and friendly. Need a drink?....<br />You've come to the right place, mypubspace has it all!</p>
<img src="images/pub.jpg" alt="pub" /> </section>
<div id="content">
<div id="mainContent">
<section>
<article class="blogPost">
<header>
<h2>Pubs and Bars UK Listing</h2>

</header>
<?php

$tableName="pubs";
$targetpage = "default.php";
$limit = 20;

$query = "SELECT COUNT(*) as num FROM $tableName";
$total_pages = mysql_fetch_array(mysql_query($query));
$total_pages = $total_pages['num'];

$stages = 3;
$page = mysql_escape_string($_REQUEST['page']);
if( isset($_REQUEST['page']) && ctype_digit($_REQUEST['page']) ) {
      $page = (int) $_GET['page'];
      $start = ($page - 1) * $limit;
}else{
      $start = 0;
}

    // Get page data
$query1 = "SELECT * FROM $tableName LIMIT $start, $limit";
$result = mysql_query($query1);

// Initial page num setup
if ($page == 0){$page = 1;}
$prev = $page - 1;
$next = $page + 1;
$lastpage = ceil($total_pages/$limit);
$LastPagem1 = $lastpage - 1;

$paginate = '';
if($lastpage > 1)
{

$paginate .= "<div class='paginate'>";
// Previous
if ($page > 1){
$paginate.= "<a href='$targetpage?page=$prev'>previous</a>";
}else{
$paginate.= "<span class='disabled'>previous</span>"; }

// Pages
if ($lastpage < 7 + ($stages * 2)) // Not enough pages to breaking it up
{
for ($counter = 1; $counter <= $lastpage; $counter++)
{
if ($counter == $page){
$paginate.= "<span class='current'>$counter</span>";
}else{
$paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";}
}
}
elseif($lastpage > 5 + ($stages * 2)) // Enough pages to hide a few?
{
// Beginning only hide later pages
if($page < 1 + ($stages * 2))
{
for ($counter = 1; $counter < 4 + ($stages * 2); $counter++)
{
if ($counter == $page){
$paginate.= "<span class='current'>$counter</span>";
}else{
$paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";}
}
$paginate.= "...";
$paginate.= "<a href='$targetpage?page=$LastPagem1'>$LastPagem1</a>";
$paginate.= "<a href='$targetpage?page=$lastpage'>$lastpage</a>";
}
// Middle hide some front and some back
elseif($lastpage - ($stages * 2) > $page && $page > ($stages * 2))
{
$paginate.= "<a href='$targetpage?page=1'>1</a>";
$paginate.= "<a href='$targetpage?page=2'>2</a>";
$paginate.= "...";
for ($counter = $page - $stages; $counter <= $page + $stages; $counter++)
{
if ($counter == $page){
$paginate.= "<span class='current'>$counter</span>";
}else{
$paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";}
}
$paginate.= "...";
$paginate.= "<a href='$targetpage?page=$LastPagem1'>$LastPagem1</a>";
$paginate.= "<a href='$targetpage?page=$lastpage'>$lastpage</a>";
}
// End only hide early pages
else
{
$paginate.= "<a href='$targetpage?page=1'>1</a>";
$paginate.= "<a href='$targetpage?page=2'>2</a>";
$paginate.= "...";
for ($counter = $lastpage - (2 + ($stages * 2)); $counter <= $lastpage; $counter++)
{
if ($counter == $page){
$paginate.= "<span class='current'>$counter</span>";
}else{
$paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";}
}
}
}

// Next
if ($page < $counter - 1){
$paginate.= "<a href='$targetpage?page=$next'>next</a>";
}else{
$paginate.= "<span class='disabled'>next</span>";
}

$paginate.= "</div>";

}
echo $total_pages.' Results';
// pagination
echo $paginate;
?>

<div id="accordion">
<?php

while($row = mysql_fetch_array($result))
{

echo '<div><h3><a href=\"#\">'.$row['rsPubName'].'</a></h3><div>'.$row['rsAddress'].'<br />'.$row['rsTown'].', '.$row['rsCounty'].'<br />'.$row['rsPostCode'].'<br /><br />Region: '.$row['Region'].'<br /><br />Telephone: '.$row['rsTel'].'</div></div>';

}

?>
</div>
</article>
</section>

</div>
<aside>
<section>
<header>
<h3>Members Login Area</h3>
</header>
<form method="post" class="textbox" action="<?php print $_SERVER["PHP_SELF"]; ?>">
Username: <br />
<input type="text" class="textbox" name="rsUser" value="<?php print isset($_POST["rsUser"]) ? $_POST["rsUser"] : "" ; ?>">
Password: <br />
<input type="password" class="textbox" name="rsPass">
<br />
<br />
<input name="submit" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" type="submit" value="Login">
<br />
</form>
<ul>
<li><button id="button" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" role="button" aria-disabled="false"><span class="ui-button-text"><a href="register.php">Sign up</a></span></button></li>
<li><button id="button" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" role="button" aria-disabled="false"><span class="ui-button-text"><a href="forgot.php">Forgot Password</a></span></button></li>
</ul>
</section>
<section>
<header>
<h3>Quick Search</h3>
</header>
<ul>
<li><a href="#">Coming Soon!</a></li>
</ul>
</section>
</aside>
</div>
<footer>
<div>
<section id="about">
<header>
<h3>About</h3>
</header>
<p>My Pub Space is one of the largest and newest UK Pubs and Bars Listing sites online. It is not just a list of pubs, we have added a touch of interactive social pubbing experience online! Once registered, you can view information on pubs in your area, write reviews, organise your evenings out!</p>
</section>
<section id="blogroll">
<header>
<h3>Links</h3>
</header>
<ul>
<li><a href="#">Coming Soon!</a></li>
</ul>
</section>
<section id="popular">
<header>
<h3>Popular</h3>
</header>
<ul>
<li><a href="#">Coming Soon!</a></li>
</ul>
</section>
</div>
</footer>
</body>
</html>

Session Value Doesn't Remain From Login Page To Another Page While Others Do

Similar Tutorials

View Content

ONE of my SESSION values isn't remaining after login while others do.

This works fine on my localhost, it's on the live site that there is a problem and it just started yesterday. Before that it worked great.

Out of the four SESSIONs made I can only echo three values on other pages, member id the most important doesn't transfered to other pages

Notes: all these files are in the same folder, there is a SESSION started for the member id on the login page, you can see that it is used in the redirect below and the redirect works fine with the redirect going to the correct page " $home/member/index.php?user=$id_mem "

Here is the login page
// Here's the basic login page info
<?php # login.php
session_start();
ob_start()
...connect to db & header called...
...Form validation.....

if ($e && $p) { // If everything's OK.
// Query the database:
$q = "SELECT id_mem, display_name, mem_group FROM sn_members WHERE (email='$e' AND password=SHA1('$p')) AND active IS NULL";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
// or die("Error: ".mysqli_error($dbc));

if (@mysqli_num_rows($r) == 1) { // If a match was made.

// Register the values & redirect:
// Give SELECTED elements a session
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
mysqli_free_result($r);

// Update db for last login
$id_mem = $_SESSION['id_mem']; // <<< SESSION member id has a value here because it's used in the redirect below
$ip = $_SERVER['REMOTE_ADDR']; // Get ip address of person logging in
$q = "UPDATE sn_members SET last_login = Now(), ip = '$ip' WHERE id_mem = '$id_mem' LIMIT 1";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

header("Location: $home/member/index.php?user=$id_mem");
exit(); // Quit the script.

}
?>

Here is the main page that a user would be redirect to above
<?php // /member/ all member info is through this folder
session_start();
ob_start();

if (isset($_GET['user']) && is_numeric($_GET['user'])) {
$user = $_GET['user'];
$user = $user;
if ($user < 0) {
header("Location: $home/index.php");
exit();
}
}

if ((!isset($_SESSION['id_mem'])) && (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])))){
// If not a logged in member redirect
header("Location: $home/index.php");
exit(); // Quit the script.
}
?>

Thanks in advance for the help
SJ

Debug_backtrace In Php To Prevent Direct Access To Page/resource

Similar Tutorials

View Content

I am using the debug_backtrace() php function to prevent direct access to admin files. i simply place the code below at the top of a page eg config.php and direct access via the browser is prevented. Is it a safe practice or is there a better way of doing it?

<?php

debug_backtrace() || die ("Direct access to this resource is  forbidden");

?>

Thanks

Page Based Access Control Code Restructuring

Similar Tutorials

View Content

Below is the screenshots and script for user page level access i have used it for one of my old projects. Code is working as it was intended. But it needs to be improvised.

Users table

pages table , which has all the pages and links

Access level table. which has user id from users table and page id from pages table (for which user has access)

Once the user is created, admin gives access to the user on page basis, the permissions.php page looks like this

The modules

Menus inside the modules

Pages in each menu

Here is my code for permission.php

<div id="demo2-html">                    
<ul id="demo2" class="mnav">
	<li><a href="#">Sales</a>
    <ul>
    <li><a href="#">Lead</a>
    <ul>
			<table class="table table-bordered table-striped table-hover">
				
                <?php 
				
				$s1 = mysqli_query($con, "SELECT pages.page_id as pid, pages.code, pages.page, 
									pages.href, access_level.aid, access_level.page_id as pgid, 
									access_level.user_id 
								FROM pages
								LEFT JOIN access_level ON (pages.page_id=access_level.page_id 
									AND access_level.user_id=".$user." 
									) WHERE pages.code='led'") or die(mysqli_error($con));
									
				while($s2 = mysqli_fetch_array($s1)) {  ?>
				<tr><li><td><?php echo $s2['page']; ?>  </td><td><input type="checkbox" name="sn[]" value="<?php echo $s2['pid']; ?>" <?php if($s2['pgid'] === $s2['pid']) echo 'checked="checked"';?> />
                <input type="hidden" value="<?php echo $s2['pid']; ?>" name="page_id[<?php echo $s2['pgid']; ?>]">
                </td></li></tr>
                <?php } ?>
                </table>
				</ul>
			</li>
            
            <li><a href="#">Customer</a>
    <ul>
			
			<table class="table table-bordered table-striped table-hover">
				
                <?php 
				
				$s1 = mysqli_query($con, "SELECT pages.page_id as pid, pages.code, pages.page, 
									pages.href, access_level.aid, access_level.page_id as pgid, 
									access_level.user_id 
								FROM pages
								LEFT JOIN access_level ON (pages.page_id=access_level.page_id 
									AND access_level.user_id=".$user." 
									) WHERE pages.code='cst'") or die(mysqli_error($con));
									
				while($s2 = mysqli_fetch_array($s1)) {  ?>
				<tr><li><td><?php echo $s2['page']; ?>  </td><td><input type="checkbox" name="sn[]" value="<?php echo $s2['pid']; ?>" <?php if($s2['pgid'] === $s2['pid']) echo 'checked="checked"';?> />
                <input type="hidden" value="<?php echo $s2['pid']; ?>" name="page_id[<?php echo $s2['pgid']; ?>]">
                </td></li></tr>
                <?php } ?>
                </table>
				</ul>
			</li>
      //code goes for all the other modules
      
      </ul>
            </li>
            
    
    
</ul>
</div>


<input type="hidden" name="user" value="<?php echo $user; ?>" />
<div class="row" align="center">
<input type="submit" name="submit" class="btn btn-success" value="Save" />
  </form> 



// form Submission

if(isset($_POST['submit']))
{
	$user = $_POST['user'];
	
 $sql = "DELETE FROM access_level WHERE user_id = ".$user."";
 $query = mysqli_query($con, $sql) or die (mysqli_error($con));

foreach($_POST['sn'] as $sn)
{
 $sql = "insert into access_level (page_id, user_id) values (".$sn.", ".$user.")";
 $query = mysqli_query($con, $sql) or die (mysqli_error($con));
}


if($query)
{
header("location:users.php?access=1");	
}

	
}

So against each user i am storing all the page ids here. When i edit any of the users, it deletes all the records and again insers new records. Which i feel is not a proper way to do.
And also, if i have 10 users and 100 pages, suppose all the users are having access to all the pages, records in user_access table will be 1000.

And in codewise also, i am redirecting the user to no_access.php (as below) page if the user do not have access.

<?php
ob_start();
include("connect.php");
include("admin_auth.php"); 
$q1 =  basename($_SERVER['REQUEST_URI'], '?' . $_SERVER['QUERY_STRING']);
$q2 = $_SERVER['REQUEST_URI'];
$var1 = "/".$q1;

$qa_path=explode('/', $q2);

$right_path = $qa_path[2].$var1;

$parsedUrl = parse_url($q2);


$curdir = dirname($_SERVER['REQUEST_URI'])."/";



$m4 = "select p.page_id, p.code, p.page, p.href, al.aid, al.page_id, al.user_id FROM pages p INNER JOIN access_level al ON p.page_id=al.page_id WHERE al.user_id=".$_SESSION['user_id']."";

$m5 = mysqli_query($con, $m4)  or die (mysqli_error($con));


while($nk1 = mysqli_fetch_array($m5)) {
	
	$href1[] = ($nk1['href']); }
	
	
	if(in_array($right_path, $href1)) {

echo "<script type='text/javascript'> document.location = ".BASE_URL."/".$right_path."</script>"; 
}
else
{

echo "<script type='text/javascript'> document.location = '../no_access.php' </script>";
exit();
}	

?>

I need help in improve and better/effective (structural) way to do this both in database and php script.

Why Won't My Login Page Actually Login?

Similar Tutorials

View Content

Hello, I am once again desperately asking for your help,

I am working on a simple login page and I am having trouble actually getting it to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now

This is the code any suggestions would be greatly appreciated

<?php
    /*
    Name: Deanna Slotegraaf 
    Course Code: WEBD3201
    Date: 2020-09-22
    */

    $file = "sign-in.php";
    $date = "2020-09-22";
    $title = "WEBD3201 Login Page";
    $description = "This page was created for WEBD3201 as a login page for a real estate website";
    $banner = "Login Page";
    require 'header.php';

    $error = "";

    if($_SERVER["REQUEST_METHOD"] == "GET")
    {
        $username = "";
        $password = "";
        $lastaccess = "";        
        $error = "";
        $result = "";
        $validUser = "";
    }
    else if($_SERVER["REQUEST_METHOD"] == "POST")
    {        
    	$conn;
        $username = trim($_POST['username']); //Remove trailing white space
        $password = trim($_POST['password']); //Remove trailing white space

    if (!isset($username) || $username == "") {
      $error .= "<br/>Username is required";
    }
    if (!isset($password) || $password == ""){
      $error .= "<br/>Password is required";
    }
    if ($error == "") {
      $password = md5($password);
      $query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
      $results = pg_query($conn, $query);
      //$_SESSION['username'] = $username;
        //$_SESSION['success'] = "You are now logged in";
        header('location: dashboard.php');
      }else {
        $error .= "Username and/or Password is incorrect";
      }

}

?>

<div class = "form-signin">
    <?php
             echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
    ?>
<form action = "<?php echo $_SERVER['PHP_SELF'];  ?>" method="post">

      <label for="uname"><b>Login ID</b></label>
      <input type="text" name="username" value="<?php echo $username; ?>"/>
      <br/>
      <label for="psw"><b>Password</b></label>
      <input type="password" name="password" value="<?php echo $password; ?>"/>
      <br/>
        <button type="submit" name="login_user">Login</button>
        <button type="reset">Reset</button></div>
</form>
</div>

<?php require "footer.php"; ?>

Help With Login Page

Similar Tutorials

View Content

Hey guys i have a few question with this login script im trying to make. Ok so first im using php myadmin and i've created a simple login here that works fine but i want to tweak it so when i login i can login to a specific site where i've created tables and stuff. Is there anyone out there that can help me im a little stumped on how to do this. Thanks in regards. Here are my two scripts im using

show_login.html
Code: [Select]
<html>
<head>
<title>Login Form</title>
<h1>Login to Authorized Area</h1>
<form method= "post" action= "login.php">

<br> Username: <input type= "text" name= "username"> <br>
<br> Password: <input type= "password" name= "password"> <br>

<p> <input type= "submit" name= "submit" value= "Login" </p><br>
</html>
</form>

login.php
Code: [Select]
<?

if ((!$_POST['username']) || (!$_POST['password'])) {
header("Location: show_login.html");
exit;

}

$db_name="ryan";
$table_name="auth_users4";

$connection=@mysql_connect("localhost","RyanH","test1234")or die(mysql_error());

$db =@mysql_select_db($db_name, $connection)or die(mysql_error());

$sql= "SELECT * FROM $table_name WHERE username ='$_POST[username]' AND password = password('$_POST[password]')";
$result = @mysql_query($sql,$connection) or die(mysql_error());

$num=mysql_num_rows($result);

if ($num != 0) {
echo "<P>Congratulations, you're authorized!</p>";
}else{
echo "<P>You are not authorized to use this site</p>";
echo'<br/><a href="show_login.html">Try Again</a>';

exit;

}

?>

Login Page

Similar Tutorials

View Content

Hi im trying to create a sign up page for my website that contains different paths dependin on the membership that you select. I am an unexperienced programmer and need help as nothing is working at the moment. I would appreciate if people could reply to this post as soon as possible as I need it sorted today! Below is my code! Can you please send me suggestive improvement? Thanks

<?php

if (isset ($_POST['firstname'])){



   //grab data from the form


    $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers
    $firstname = preg_replace('#[^A-Za-z]#i', '', $_POST['firstname']); // filter everything but Letters
    $lastname = preg_replace('#[^A-Za-z]#i', '', $_POST['lastname']); // filter everything but Letters
    $phone = preg_replace('#[^0-9]#i', '', $_POST['phone']); // filter everything but numbers
    $address= preg_replace('#[^A-Za-z]#i', '', $_POST['address']); // filter everything but Letters
    $postcode= preg_replace('#[^A-Za-z]#i', '', $_POST['postcode']); // filter everything but Letters
    $town= preg_replace('#[^A-Za-z]#i', '', $_POST['town']); // filter everything but Letters
    $housenumber= preg_replace('#[^0-9]#i', '', $_POST['housenumber']); // filter everything but numbers

    $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); // filter everything but numbers
$b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); // filter everything but numbers
    $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); // filter everything but numbers

    $email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];


$email1 = stripslashes($email1);
$pass1 = stripslashes($pass1);
$email2 = stripslashes($email2);
$pass2 = stripslashes($pass2);

$email1 = strip_tags($email1);
$pass1 = strip_tags($pass1);
$email2 = strip_tags($email2);
$pass2 = strip_tags($pass2);


   //connect to db
   $connection = mysql_connect('linuxproj.ecs.soton.ac.uk', 'db_alw3g08', 'pasta');
   $db = mysql_select_db('db_alw3g08', $connection);

    $emailCHecker = mysql_real_escape_string($email1);
    $emailCHecker = str_replace("`", "", $emailCHecker);
    // Database duplicate username check setup for use below in the error handling if else conditionals
    $sql_uname_check = mysql_query("SELECT username FROM Members WHERE username='$username'");
$uname_check = mysql_num_rows($sql_uname_check);
// Database duplicate e-mail check setup for use below in the error handling if else conditionals
$sql_email_check = mysql_query("SELECT email FROM Members WHERE email='$emailCHecker'");
$email_check = mysql_num_rows($sql_email_check);


   // Error handling for missing data
if ((!$username) || (!$firstname) || (!$lastname) || (!$address) || (!$postcode) || (!$town) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2)) {

   $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';

if(!$username){
$errorMsg .= ' * User Name<br />';
}
if(!$firstname){
$errorMsg .= ' * First Name<br />';
}
     if(!$lastname){
$errorMsg .= ' * Last Name<br />';
}
    if(!$address){
$errorMsg .= ' * Address<br />';
}
    if(!$postcode){
$errorMsg .= ' * postcode<br />';
}
    if(!$town){
$errorMsg .= ' * town<br />';
}
    if(!$b_m){
$errorMsg .= ' * Birth Month<br />';
}
    if(!$b_d){
$errorMsg .= ' * Birth Day<br />';
}
    if(!$b_y){
$errorMsg .= ' * Birth year<br />';
}
    if(!$email1){
$errorMsg .= ' * Email Address<br />';
}
    if(!$email2){
$errorMsg .= ' * Confirm Email Address<br />';
}
    if(!$pass1){
$errorMsg .= ' * Login Password<br />';
}
    if(!$pass2){
$errorMsg .= ' * Confirm Login Password<br />';
}

   } else if ($email1 != $email2) {
$errorMsg = 'ERROR: Your Email fields below do not match<br />';
} else if ($pass1 != $pass2) {
$errorMsg = 'ERROR: Your Password fields below do not match<br />';
} else if (strlen($username) < 6) {
     $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 6 - 20 characters please.<br />";
} else if (strlen($username) > 20) {
     $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 6 - 20 characters please.<br />";
} else if ($uname_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />";
} else if ($email_check > 0){
$errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />";
} else {

    // Error handling is ended, process the data and add member to database

    $email1 = mysql_real_escape_string($email1);
$pass1 = mysql_real_escape_string($pass1);

// Add MD5 Hash to the password variable
$password = md5($pass1);

    // Convert Birthday to a DATE field type format(YYYY-MM-DD) out of the month, day, and year supplied
    $dateofbirth = "$b_y-$b_m-$b_d";

   // Add user info into the database table for the main site table
$sql = mysql_query("INSERT INTO members (username, firstname, lastname, email, password, dateofbirth, phone, lastlogin)
VALUES('$username','$firstname','$lastname','$email1','$password', '$dateofbirth','$phone', now())")

or die (mysql_error());

   $sql = mysql_query("INSERT INTO address (address, postcode, town, housenumber)
VALUES('$adress','$postcode,'$town','$housenumber'")

   or die (mysql_error());

   $id = mysql_insert_id()




   } else { // if the form is not posted with variables, place default empty variables so no warnings or errors show

     $errorMsg = "";
$username = "";
     $firstname = "";
     $lastname = "";
     $phone = "";
     $address = "";
     $postcode = "";
     $town = "";
     $housenumber = "";
     $b_m = "";
     $b_d = "";
     $b_y = "";
     $email1 = "";
     $email2 = "";
     $pass1 = "";
     $pass2 = "";


}