|
PHP - Redirect Loop For Non Admin Users?
hello, so i have a php login area for my clients...
when i register a client it sets the user level to 1 admin user level is 9 any user whose level i >9 it redirect loops between the directory www.domain.com/ClientArea/ i changed that users level to 9, to see if it would log in, and it did fine... so i am a bit stuck as to where the problem is? here are some code snippets you'll need to help me if you can:) process.php (where the form is sent) function procLogin(){ global $session, $form; /* Login attempt */ $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); /* Login successful */ if($retval){ header("Location: ../ClientArea/"); } /* Login failed */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ../ClientArea/?login=failed"); } } session.php (where the magic happens) its inc into the process.php and inc into the index.php of clientarea /** * startSession - Performs all the actions necessary to * initialize this session object. Tries to determine if the * the user has logged in already, and sets the variables * accordingly. Also takes advantage of this page load to * update the active visitors tables. */ function startSession(){ global $database; //The database connection session_start(); //Tell PHP to start the session /* Determine if user is logged in */ $this->logged_in = $this->checkLogin(); /** * Set guest value to users not logged in, and update * active guests table accordingly. */ if(!$this->logged_in){ $this->username = $_SESSION['username'] = GUEST_NAME; $this->userlevel = GUEST_LEVEL; $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); } /* Update users last active timestamp */ else{ $database->addActiveUser($this->username, $this->time); } /* Remove inactive visitors from database */ $database->removeInactiveUsers(); $database->removeInactiveGuests(); /* Set referrer page */ if(isset($_SESSION['url'])){ $this->referrer = $_SESSION['url']; }else{ $this->referrer = "/"; } /* Set current url */ $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF']; } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ global $database; //The database connection /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ $this->username = $_SESSION['username'] = $_COOKIE['cookname']; $this->userid = $_SESSION['userid'] = $_COOKIE['cookid']; } /* Username and userid have been set and not guest */ if(isset($_SESSION['username']) && isset($_SESSION['userid']) && $_SESSION['username'] != GUEST_NAME){ /* Confirm that username and userid are valid */ if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['userid']); return false; } /* User is logged in, set class variables */ $this->userinfo = $database->getUserInfo($_SESSION['username']); $this->username = $this->userinfo['username']; $this->userid = $this->userinfo['userid']; $this->userlevel = $this->userinfo['userlevel']; $this->firstname = $this->userinfo['firstname']; $this->lastname = $this->userinfo['lastname']; $this->company = $this->userinfo['company']; $this->tel = $this->userinfo['tel']; $this->address = $this->userinfo['address']; $this->email = $this->userinfo['email']; return true; } /* User not logged in */ else{ return false; } } /** * login - The user has submitted his username and password * through the login form, this function checks the authenticity * of that information in the database and creates the session. * Effectively logging in the user if all goes well. */ function login($subuser, $subpass, $subremember){ global $database, $form; //The database and form object /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered"); } else{ /* Check if username is not alphanumeric */ if(!eregi("^([0-9a-z])*$", $subuser)){ $form->setError($field, "* Username not alphanumeric"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, "* Password not entered"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Checks that username is in database and password is correct */ $subuser = stripslashes($subuser); $result = $database->confirmUserPass($subuser, md5($subpass)); /* Check error codes */ if($result == 1){ $field = "user"; $form->setError($field, "* Username or password incorrect"); } else if($result == 2){ $field = "pass"; $form->setError($field, "* Username or password incorrect"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Username and password correct, register session variables */ $this->userinfo = $database->getUserInfo($subuser); $this->username = $_SESSION['username'] = $this->userinfo['username']; $this->userid = $_SESSION['userid'] = $this->generateRandID(); $this->userlevel = $this->userinfo['userlevel']; /* Insert userid into database and update active users table */ $database->updateUserField($this->username, "userid", $this->userid); $database->addActiveUser($this->username, $this->time); $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his random value userid. It expires by the time * specified in constants.php. Now, next time he comes to our site, we will * log him in automatically, but only if he didn't log out before he left. */ if($subremember){ setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH); } /* Login completed successfully */ return true; } Similar TutorialsI need to know how to allow admin to essentially be "all users" in otherwords, edit everyones profile and not just their own. Tell me what codes would be helpful and i will send them on in. By the way, i do have a script that allows members to edit own profile. Hi, I'm very new to php/mysql, but for a project I'm working on I need to create users that are admins, and normal users. The admins would be able to post news stories, and delete user accounts. Whereas the users would just be able to comment on the news stories. I'm just wondering how I would create a normal 'register' page for both, which has the same fields, but somehow creates some people as admins, and others as normal users... with the ability to limit who can become an admin, so not everyone can register as one. I'm not sure how I would achieve this, or even know how to do it. Does anyone know any tutorials or code on how to achieve this? Your help is greatly appreciated, Thanks. hello, I have created a website which has to incorporate administration features. I hjave been trying to do this for a couple of days and any help will be much appreciated. I have a login screen (form) when the user enters their username and password they are brought to the homepage.php. Is there anyway to redirect the administrator (username=admin) to a different page from all ordinary members? e.g. deletemember.php Thanks Afternoon All. I wish to re-direct users to a 404 error page on my site if an article does not exist in my database. Here's my code: $SQL = "SELECT headline FROM news WHERE news_id=".mysql_real_escape_string($_GET['news_id']); $result = mysql_query($SQL) OR die(mysql_error()); $num = mysql_num_rows($result); //** Check that the entry exists otherwise send to error page if ($num > 0) { $row = mysql_fetch_array($result); $headline = $row['headline']; } else { echo "Why is this printed? - I should be leaving this page?"; header("Location: error.php"); exit; } Now the wierd thing is that when I enter a news_id for a value that does not exist it prints the message Why is this printed? - I should be leaving this page? so it's actually going to the ELSE statement which is good, but surely it should not do this as I ask the page to re-direct? Thank you I have this code which logs in a user to my site but it only directs them to the login success page. i need to direct users to 3 different pages depending on their access level eg levels 1,2,4 but i dont know how to do this, can any one help or point me in the right direction?? thanks //Form <form name="form1" method="post" action="checklogin.php"> <strong>Member Login </strong> Username: <input name="UsersID" type="text" id="UsersID" /> Password: <input name="U_Password" type="password" id="U_Password" /> <input type="submit" name="Submit" value="Login" /></form> <?php $host="localhost"; // Host name $username=""; // username $password=""; // password $db_name="test"; // Database name $tbl_name="members"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $mUsersIDe=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM $Users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" session_register("UsersID"); session_register("U_Password"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } Hi,
Am working on hooks wit codeigniter, am getting an error after applying hooks like "This webpage has a redirect loop".
My hooks.php file :
$hook['post_controller_constructor'] = array(
'class' => 'SessionData',
'function' => 'initializeData',
'filename' => 'auth.php',
'filepath' => 'hooks',
'params' => array()
);
auth.php file:
<?php
class SessionData{
var $CI;
function __construct(){
$this->CI =& get_instance();
if(!isset($this->CI->session))
$this->CI->load->library('session');
}
function initializeData() {
if(!$this->CI->session->userdata('admin_id')){
redirect('admin');
}
}
}
?>
Admin controller file:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
Hi All I am using the following method to check if user is logged in to a member area. However, I ahve a password change section that then redirects back the the password change page within the logged in area. After password changes it automatically redirects back to the index page rather than password page and comes up with a redirect error (too many redirects) How can i change the code to match the new change in password. I think its a sessions problem but not great with sessions! Code: [Select] if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM member_users WHERE email = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { $usernameid=$info['username']; $userid = $info['id']; $firstname = $info['fname']; $lastname = $info['lname']; //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: index.php"); } //otherwise they are shown the admin area else { echo "<div class=\"memberloginactive\">Welcome $firstname | Your Profile | <a href=\"edit-profile.php?id=$userid\">Edit Profile</a> | <a href=\"logout.php\">Logout</a></div><div class=\"clear\"></div>"; } } } else { Hello
I am trying to work out how many regular users I have to my site and how long those users tend to be users..
So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.
I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
hello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance I just discovered that I have a major security flaw with my website. Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar. I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar. For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information. Every important page that I have has this code: Code: [Select] session_start(); if (!isset($_SESSION['user_id'])) { // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { //Else If Logged In Run The Script if((isset($_GET['id'])) && (is_numeric($_GET['id']))) { $id = (int) $_GET['id']; } elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) { $id = (int) $_POST['id']; } else { echo ' No valid ID found, passed in url or form element'; exit(); } What am I doing wrong? Please help if you know how to correct this. Many thanks in advance. I'm trying to put together a script that redirects visitors based on their IP, user agent and/or referral url. Basically I want the script to scan these three factors from the visitor, if any of them turn out to match my redirect-requirement it redirects the user. I know the code is horribly coded, I'm incredibly new to the php-scene and consider myself a complete noob. As you can see I want redirected visitors to go to google.com and un-redirected to msn.com(examples). Really thankful for all the help I can get! Right now nothing works, any suggestions? <?php function redirect($page) { Header( "HTTP/1.1 301 Moved Permanently" ); header('Location: ' . $page); exit; } $referrals=array('pitchingit.org','referral2'); $badAgents = array("useragent1", "useragent2"); $deny = array("78.105.191..*","100.101.103..*"); if (in_array($_SERVER['HTTP_REFERER'], $referrals, FALSE)) { header("Location: http://www.google.com"); } else { header("Location: http://www.msn.com"); } if(in_array($_SERVER['HTTP_USER_AGENT'],$badAgents)) { redirect("http://www.google.com/"); exit(); } $add=$_SERVER['REMOTE_ADDR']; foreach ($deny as $ip) { if (preg_match("^.$add.*^",$ip)) { redirect("http://www.google.com"); } } redirect("http://www.msn.com"); ?> Hey.
So the issue I'm having is consecutive loops on semi-large arrays, over and over. Consider this array:
$firstArray = array(
'row1' => array(
'dates' => array(
'2014-01-01' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-01-02' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-01-03' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-01-04' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-01-05' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-01-06' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-01-07' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
)
),
'row2' => array(
'dates' => array(
'2014-02-01' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-02-02' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-02-03' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-02-04' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-02-05' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-02-06' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-02-07' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-02-08' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
'2014-02-09' => array('key1' => 'value1', 'key2' => 'value2', 'key3' => 'value3', 'key4' => 'value4', 'key5' => 'value5', 'key6' => 'value6', 'key7' => 'value7', 'key8' => 'value8', 'key9' => 'value9', 'key10' => 'value10'),
)
)
);
Originally the data comes from ~2-3 database tables, of course. But to ilustrate the point, this is how the main array looks like. This array usually contains anywhere between 10-50 rows, each row containing at least 10 dates, with 10 key/values each.
And after setting up all the data, it needs to be processed. Currently this is how a friend of mine did it..
$placeDataHere = array();
foreach($firstArray as $key => $dates) {
foreach($dates as $date => $values) {
foreach($values as $key => $value) {
$placeDataHere['DV_' . $date]['SM_' . $key] = 'KS_' . $value;
//Followed by another ~50-70 lines of processing the 3 loop's data..
...
...
....
....
....
....
....
....
}
}
}
Obviously this isn't good practise, but we can't seem to figure out a better way of doing it, since both the data and the loops are horribly nested.
This loop and setup of $firstArray is run anywhere between 10-20 times/request, due to amount of users we wish to process. So, the result is that this code can take up to over 2-3 minutes to complete, which isn't really optimal performance.
In short my question is, are there any better methods of handling this with the data setup we currently have?
Any help would be greatly appreciated! <?php $host="localhost"; // Host name $username="user"; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $barcodeID=$_POST['barcode']; echo $barcodeID; $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $count=mysql_num_rows($result); if($count==1){ $_SESSION['barcode'] = $barcodeSession; $_SESSION['userlevel'] = $row['Priority']; if($row['userlevel'] == "Admin") { header("location:AdminSection.php"); }else{ header("location:index.php"); } header("location:LoggedIn.php"); } else { header("location:index.php"); } ?> when the script has been run, I want it to redirect to either the user page or admin page depending on their priority level. if Priority field == "Admin" then go to admin page. Can you see anything missing? Thank You Hello I am trying to add an IF statement to my login script so that if the username entered is 'admin' it directs to 'adminpage.php Here is my script: <?php include ("connection.php"); session_start(); // Collect data from form and save in variables //See if any info was submitted $Username = $_GET['Username']; //Clean data - trim space $Username = trim ( $Username); //Check its ok - if not then add an error message to the error string if (empty($Username)) $errorString = $errorString."<br>Please supply Username."; //See if any info was submitted $Password = $_GET['Password']; //Clean data - trim space $Password = trim ( $Password); //Check its ok - if not then add an error message to the error string if (empty($Password)) $errorString = $errorString."<br>Please supply Password."; // Query to search the user table $query= "SELECT * FROM Users WHERE Username='$Username' AND Password='$Password'"; // Run query through connection $result = mysql_query ($query); $row = mysql_fetch_assoc($result); // if rows found set authenticated user to the user name entered if (mysql_num_rows($result) > 0) { $_SESSION["authenticatedUser"] = $Username; $_SESSION['UserID'] = $row['UserID']; // Relocate to the logged-in page header("Location: loggedon.php"); } else // login failed redirect back to login page with error message { $_SESSION["message"] = "Could not connect as $Username " ; header("Location: login.php"); } ?> Thank you I get this error: Code: [Select] Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\user\user.php on line 5 code: user.php: Code: [Select] <?php $get = (isset($_GET['id'])); //this means that user.php?id=1 would mean $get = 1. Note: This is not SQL Inject protected. $users = mysql_query("SELECT * FROM users WHERE id='".$get."'"); while ($row = mysql_fetch_array($users)) { echo ' Id = '.$row['id'].' Name = '.$row['name'].' Username = '.$row['username'].' Password = '.$row['password'].' Reg. on = '.$row['date'].' '; } ?> <html> <body> <form action='user.php' method='GET'> Username: <input type='text' value=''> <input type='submit' value='submit'> </form> <?php //what goes here? ?> </body> </html> Hello, Do you know where I can download a nice looking PHP admin dashboard for free? Thanks in advance for the help So i got my login down and the cookies, kinda set up my problem is how do i make the admin panle save the true/false in the string in settings.php id like do do it with a drop down menu to enable/disable it. any help? Code download Hey, So i have an admin.php page that lists all of the users in the database and im wondering how i can add functions so the administrator can delete / ban the user from the webpage i'm not sure on how you would select the user?
Hey, in a nutshell the only thing in admin.php is the ability to moderate unapproved images, however, once approved, the "Approve Delete" links are still on screen. How it works is a user uploads an image, the filename is added to mysql and the image is added to uploads/ once I Approve an image, the image is then moved to img/ to display on the index.php (to prevent porn and anything that doesn't belong to the general public). I know what's happening, because I've got while loops to display the image while looping through the mysql database, so once the image is moved, the links are still on screen, displaying an "Approve Delete" for every image in the database. Also another thing that happens is the images on index.php are blank until approved. How can I work around this? Here is the index.php when an image hasn't been approved: http://www.xodiac.net/1.png And here is the admin.php displaying Approve and Delete once an image has been approved: http://www.xodiac.net/2.png |
|||||||