Search
Left Quote    Black holes are where God divided by zero.
- Steven Wright    
Right Quote
 
[login] | [Register]
Forum Index » PHP and mySQL » Viewing Topic and Replies
Post Reply


        Viewing Topic: Membership Security
  This user is offline  David1159
  Subject: "Membership Security" Posted: @ 11:00 pm on Dec 27 2007   

Member #: 526
Rank: User - (81)
Since: 12/27/07
Posts: 81
From: usa

Love your site. Everything is running great and I've read your tutorial 3 times.

I searched the forum to learn how to secure pages, so you have to be logged in to view the site. I can't get it to work.

When I login and get directed to the secure page, the secure page tells me I need to be logged in.

(I had it working the other night perfectly! When I was closing out of my program, I clicked Save All files. I must have changed something, because it doesn't work now)

Login-

Code:
<?
ob_start();
require_once($_ SERVER['DOCUMEN T_ROOT'].'/db_c onnect.php');

if(isset($_SESS ION['username'] ) && isset($_SESSION ['password'])) {
//REDIRECT TO USERS PROFILE...
header("Lo cation: http://www.5th- ave.org");
} //end if logged in

//IF SUBMIT BUTTON PRESSED
if(isset($_POST ['submit'])) {

if(!$_POST['use rname']) die("Error : You must enter your username before logging in.");
if(!$_POST['pas sword']) die("Error : You must enter your password before logging in.");

//set cookie if checked
if(!empty($_POS T['stay_in'])) {
$joined =''.$_POST['use rname'].'[]'.md 5($_POST['passw ord']).'';
setcookie('logi n_cookie', $joined, 2147483647, '/', '.www.5th-ave.o rg');
} //end if

//verify user...
$get_user = mysql_query(&qu ot;SELECT * FROM `members` WHERE username = '".$_POST[ 'username'].&qu ot;' AND

user_password = '".md5($_P OST['password'] )."'" );
$q = mysql_fetch_obj ect($get_user);
if(!$q) die("Login Failure: An error occured, please verify your username and password are correct.") ;

//set session variables
$_SESSION['logg ed_in'] = 1;
$_SESSION['user name'] = $_POST['usernam e'];
$_SESSION['pass word'] = $_POST['passwor d'];
session_write_c lose();

header("Lo cation: http://www.5th- ave.org/Page1.p hp");

} else {
//show login form
?>
<form name="logi n" method="po st" action="&l t;? $_SERVER['PHP_S ELF']; ?>">
<br><b r><br> <br><b r><br> <br><b r><br> <br><b r><br>
<table align="cen ter"> <tr>
<td>Usern ame:<input type="text " id="userna me" name="user name">& lt;/td>
</tr>
<tr>
<td>Passw ord:<input type="pass word" id="passwo rd" name="pass word">& lt;/td>
</tr>
<tr>
<td>Submi t: <input type="subm it" value="Sub mit" name="subm it" id="submit "></ td>
</tr>
<tr>
<td>Remem ber? <input type="chec kbox" name="stay _in[]" checked="y es">< ;/td>
</tr>
</table>< br />
</form> <?
}//end else
?>



Page that needs to be secured-

Code:
<?
ob_start();
include('Secure .php');
?>

<link rel="style sheet" type="text /css" href="styl e.css"/> ;

<div id="WELCOM E">< /div>

<table width="400 " height="10 0" align="cen ter">&l t;td width="400 " height="10 0">< /td></tab le>

<table width="400 " height="20 0" align="cen ter"> <tr><t d class="row 0" width="400 " height="50 " align="cen ter"> Welcome, Thank You for Joining <br> -Management< /tr>

<tr><t d class="row 0" width="400 " height="50 " align="cen ter"> UPDATE</tr&g t;
<tr><t d class="row 0" width="400 " height="50 " align="cen ter"> UPDATE</tr&g t;
<tr><t d class="row 0" width="400 " height="50 " align="cen ter"> UPDATE</tr&g t;
</table>< /div>


My include('Secure .php'); page for all my secure pages-

Code:
<?
ob_start();
session_start( );
require_once($_ SERVER['DOCUMEN T_ROOT'].'/db_c onnect.php');

if($_SESSION[' logged_in'] == 0) die('You must be logged in to view this page.');


//check cookie
if ($_SESSION['log ged_in'] != 1 && isset($_COOKIE[ 'login_cookie'] )) {
list($user, $pass) = explode('[]', $_COOKIE['login _cookie']);
$qu = mysql_query(&qu ot;SELECT `user_password` FROM `members` WHERE `username` = '".addslas hes($user).&quo t;'");
if (mysql_num_rows ($qu) == 1) {
$passw = mysql_fetch_obj ect($qu);
if ($passw->use r_password == $pass) {
$_SESSION['logg ed_in'] = 1;
$_SESSION['user name'] = $user;
$_SESSION['pass word'] = $pass;
}
}
}



?>




Coding is simply CST... Combining $hit Together. We make different $hit to run in unison correctly.
    Viewed: 4,864 Times | Reply to This | To top
  This user is offline  bs0d
  Subject: "re: Membership Security" Posted: @ 11:40 pm on Dec 27 2007    

Member #: 1
Rank: Admin. - (1,505)
Since: 02/06/05
Posts: 600
From: USA

So after you login and it redirects, the page tells you that you are not logged in? This would mean that perhaps the $_SESSION variables were not set. What you can do is debug the script a bit by printing out the variables. Before you halt processing of the script. Try to echo the $_SESSION['use rname'] and $_SESSION['log ged_in'] variables to see if they are set (on your secure page after loggin in). Also, im not so sure if you would need ob_start(); above every script. Try removing it from Secure.php if you have it as the 1st line of the page that needs to be secured.




-bs0d | AllSyntax.com

    Viewed: 4,859 Times | Reply to This | To top
  This user is offline  David1159
  Subject: "re: Membership Security" Posted: @ 12:23 am on Dec 28 2007    

Member #: 526
Rank: User - (81)
Since: 12/27/07
Posts: 81
From: usa

echo $_SESSION['log ged_in'];
echo $_SESSION['use rname'];

First, I tried when not logged in, came back = 0. On my secure page.
Second, I tried it when I logged in, nothing was there (I mean not even a 1) On my secure page.

I placed a button so once I pressed it, I would gain $_SESSION['log ged_in'] = 1; on my Secure Page. Once I clicked it, I had access to the Secure Page.

The $_SESSION['log ged_in'] = 1; is not carrying over from login.php
OR
The $_SESSION['log ged_in'] = 1; is being set to 0 on my Secure.php some how.

Do we need a session_start( ); in there?



Edited at 01:10:21 am on 12/28/07


Coding is simply CST... Combining $hit Together. We make different $hit to run in unison correctly.

    Viewed: 4,850 Times | Reply to This | To top
Viewing Page: 1 of 1


1 |

You must be logged in to post on the forums. Login or Register








"AllSyntax.com" Copyright © 2002-2018; All rights lefted, all lefts righted.
Privacy Policy  |  Internet Rank