Code: Select all
<?php
//address error handling
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
//authenticate user
//Start session
session_start();
//Connect to database
require ('config.php');
//Check whether the session variable id is present or not
if(!isset($_SESSION['id']) || (trim($_SESSION['id']) == '')) {
header("location: access_denied.php");
exit();
}
else{
require ('header_blogs.html'); //need the header
print'
<div id="main" style="background-color: #FFFFFF; height:71%; width:101%; border:0px none none; margin:auto; "> <!--opens the white content area-->
<div id="main_left" style="float:left; height:100%; width:20%; border:0px none none;"> <!--opens main left-->
<div id="main_left_top" style=" background-color: #FFFFFF; float:left; position:relative;bottom:5px;right:5px; height:33%; width:100%; border:1px solid #c0c0c0; margin:5px;"> <!--opens main left top-->
</div> <!-- closes main left top-->
<div id="main_left_center" style="float:left; background-color: #FFFFFF; height:33%; width:100%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area-->
</div> <!-- closes main left center-->
<div id="main_left_bottom" style="float:left; background-color: #FFFFFF; height:33%; width:100%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area-->
</div> <!-- closes main left bottom-->
</div> <!-- closes main left-->
<div id="main_center" class="" style="float:left; height:100%; width:59%; border:0px solid #c0c0c0;"> <!--opens main center-->';
if (isset ($_POST['submit'])) { //handle the form.
//connect to database
require_once("config.php");
//define the query.
$query = "INSERT INTO blogs (blog_id, title, entry) VALUES (0, '{$_POST['title']}', '{$_POST['entry']}')";
"INSERT INTO entrydates (entrydate_id, entrydate) VALUES (0, NOW())";
//execute the query
if (@mysql_query ($query)) {
print '<p> Your entry has been submitted. Thank you!</p>';
print '<p> <h3><a style="text-decoration:none" href="blogs.php">Return to hahap tok</a></h3></p>';
} else {
print "<p>Could not add the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
mysql_close();
}
//Display the form.
print'
<p><h2 align ="center">Please, Add Your Contribution to Half Tok Library!</h2></p>
<p>
<form action ="blog_entries.php" method="post">
<p>       Title:             <input type="text" name =title" size="40" maxsize="100" /></p>
<p>      Explanation: <textarea name= "entry" cols="40" rows="5"></textarea></p>
<!-- It is good practice to use the same name from inputs as the corresponding column names in databse, avoiding confusion.-->
        
        
       <input type="submit" name="submit" value="Post your Entry!">
</form>
</p>
</div> <!-- closes main center-->
<div id="main_right" style="float:left; background-color: #FFFFFF; height:100%; width:20%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area-->
<div id="main_right_top" style="float:left; background-color: #FFFFFF; height:33%; width:100%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area-->
</div> <!-- closes main left top-->
<div id="main_right_center" style="float:left; background-color: #FFFFFF; height:33%; width:100%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area-->
</div> <!-- closes main left center-->
<div id="main_right_bottom" style="float:left; background-color: #FFFFFF; height:33%; width:100%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area-->
</div> <!-- closes main left bottom-->
</div> <!-- closes main right-->
</div> <!-- closes main--> ';
} //End of if statmemnt.
require ('footer.html'); //need the footer
?>Just in case this might be helpful, here is the login script
Code: Select all
<?php
//address error handling
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
//Turn on output buffering. Allows for headers to be called anywhere on script. See pg228 Ulman.
ob_start();
//start session
session_start();
//include the config or connect file
require_once("config.php");
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$sql="SELECT * FROM members WHERE username='$username' and password='$password'";
//the variable assigned to the post username should match the named attribute of username of login form. same for the password.
$result=mysql_query($sql);
// Replace counting function based on database you are using.
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1
if($count==1){
// Register username, firstname and redirect to file
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['id'] = $member['member_id'];
$_SESSION['firstname'] = $member['firstname'];
$_SESSION['lastname'] = $member['lastname'];
session_write_close();
header("location: member_index.php");
exit();
}else {
//Login failed
header("location: login_failed.php");
exit();
}
?>
I was thinking about creating a unique login page for every page on the site that requires authentication, that would redirect the user to the appropriate target page upon logging in using the header function, but I would love to believe that there is some line of code that would do the same job, using just one login page for the entire website. Any suggestions would be greatly appreciated.