Members Area

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
enemeth
Forum Commoner
Posts: 66
Joined: Tue Mar 27, 2007 8:55 am

Members Area

Post by enemeth »

Hi there all !

I got a website that users log into , i have made the pages that are displayed before log in , and have the pages all set up also for after they log in!

the problem is that if you have the path http://www.mysite.com/members/signedin for example, you can get to it by just typing this link , even if you are logged in or out!

How do i get it to display a page to log in if someone just types this link ? i guess what i need is the ability to check each person who gets to these pages if they are logged in or not?

does this make any sense ! lol

Thank you ,

Elaine
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Typically you would save one or more values in the session when they have successfully logged-in. Then on each "members" page you would check to see if the right values were set in the session before displaying the page. If the values were not found or not right the the page would redirect to the log-in page.
(#10850)
dantleech
Forum Newbie
Posts: 11
Joined: Mon Oct 09, 2006 7:34 am
Location: UK

Post by dantleech »

i guess an easy way to do this would be with a check_login() function,

Code: Select all

<?php
  function check_login()
  {
    if ($_SESSION['logged_in'])
      return;
    else
      die('Sorry, you have to be logged in to access this page. <a href="your_login_url">click here to login</a>');
  }
?>
this assumes that when you log your users in you set $_SESSION['logged_in'] = true;

the top of your restricted pages would then typically look like this

Code: Select all

<?php
  include ('file_with_check_login_function_in_it.php');
  check_login();

  // your code
  // ...
?>
enemeth
Forum Commoner
Posts: 66
Joined: Tue Mar 27, 2007 8:55 am

Post by enemeth »

Well i thank you :)

i think that is wonderful and will work great , testing it tomorrow at work !

if i run into any issues i shall log in from work !

Thank you very much again ;)

Elaine
enemeth
Forum Commoner
Posts: 66
Joined: Tue Mar 27, 2007 8:55 am

Post by enemeth »

where do i place the function check_login() ?

and i do not have it set as you stated : $_SESSION['logged_in'] = true;

should i just add that into my checkuser.php file i have that verifies the users when they log in ?

and do i change the logged _in to username? which is what we basically go by on the site?

Elaine
User avatar
acpbrian
Forum Newbie
Posts: 3
Joined: Sun Mar 04, 2007 12:58 pm
Location: South Carolina
Contact:

Post by acpbrian »

I normally create 2 files for all my pages. A config.php and a common.php. Between the 2 they have db credentials and commonly used functions that can be called from anypage. So you would put the check login function in your common.php file per-say. Include config.php and common.php for all pages that you create on line #1 and #2. You can even initialize the session and define session variables from within common.php that way if you need to do headers or anything you can be sure that there has not been any output. As far as logging in the user. I normally pull a unique indentification number from the db that was assigned to the user upon signup. I assign that to $_session['uid'] and go from there. That way you can check logged in with something like this.

Code: Select all

<?php
  function check_login(){
    if ($_session['uid']<>"")
      return;
      else
    die("sorry, please login.")
    }
?>
In addition to being able to see if the user is logged in, you can also identify the user in your database and pull information from the data that is specific to the logged in user. All this in one swoop.

There are limitless possibilities.
Hope this helped!
enemeth
Forum Commoner
Posts: 66
Joined: Tue Mar 27, 2007 8:55 am

Post by enemeth »

Yes very much so !

Thank you i will play around with all this !

Elaine
enemeth
Forum Commoner
Posts: 66
Joined: Tue Mar 27, 2007 8:55 am

Post by enemeth »

well , im sorry to say i dont no what im doing ! so many errors i dont no where to start ,

i dont no how to implement everything here into what i got already! its sadning! LOL
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

The errors and some code would be helpful
enemeth
Forum Commoner
Posts: 66
Joined: Tue Mar 27, 2007 8:55 am

Post by enemeth »

ok here it is ,

i got a checkuser.php

Code: Select all

<?php error_reporting(E_ALL);
/* Check User Script */ 
session_start();  // Start Session
include 'db.php'; 
$msg = "You could not be logged in! Either the username and password do not match or you have not validated your membership! Please Try again!";
$msga = "Please enter ALL the information!";
// Conver to simple variables 
$username = $_POST['username']; 
$password = $_POST['password']; 
if((!$username) || (!$password)){
    echo "<script langauge=\"javascript\">alert(\"".$msga."\");</script>"; 
    include 'login.php';
    exit();
}

// Convert password to md5 hash 
$password = md5($password);
// check if the user info validates the db 
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'"); 
$login_check = mysql_num_rows($sql);
if($login_check > 0){ 
    while($row = mysql_fetch_array($sql)){ 
    foreach( $row AS $key => $val ){ 
        $$key = stripslashes( $val ); 
    } 
        // Register some session variables! 
        session_register('first_name'); 
        $_SESSION['first_name'] = $first_name; 
        session_register('last_name'); 
        $_SESSION['last_name'] = $last_name; 
        session_register('email_address'); 
        $_SESSION['email_address'] = $email_address; 
        session_register('special_user'); 
        $_SESSION['user_level'] = $user_level;
        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
        header("Location: members/login_success.php"); 
    } 
} else { 
    echo "<script langauge=\"javascript\">alert(\"".$msg."\");</script>"; 
    include 'login.php'; 
} 
?>
now when my users log in , they get the members area, which is good, but so can everyone else on the net if they have the path ! but i cant seem to get it right , i have this so far , which i think i need to put on each individual page? unless i make one main file pointing to the one file !

Code: Select all

<?php include 'headermem.php'; 
$msga = "Please Log in! Thank you !";
if(isset($_SESSION['username'])) {

return;

}

else {
echo "<script langauge=\"javascript\">alert(\"".$msga."\");</script>"; 
    include '../login.php';
    exit();

}

include 'footermem.php'; 
?>
i really appoligize to everyone who is getting frustrated with me !

but once i get it , iwill never forget ! ehhehehe

thanks again,

Elaine
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

I'd suggest buying a more recent book on php, there are security vulnerabilities in your code.

SQL Injection:

Code: Select all

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
enemeth
Forum Commoner
Posts: 66
Joined: Tue Mar 27, 2007 8:55 am

Post by enemeth »

ok well i have no clue on these things , i needed code to get users to log in andregister, i found a full code that had all the stuff i needed, i used that ,

do you have another suggestion for a membership log in tutorial? that would be less of a vulnerability?

when you put that there and say it is a risk , i do not see what you see , you have a little more experience than i do, i have only been doing this for like 2 months if!

but one day when im all growed up i probably will see it , but for now , if you can help it would be appreciated ?

Thank you


Elaine ;)
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

enemeth
Forum Commoner
Posts: 66
Joined: Tue Mar 27, 2007 8:55 am

Post by enemeth »

well thank you for that link i will read it when i understand most of the things there talking about !


so i guess i will start again and look for some new code !

thanks again

Elaine
Post Reply